You can use management groups to achieve this. Create a management group that has all the required subs underneath it and then assign the roles at the management group level. These role assignments will then flow through to all subs under the management group.
We need to assign a role groups to all subscriptions automatically if they dont have one.
We have few common groups and roles which are assigned to our subscriptions in the Tenant. We need to validate if these groups are present in all of our subscriptions and if not present, add those groups along with groups permissions as assigned in other subscriptions.
For example: Group1 has contributor role in Subscription 1; Group2 has Reader role in Subscription 1. The same group and role has to be applied on all subscriptions. please suggest if this can be achieved. JSON templates would be great.
Note: We are not using policies in our environment.
Sign in to comment
Sort by: Most helpful
It's not a JSON template. But maybe PowerShell is ok as well.
This tutorial describes how to grant a goup access to Azure resources:
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)