Can you please provide a list of users or groups who currently have the Owner role or a higher-level administrative role (such as Global Administrator) for the Azure subscription?

MUPPAVARAPU, SRAVANI 0 Reputation points
2024-05-24T10:16:10.6133333+00:00

In the process of enabling PIM, added a group for the owner role in the subscription and removed all individual direct users. But that role was mistakenly added with a condition excluding the access to add new owner role assignments. Now, we are unable to add new owner role. Kindly help to check who has privileged access to add new owner roles to the subscription.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
703 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Babafemi Bulugbe 2,755 Reputation points MVP
    2024-05-24T11:29:31.5266667+00:00

    Hello MUPPAVARAPU, SRAVANI,

    Thank you for posting your query in the Microsoft Q&A Community.

    I understand that you would like to get the list of users with Global Administrator role to assign roles on the Subscription in your tenant.

    If you have access to the Entra ID of the tenant, you can go to the Global Administrator role under the Roles and Administrators blade.User's image

    Alternatively, you can run the Cli command below to get the Principal Id of these users with Global Admin role.

    az login

    az rest --method get --url "https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments?$filter=roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'"

    NB: You need to elevate the Global Administrator access before the account can manage the roles on the subscription.

    Follow the link to steps involved in elevating access of a Global Admin account

    Let me know if further assistance is needed.

    Babafemi