![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 95%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERI%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Hi Riyass Ibrahim
It looks like the “Add role assignment” button is greyed-out because your signed-in account doesn’t have the right IAM permissions at that scope. In Azure RBAC you need the Microsoft.Authorization/roleAssignments/write action—typically Owner or User Access Administrator—to assign roles. Here’s what you can try:
1.Verify your current permissions
- Go to your subscription (or resource group) > Access control (IAM) > View my access.
- If you don’t see Owner or User Access Administrator, you won’t be able to assign roles.
2.Ask an existing Owner or User Access Administrator to grant you the needed role
They can use the same Access control (IAM) blade and click Add > Add role assignment to give you Owner or User Access Administrator.
3.If you’re a Global Administrator in Entra ID but still can’t assign roles at the subscription level, “elevate access”
In the subscription’s IAM blade go to Settings (at the top) and enable “Enable global administrator to manage subscription”.
This lets Entra Global Admins act as full Owner on the subscription.
4.Wait a few minutes and sign out/in again
- IAM changes can take 5–10 minutes to propagate.
Follow-up questions if you’re still stuck:
• Which Azure directory and subscription are you signed into?
• What role(s) do you see under View my access?
• Are you a Global Administrator in Entra ID?
• Do you see the Settings option on the IAM blade to elevate access?
References
- Assign Azure roles using the Azure portal: https://docs.microsoft.com/azure/role-based-access-control/role-assignments-portal
- Troubleshoot Azure RBAC role assignment issues: https://docs.microsoft.com/azure/role-based-access-control/troubleshooting
- Azure built-in roles (Owner, User Access Administrator, etc.): https://docs.microsoft.com/azure/role-based-access-control/built-in-roles
- Elevate access for Global Administrators on a subscription: https://docs.microsoft.com/azure/cost-management-billing/manage/elevate-access-global-admin
Please let me know if you face any challenge here, I can help you to resolve this issue further
Provide your valuable Comments.
Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.
