University of Bern
Dokumentationen
  1. Dokumentationen
  2. Cloud
  3. Azure
  4. Tutorials
  5. Permissions

Dokumentationen

Permissions

At a Glance

Goals

  1. You know how to grant permissions to new people within a Subscription.

Prerequisites

  1. You must already be able to access a Subscription.
  2. You have activated the appropriate role that allows you to grant permissions to others.

Note

This guide was created with the language setting set to English. Therefore, the screenshots shown may differ from your device if you have a different language set.

Permanent Role

Before you can assign a role, you must first navigate to the resource to which the permission should be granted. In this guide, additional rights are granted directly on the Subscription.

  1. Log in to the Portal.

    Azure Portal

  2. Navigate to your Subscription.

    Azure Subscription Overview

  3. Click on Access control (IAM) in the left menu.

    Subscription Access Control

  4. Click the Add button and then Add role assignment.

    Add Role Assignment

  5. In the Role tab, select the designated role. In this example, another user is granted access to all resources within a Subscription. The role can be found under Privileged administrator roles with the name Unibe-Application-Owner (mg-unibe). Click Next.

    Select Role

  6. In the Members tab, select the user. Click Select Members and choose the person in the popup. Click Next.

    Select Members

  7. In the Assignment Type tab, you can set additional conditions for the role assignment. In this example, we assign the role permanently. Under Assignment type, select Active and under Assignment duration, select Permanent. Click Review + assign.

    Select Assignment Type

  8. Review the details and click Review + assign.

    Select Assignment Type

Role On Request

In the previous example, a permanent permission was granted. You can also assign a role with additional conditions:

  • You can assign a role for a certain period of time.
  • You can assign a role so that it must be requested first (similar to the PIM group for Subscription owners).

Important

You cannot assign a role on request to service accounts.

  1. Log in to the Portal.

    Azure Portal

  2. Navigate to your Subscription.

    Azure Subscription Overview

  3. Click on Access control (IAM) in the left menu.

    Subscription Access Control

  4. Click the Add button and then Add role assignment.

    Add Role Assignment

  5. In the Role tab, select the designated role. In this example, another user is granted access to all resources within a Subscription. The role can be found under Privileged administrator roles with the name Unibe-Application-Owner (mg-unibe). Click Next.

    Select Role

  6. In the Members tab, select the user. Click Select Members and choose the person in the popup. Click Next.

    Select Members

  7. In the Assignment Type tab, you can set additional conditions for the role assignment. In this example, we assign the role on request. Under Assignment type, select Eligible (Recommended) and under Assignment duration, select Time bound. Choose the start and end time for the role and click Review + assign.

    Select Assignment Type

  8. Review the details and click Review + assign.

    Select Assignment Type

Requesting a Role

For instructions on requesting a role, see this article.