Share via

Two opposite RBAC roles at the same scope

Aleksandar Petkovski 60 Reputation points
2023-08-24T22:05:02.4366667+00:00

Hello, if I have two RBAC roles at the same scope let's say resource group one that says user can't delete vm machine (reader) and one that says user can delete vm machine (contributor). Which one will take precedence? If they were at different scope the one that is above will take precedence but what if they were at the same level (scope) ? Thanks

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
978 questions
0 comments
Accepted answer
  1. TP 125.9K Reputation points Volunteer Moderator
    2023-08-24T22:17:57.7433333+00:00

    Hi Aleksandar,

    The permissions are additive, so the user would have all the rights assigned to both roles. In your example the user would effectively have Contributor.

    Please click Accept Answer if the above was useful.

    Thanks.

    -TP

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.