Determine Who Needs Access: Identify the security principal (in this case, the AAD app or principal ID). You'll need the unique ID of this object, which can be obtained using Azure portal or Azure PowerShell.
Select the Appropriate Role: Since you want to assign the Owner role, you'll have to get its unique role ID. Use the
Get-AzRoleDefinition command to list roles and obtain this ID.
Identify the Needed Scope: Determine the scope at which you want to assign the role. Azure provides different levels of scope: resource, resource group, subscription, and management group. Since you're dealing with a billing account, the scope might be at the subscription level or higher.
- Assign the Role: Use the
New-AzRoleAssignmentcommand to assign the role. The command format will depend on the scope you've chosen. For example, for a resource scope, the command would look something like this:
New-AzRoleAssignment -ObjectId <objectId> -RoleDefinitionName <roleName> -Scope <scope