Share via

Change Azure Role Assignment

Handian Sudianto 6,601 Reputation points
2023-01-19T04:13:33.1933333+00:00

HI..

Can we change azure role assignment for some account from owner to reader without deleting an re-adding the account?

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
0 comments
Answer accepted by question author
  1. Luke Murray 11,521 Reputation points MVP Volunteer Moderator
    2023-01-19T05:39:22.15+00:00

    You have to unassign the role from Owner and then add Reader, you cannot do a swap, if you add Reader on its own, it will still have Owner.

    So you have to remove the rights that you don't want.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Manu Philip 20,491 Reputation points MVP Volunteer Moderator
    2023-01-19T07:59:14.3433333+00:00

    Role assignment can be changed without deleting and re-adding the account. Here is the way to "Update" the role assignment of a user over a subscription.

    1. Get the role definition id of 'Reader role'. Select the Reader Role and find it from the jason window User's image User's image
    2. Find the role assignment details of the subscription az role assignment list --subscription <sub id>
    3. The output of the above command will show the jason code something like below for the user
       {
       "canDelegate": null,
       "condition": null,
       "conditionVersion": null,
       "description": null,
       "id": "/subscriptions/id/providers/Microsoft.Authorization/roleAssignments/66b5d81f-1f82-4562-bded-117787a0fc5a",
       "name": "name",
       "principalId": "id",
       "principalName": "******@cloudcompute.info",
       "principalType": "User",
       "roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
       "roleDefinitionName": "Owner",
       "scope": "/subscriptions/id",
       "type": "Microsoft.Authorization/roleAssignments"
     }
    1. Copy the details and edit the following lines. Update the role definition id from the step1, change the definition name as 'Owner.'
       "roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
   "roleDefinitionName": "Owner",
    1. save the json file with the changes as assignment.json
    2. Run the following command to edit the role assignment value of the user az role assignment update --role-assignment assignment.json
    3. Verify that the changes are reflected for the user from the portal or running the cli command in step2

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.