Manage Azure Subscription
Return to Azure AZ-104 Tutorial
In order to manage access to Azure resources, it is important for you to have the appropriate administrator role in order to manage the Azure Subscription. Azure has an authorization system called role-based access control (RBAC) with several built-in roles you can choose from. Consecutively, you can assign these roles at different scopes, like management group, subscription, or resource group. Now by default, the person responsible for creating a new Azure subscription can assign other users administrative access to a subscription.
We shall now discuss the procedure to add or to change the administrator role for a user using RBAC at the subscription scope. Moreover, Microsoft strongly recommends managing access to resources using RBAC. But, in case you are using the classic deployment model and managing the classic resources by using Azure Service Management PowerShell Module, then you will need to use a classic administrator.
Note, in case you only use the Azure portal to manage the classic resources, then you are not required to use the classic administrator.
Steps to Assign a Subscription Administrator
- At first, in order to make a user an administrator of an Azure subscription, an existing administrator assigns them the Owner role (an RBAC role) at the subscription scope.
- Next, the Owner role gives the user full access to all resources in the subscription, including the right to delegate access to others.
In case you are unsure who the account administrator is for a subscription, then it is suggested to follow the below steps –
- Open the Subscriptions page in the Azure portal.
- Select the subscription you want to check, and then look under Settings.
- Select Properties. The account administrator of the subscription is displayed in the Account Admin box.
- To assign a user as an administrator
- Sign in to the Azure portal as the subscription owner and open Subscriptions.
- Click the subscription where you want to grant access.
- Click Access control (IAM).
- Then, click the Role assignments tab to view all the role assignments for this subscription.
- Click Add > Add role assignment to open the Add role assignment pane. In case you do not have permissions to assign roles, the option will be disabled.
- In the Role drop-down list, select the Owner role.
- Then in the Select list, select a user. Else you can type in the Select box to search the directory for display names and email addresses.
- Click Save to assign the role.
The user will then be assigned the Owner role at the subscription scope.
Reference: Add or change Azure subscription administrators
Reference: Microsoft Documentation