University of Bern
Dokumentationen
  1. Dokumentationen
  2. Cloud
  3. Azure
  4. Tutorials
  5. Permissions

Dokumentationen

Permissions

At a Glance

Goals

  1. You are able to assign a role to a person within a Subscription.

Prerequisites

  1. Access to a Subscription is already available.
  2. The appropriate role that permits granting permissions to others is already activated.

Note

This guide was created with the language setting set to English. Therefore, the screenshots shown may differ from your device if you have a different language set.

Permanent Role

Before a role can be assigned, the resource on which the permission is to be granted must first be navigated to. In this guide, additional rights are granted directly on the Subscription.

  1. Log in to the Portal.

    Azure Portal

  2. Navigate to the Subscription.

    Azure Subscription Overview

  3. Select Access control (IAM) in the left menu.

    Subscription Access Control

  4. Select the Add button and then Add role assignment.

    Add Role Assignment

  5. In the Role tab, select the desired role. In this example, another user is granted access to all resources within a Subscription. The role can be found under Privileged administrator roles with the name Unibe-Application-Owner (mg-unibe). Then select Next.

    Select Role

  6. In the Members tab, select the user. Select Select Members and choose the person in the popup. Then select Next.

    Select Members

  7. In the Assignment type tab, additional conditions for the role assignment can be set. In this example, the role is assigned permanently. Under Assignment type, Active is selected and under Assignment duration, Permanent. Then select Review + assign.

    Select Assignment Type

  8. Review the details and select Review + assign.

    Select Assignment Type

Role On Request

In the previous example, a permanent permission was granted. A role can, however, also be assigned with additional conditions:

  • A role can be assigned for a specific period of time.
  • A role can be assigned so that it must first be requested (similar to the PIM group for Subscription owners).

Important

A role on request cannot be assigned to service accounts.

  1. Log in to the Portal.

    Azure Portal

  2. Navigate to the Subscription.

    Azure Subscription Overview

  3. Select Access control (IAM) in the left menu.

    Subscription Access Control

  4. Select the Add button and then Add role assignment.

    Add Role Assignment

  5. In the Role tab, select the desired role. In this example, another user is granted access to all resources within a Subscription. The role can be found under Privileged administrator roles with the name Unibe-Application-Owner (mg-unibe). Then select Next.

    Select Role

  6. In the Members tab, select the user. Select Select Members and choose the person in the popup. Then select Next.

    Select Members

  7. In the Assignment type tab, additional conditions for the role assignment can be set. In this example, the role is assigned on request. Under Assignment type, Eligible (Recommended) is selected and under Assignment duration, Time bound. Then the validity period of the role assignment is defined. The validity period determines the time frame during which the role can be requested. Then select Review + assign.

    Select Assignment Type

  8. Review the details and select Review + assign.

    Select Assignment Type

Requesting a Role

How to request a role is described in the PIM tutorial.