Resource Group Access Control (IAM)

Access Control or identity and access management (IAM) provides fine grain access to resources. There are lots of pre-defined roles setup two important ones are Owner and Contributor, the difference being Owner’s can assign and change permissions and Contributor cannot.

Using the portal to add a role assignment (granting permissions)

  • Navigate to the resource group and select “Access Control (IAM)
  • Click “Add role assignment”
  • Select the role and user and select Save

Using PowerShell to list the resource groups current role assignments

Get-AzureRmRoleAssignment -ResourceGroupName myorg-app1-rg

Using PowerShell to assign a role to a user

New-AzureRmRoleAssignment -SignInName ADUserName@mydomain.com -RoleDefinitionName "Reader" -ResourceGroupName myorg-app1-rg

Using AzureCLI to list the resource groups current role assignments

az role assignment list -resource-group myorg-app1-rg

Using AzureCLI to assign a role to a user

az role assignment create --role Reader --assignee ADUserName@mydomain.com -resource-group myorg-app1-rg