Transition to role-based access control (RBAC) in Azure by 31 August 2024 - no clear steps

Chua Khoon Yong 46 Reputation points
2024-03-13T03:58:52.56+00:00

don't know why my previous post got deleted.

my question is i have only a single service administrator account in the "Classic Administrator" section.

How to you create a new RBAC account that is similar to the existing service administrator?

Also do you have to update the service admin in the subscription section, to the new RBAC account?

the last answer was the link to https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

however, this talks a lot about co-administrators which I don't have.

Can we have steps for my case, which I believe is the majority of the cases.

Thanks.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
662 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sandeep G-MSFT 14,321 Reputation points Microsoft Employee
    2024-03-13T09:45:28.62+00:00

    @Chua Khoon Yong

    Thank you for posting this in Microsoft Q&A.

    In ARM (Azure resource manage) we only have one owner role and one contributor role on subscription level. These roles are highest privileged role in RBAC on the subscription level.

    Owner role is the one which is equivalent to service administrator and co-administrator role in classic subscription administrator role.

    The rest of the built-in roles allow management of specific Azure resources. For example, the Virtual Machine Contributor role allows the user to create and manage virtual machines. For a list of all the built-in roles, see Azure built-in roles.

    User's image

    You refer below article,

    https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles

    For service administrator, you can have the same user account have owner role assigned on the subscription.

    You do not have to change the service administrator on the subscription. You can get RBAC owner role assign to the same service administrator account on the subscription level.

    This will keep your account same access as the service administrator.

    Let me know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

0 additional answers

Sort by: Most helpful