Transition to role-based access control (RBAC) in Azure by 31 August 2024 - no clear steps

Question

don't know why my previous post got deleted.

my question is i have only a single service administrator account in the "Classic Administrator" section.

How to you create a new RBAC account that is similar to the existing service administrator?

Also do you have to update the service admin in the subscription section, to the new RBAC account?

the last answer was the link to https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators

however, this talks a lot about co-administrators which I don't have.

Can we have steps for my case, which I believe is the majority of the cases.

Thanks.

Answer 1

@Chua Khoon Yong

Thank you for posting this in Microsoft Q&A.

In ARM (Azure resource manage) we only have one owner role and one contributor role on subscription level. These roles are highest privileged role in RBAC on the subscription level.

Owner role is the one which is equivalent to service administrator and co-administrator role in classic subscription administrator role.

The rest of the built-in roles allow management of specific Azure resources. For example, the Virtual Machine Contributor role allows the user to create and manage virtual machines. For a list of all the built-in roles, see Azure built-in roles.

You refer below article,

https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles

For service administrator, you can have the same user account have owner role assigned on the subscription.

You do not have to change the service administrator on the subscription. You can get RBAC owner role assign to the same service administrator account on the subscription level.

This will keep your account same access as the service administrator.

Let me know if you have any further questions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.