need to implement admin access on linux sql vms excluding other vms in the subscription

arun kumar 66 Reputation points

Hi Team

I want to apply RBAC role on subscription level that should provide admin access only on linux sql vms under the subscription excluding other linux and windows vms on the same subscription.

For windows vms we can restrict access using gro

Please suggest a proper solution to acheive this requirement.


SQL Server on Azure Virtual Machines
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
372 questions
{count} votes

1 answer

Sort by: Most helpful
  1. JamesTran-MSFT 26,531 Reputation points Microsoft Employee

    @arun kumar
    Thank you for follow up on this!

    Since you're assigning RBAC roles at the Subscription level and have a few users that only need to work on SQL VMs and no other VMs within the same Subscription. You can look into leveraging the Azure deny assignments feature to block users/groups from performing specific Azure resource actions, even if a role assignment grants them access. Additionally, you can also leverage Azure custom roles to create a role that meets your needs when it comes to user access.

    Additional Link:
    Best practices for Azure RBAC

    I've also added azure-sql-virtual-machines tag to this thread so their community can look into the specific admin access within a Linux SQL VM, since admin permissions within a VM aren't controlled via RBAC.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.