Share gallery resources
As the Azure Compute Gallery, definition, and version are all resources, they can be shared using the built-in native Azure Roles-based Access Control (RBAC) roles. Using Azure RBAC roles you can share these resources to other users, service principals, and groups. You can even share access to individuals outside of the tenant they were created within. Once a user has access, they can use the gallery resources to deploy a VM or a Virtual Machine Scale Set. Here's the sharing matrix that helps understand what the user gets access to:
|Shared with User||Azure Compute Gallery||Image Definition||Image version|
|Azure Compute Gallery||Yes||Yes||Yes|
We recommend sharing at the Gallery level for the best experience. We don't recommend sharing individual image versions. For more information about Azure RBAC, see Assign Azure roles.
There are three main ways to share images in an Azure Compute Gallery, depending on who you want to share with:
|Specific people, groups, or service principals (described in this article)||Role-based access control (RBAC) lets you share resources to specific people, groups, or service principals on a granular level.|
|Subscriptions or tenants||A direct shared gallery lets you share to everyone in a subscription or tenant.|
|Everyone||Community gallery lets you share your entire gallery publicly, to all Azure users.|
Share using RBAC
- On the page for your gallery, in the menu on the left, select Access control (IAM).
- Under Add a role assignment, select Add. The Add a role assignment pane will open.
- Under Role, select Reader.
- Under assign access to, leave the default of Azure AD user, group, or service principal.
- Under Select, type in the email address of the person that you would like to invite.
- If the user is outside of your organization, you'll see the message This user will be sent an email that enables them to collaborate with Microsoft. Select the user with the email address and then click Save.