Manage Role-Based Access Control

A user in Azure Stack can be a reader, owner, or contributor for each instance of a subscription, resource group, or service.

For example, User A might have reader permissions to Subscription 1, but have owner permissions to Virtual Machine 7.

  • Reader: User can view everything, but can’t make any changes.
  • Contributor: User can manage everything except access to resources.
  • Owner: User can manage everything, including access to resources.

Task 1 : Set access permissions for a user

  1. Sign in with an account that has owner permissions to the resource you want to manage.
  2. In the blade for the resource, click the Access control (IAM)
  3. In the <Resource> – Access control (IAM) blade, click Roles. The Roles blade lists the 3 roles discussed above. Clicking on each role will list the users and groups accorded that role.
  4. Back in the <Resource> – Access control (IAM) blade, click Add to add permissions for the user by selecting the user/group and assigning the Role. Click