Role-based access control in Azure AI Studio
In this article, you learn how to manage access (authorization) to an Azure AI Studio hub. Azure role-based access control (Azure RBAC) is used to manage access to Azure resources, such as the ability to create new resources or use existing ones. Users in your Microsoft Entra ID are assigned specific roles, which grant access to resources. Azure provides both built-in roles and the ability to create custom roles.
Warning
Applying some roles might limit UI functionality in Azure AI Studio for other users. For example, if a user's role does not have the ability to create a compute instance, the option to create a compute instance will not be available in studio. This behavior is expected, and prevents the user from attempting operations that would return an access denied error.
AI Studio hub vs project
In the Azure AI Studio, there are two levels of access: the hub and the project. The hub is home to the infrastructure (including virtual network setup, customer-managed keys, managed identities, and policies) and where you configure your Azure AI services. Hub access can allow you to modify the infrastructure, create new hubs, and create projects. Projects are a subset of the hub that act as workspaces that allow you to build and deploy AI systems. Within a project you can develop flows, deploy models, and manage project assets. Project access lets you develop AI end-to-end while taking advantage of the infrastructure setup on the hub.
One of the key benefits of the hub and project relationship is that developers can create their own projects that inherit the hub security settings. You might also have developers who are contributors to a project, and can't create new projects.
Default roles for the hub
The AI Studio hub has built-in roles that are available by default.
Here's a table of the built-in roles and their permissions for the hub:
Role | Description |
---|---|
Owner | Full access to the hub, including the ability to manage and create new hubs and assign permissions. This role is automatically assigned to the hub creator |
Contributor | User has full access to the hub, including the ability to create new hubs, but isn't able to manage hub permissions on the existing resource. |
Azure AI Developer | Perform all actions except create new hubs and manage the hub permissions. For example, users can create projects, compute, and connections. Users can assign permissions within their project. Users can interact with existing Azure AI resources such as Azure OpenAI, Azure AI Search, and Azure AI services. |
Azure AI Inference Deployment Operator | Perform all actions required to create a resource deployment within a resource group. |
Reader | Read only access to the hub. This role is automatically assigned to all project members within the hub. |
The key difference between Contributor and Azure AI Developer is the ability to make new hubs. If you don't want users to make new hubs (due to quota, cost, or just managing how many hubs you have), assign the Azure AI Developer role.
Only the Owner and Contributor roles allow you to make a hub. At this time, custom roles can't grant you permission to make hubs.
Azure AI Developer role
The full set of permissions for the new "Azure AI Developer" role are as follows:
{
"Permissions": [
{
"Actions": [
"Microsoft.MachineLearningServices/workspaces/*/read",
"Microsoft.MachineLearningServices/workspaces/*/action",
"Microsoft.MachineLearningServices/workspaces/*/delete",
"Microsoft.MachineLearningServices/workspaces/*/write",
"Microsoft.MachineLearningServices/locations/*/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*"
],
"NotActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"DataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*",
"Microsoft.CognitiveServices/accounts/SpeechServices/*",
"Microsoft.CognitiveServices/accounts/ContentSafety/*"
],
"NotDataActions": [],
"Condition": null,
"ConditionVersion": null
}
]
}
If the built-in Azure AI Developer role doesn't meet your needs, you can create a custom role.
Default roles for projects
Projects in AI Studio have built-in roles that are available by default.
Here's a table of the built-in roles and their permissions for the project:
Role | Description |
---|---|
Owner | Full access to the project, including the ability to assign permissions to project users. |
Contributor | User has full access to the project but can't assign permissions to project users. |
Azure AI Developer | User can perform most actions, including create deployments, but can't assign permissions to project users. |
Azure AI Inference Deployment Operator | Perform all actions required to create a resource deployment within a resource group. |
Reader | Read only access to the project. |
When a user is granted access to a project (for example, through the AI Studio permission management), two more roles are automatically assigned to the user. The first role is Reader on the hub. The second role is the Inference Deployment Operator role, which allows the user to create deployments on the resource group that the project is in. This role is composed of these two permissions: "Microsoft.Authorization/*/read"
and "Microsoft.Resources/deployments/*"
.
In order to complete end-to-end AI development and deployment, users only need these two autoassigned roles and either the Contributor or Azure AI Developer role on a project.
The minimum permissions needed to create a project is a role that has the allowed action of Microsoft.MachineLearningServices/workspaces/hubs/join
on the hub. The Azure AI Developer built-in role has this permission.
Dependency service Azure RBAC permissions
The hub has dependencies on other Azure services. The following table lists the permissions required for these services when you create a hub. The person that creates the hub needs these permissions. The person who creates a project from the hub doesn't need them.
Permission | Purpose |
---|---|
Microsoft.Storage/storageAccounts/write |
Create a storage account with the specified parameters or update the properties or tags or adds custom domain for the specified storage account. |
Microsoft.KeyVault/vaults/write |
Create a new key vault or updates the properties of an existing key vault. Certain properties might require more permissions. |
Microsoft.CognitiveServices/accounts/write |
Write API Accounts. |
Microsoft.MachineLearningServices/workspaces/write |
Create a new workspace or updates the properties of an existing workspace. |
Sample enterprise RBAC setup
The following table is an example of how to set up role-based access control for your Azure AI Studio for an enterprise.
Persona | Role | Purpose |
---|---|---|
IT admin | Owner of the hub | The IT admin can ensure the hub is set up to their enterprise standards. They can assign managers the Contributor role on the resource if they want to enable managers to make new hubs. Or they can assign managers the Azure AI Developer role on the resource to not allow for new hub creation. |
Managers | Contributor or Azure AI Developer on the hub | Managers can manage the hub, audit compute resources, audit connections, and create shared connections. |
Team lead/Lead developer | Azure AI Developer on the hub | Lead developers can create projects for their team and create shared resources (such as compute and connections) at the hub level. After project creation, project owners can invite other members. |
Team members/developers | Contributor or Azure AI Developer on the project | Developers can build and deploy AI models within a project and create assets that enable development such as computes and connections. |
Access to resources created outside of the hub
When you create a hub, the built-in role-based access control permissions grant you access to use the resource. However, if you wish to use resources outside of what was created on your behalf, you need to ensure both:
- The resource you're trying to use has permissions set up to allow you to access it.
- Your hub is allowed to access it.
For example, if you're trying to consume a new Blob storage, you need to ensure that hub's managed identity is added to the Blob Storage Reader role for the Blob. If you're trying to use a new Azure AI Search source, you might need to add the hub to the Azure AI Search's role assignments.
Manage access with roles
If you're an owner of a hub, you can add and remove roles for AI Studio. Go to the Home page in AI Studio and select your hub. Then select Users to add and remove users for the hub. You can also manage permissions from the Azure portal under Access Control (IAM) or through the Azure CLI. For example, use the Azure CLI to assign the Azure AI Developer role to "joe@contoso.com" for resource group "this-rg" with the following command:
az role assignment create --role "Azure AI Developer" --assignee "joe@contoso.com" --resource-group this-rg
Create custom roles
If the built-in roles are insufficient, you can create custom roles. Custom roles might have the read, write, delete, and compute resource permissions in that AI Studio. You can make the role available at a specific project level, a specific resource group level, or a specific subscription level.
Note
You must be an owner of the resource at that level to create custom roles within that resource.
The following JSON example defines a custom AI Studio developer role at the subscription level:
{
"properties": {
"roleName": "AI Studio Developer",
"description": "Custom role for AI Studio. At subscription level",
"assignableScopes": [
"/subscriptions/<your-subscription-id>"
],
"permissions": [
{
"actions": [
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/endpoints/write",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.KeyVault/vaults/write",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.CognitiveServices/*/read"
],
"notActions": [
"Microsoft.MachineLearningServices/workspaces/delete",
"Microsoft.MachineLearningServices/workspaces/write",
"Microsoft.MachineLearningServices/workspaces/listKeys/action",
"Microsoft.MachineLearningServices/workspaces/hubs/write",
"Microsoft.MachineLearningServices/workspaces/hubs/delete",
"Microsoft.MachineLearningServices/workspaces/featurestores/write",
"Microsoft.MachineLearningServices/workspaces/featurestores/delete"
],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action"
],
"notDataActions": []
}
]
}
}
For steps on creating a custom role, use one of the following articles:
For more information on creating custom roles in general, visit the Azure custom roles article.
Assigning roles in AI Studio
You can add users and assign roles directly from Azure AI Studio at either the hub or project level. From a hub or project overview page, select New user to add a user.
Note
You are limited to selecting built-in roles. If you need to assign custom roles, you must use the Azure portal, Azure CLI, or Azure PowerShell.
You are then prompted to enter the user information and select a built-in role.
Scenario: Use a customer-managed key
When configuring a hub to use a customer-managed key (CMK), an Azure Key Vault is used to store the key. The user or service principal used to create the workspace must have owner or contributor access to the key vault.
If your AI Studio hub is configured with a user-assigned managed identity, the identity must be granted the following roles. These roles allow the managed identity to create the Azure Storage, Azure Cosmos DB, and Azure Search resources used when using a customer-managed key:
Microsoft.Storage/storageAccounts/write
Microsoft.Search/searchServices/write
Microsoft.DocumentDB/databaseAccounts/write
Within the key vault, the user or service principal must have the create, get, delete, and purge access to the key through a key vault access policy. For more information, see Azure Key Vault security.
Scenario: Connections using Microsoft Entra ID authentication
When you create a connection that uses Microsoft Entra ID authentication, you must assign roles to your developers so they can access the resource.
Resource connection | Role | Description |
---|---|---|
Azure AI Search | Contributor | List API-Keys to list indexes from Azure AI Studio. |
Azure AI Search | Search Index Data Contributor | Required for indexing scenarios |
Azure AI services / Azure OpenAI | Cognitive Services OpenAI Contributor | Call public ingestion API from Azure AI Studio. |
Azure AI services / Azure OpenAI | Cognitive Services User | List API-Keys from Azure AI Studio. |
Azure AI services / Azure OpenAI | Contributor | Allows for calls to the control plane. |
When using Microsoft Entra ID authenticated connections in the chat playground, the services need to authorize each other to access the required resources. The admin performing the configuration needs to have the Owner role on these resources to add role assignments. The following table lists the required role assignments for each resource. The Assignee column refers to the system-assigned managed identity of the listed resource. The Resource column refers to the resource that the assignee needs to access. For example, Azure OpenAI has a system-assigned managed identity that needs to be assigned the Search Index Data Reader role for the Azure AI Search resource.
Role | Assignee | Resource | Description |
---|---|---|---|
Search Index Data Reader | Azure AI services / Azure OpenAI | Azure AI Search | Inference service queries the data from the index. Only used for inference scenarios. |
Search Index Data Contributor | Azure AI services / Azure OpenAI | Azure AI Search | Read-write access to content in indexes. Import, refresh, or query the documents collection of an index. Only used for ingestion and inference scenarios. |
Search Service Contributor | Azure AI services / Azure OpenAI | Azure AI Search | Read-write access to object definitions (indexes, aliases, synonym maps, indexers, data sources, and skillsets). Inference service queries the index schema for auto fields mapping. Data ingestion service creates index, data sources, skill set, indexer, and queries the indexer status. |
Cognitive Services OpenAI Contributor | Azure AI Search | Azure AI services / Azure OpenAI | Custom skill |
Cognitive Services OpenAI User | Azure OpenAI Resource for chat model | Azure OpenAI resource for embedding model | Required only if using two Azure OpenAI resources to communicate. |
Note
The Cognitive Services OpenAI User role is only required if you are using two Azure OpenAI resources: one for your chat model and one for your embedding model. If this applies, enable Trusted Services AND ensure the connection for your embedding model Azure OpenAI resource has Microsoft Entra ID enabled.
Scenario: Use an existing Azure OpenAI resource
When you create a connection to an existing Azure OpenAI resource, you must also assign roles to your users so they can access the resource. You should assign either the Cognitive Services OpenAI User or Cognitive Services OpenAI Contributor role, depending on the tasks they need to perform. For information on these roles and the tasks they enable, see Azure OpenAI roles.
Scenario: Use Azure Container Registry
An Azure Container Registry instance is an optional dependency for Azure AI Studio hub. The following table lists the support matrix when authenticating a hub to Azure Container Registry, depending on the authentication method and the Azure Container Registry's public network access configuration.
Authentication method | Public network access disabled |
Azure Container Registry Public network access enabled |
---|---|---|
Admin user | ✓ | ✓ |
AI Studio hub system-assigned managed identity | ✓ | ✓ |
AI Studio hub user-assigned managed identity with the ACRPull role assigned to the identity |
✓ |
A system-assigned managed identity is automatically assigned to the correct roles when the hub is created. If you're using a user-assigned managed identity, you must assign the ACRPull role to the identity.
Scenario: Use Azure Application Insights for logging
Azure Application Insights is an optional dependency for Azure AI Studio hub. The following table lists the permissions required if you want to use Application Insights when you create a hub. The person that creates the hub needs these permissions. The person who creates a project from the hub doesn't need these permissions.
Permission | Purpose |
---|---|
Microsoft.Insights/Components/Write |
Write to an application insights component configuration. |
Microsoft.OperationalInsights/workspaces/write |
Create a new workspace or links to an existing workspace by providing the customer ID from the existing workspace. |
Scenario: Provisioned throughput unit procurer
The following example defines a custom role that can procure provisioned throughput units (PTU).
{
"properties": {
"roleName": "PTU procurer",
"description": "Custom role to purchase PTU",
"assignableScopes": [
"/subscriptions/<your-subscription-id>"
],
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.CognitiveServices/locations/commitmentTiers/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/read",
"Microsoft.CognitiveServices/accounts/commitmentplans/write",
"Microsoft.CognitiveServices/accounts/commitmentplans/delete",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
Scenario: Azure OpenAI Assistants API
The following example defines a role for a developer using Azure OpenAI Assistants.
{
"id": "",
"properties": {
"roleName": "Azure OpenAI Assistants API Developer",
"description": "Custom role to work with Azure OpenAI Assistants API",
"assignableScopes": [
"<your-scope>"
],
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/OpenAI/*/read",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/engines/generate/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/search/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/extensions/chat/completions/action",
"Microsoft.CognitiveServices/accounts/OpenAI/deployments/embeddings/action",
"Microsoft.CognitiveServices/accounts/OpenAI/images/generations/action",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/write",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/delete",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/files/write",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/files/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/files/delete",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/write",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/delete",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/messages/write",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/messages/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/messages/files/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/write",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/read",
"Microsoft.CognitiveServices/accounts/OpenAI/assistants/threads/runs/steps/read"
],
"notDataActions": []
}
]
}
}