We need to assign a role groups to all subscriptions automatically if they dont have one.

Girish Prajwal 706 Reputation points

Hi Team,

We have few common groups and roles which are assigned to our subscriptions in the Tenant. We need to validate if these groups are present in all of our subscriptions and if not present, add those groups along with groups permissions as assigned in other subscriptions.

For example: Group1 has contributor role in Subscription 1; Group2 has Reader role in Subscription 1. The same group and role has to be applied on all subscriptions. please suggest if this can be achieved. JSON templates would be great.

Note: We are not using policies in our environment.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
651 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,103 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sam Cogan 10,082 Reputation points MVP

    You can use management groups to achieve this. Create a management group that has all the required subs underneath it and then assign the roles at the management group level. These role assignments will then flow through to all subs under the management group.

    1 person found this answer helpful.

  2. Andreas Baumgarten 94,711 Reputation points MVP

    It's not a JSON template. But maybe PowerShell is ok as well.

    This tutorial describes how to grant a goup access to Azure resources:


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Andreas Baumgarten