We need to assign a role groups to all subscriptions automatically if they dont have one.

Girish Prajwal 706 Reputation points
2020-11-26T07:33:23.627+00:00

Hi Team,

We have few common groups and roles which are assigned to our subscriptions in the Tenant. We need to validate if these groups are present in all of our subscriptions and if not present, add those groups along with groups permissions as assigned in other subscriptions.

For example: Group1 has contributor role in Subscription 1; Group2 has Reader role in Subscription 1. The same group and role has to be applied on all subscriptions. please suggest if this can be achieved. JSON templates would be great.

Note: We are not using policies in our environment.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
675 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,132 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sam Cogan 10,157 Reputation points MVP
    2020-11-26T10:43:49.277+00:00

    You can use management groups to achieve this. Create a management group that has all the required subs underneath it and then assign the roles at the management group level. These role assignments will then flow through to all subs under the management group.

    1 person found this answer helpful.
  2. Andreas Baumgarten 97,566 Reputation points MVP
    2020-11-26T10:14:06.493+00:00

    It's not a JSON template. But maybe PowerShell is ok as well.

    This tutorial describes how to grant a goup access to Azure resources:
    https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell

    ----------

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten