Roles and permissions
Access management and control is a critical function for any organization using the cloud. Azure's role-based access control (RBAC) is a security approach to control access based on roles assigned to people within an organization, providing a layer of security for your Azure environment. Assigning the correct roles and permissions to people within the organization is a foundational step for transacting through the marketplace and ensuring a streamlined purchase experience.
The marketplace centralizes your cloud investments from Microsoft and our extended network of partners. It uses Azure Role-Based Controls (RBAC) to enable you to acquire solutions certified to run on Azure. These role-based controls delineate purchasing privileges within your organization, ensuring adherence to compliance standards, established security protocols and workflows by restricting purchases to authorized personnel.
Assigning roles and permissions to people within the organization is a foundational step to guaranteeing secure and compliant access to marketplace transactions and contributes to the secure utilization of the marketplace as a cloud solution procurement platform.
The table below summarizes the roles required to purchase a public offer, a private offer, or a private plan. For private offers, permission considerations to accept the offer and then purchase the offer vary depending on your organization's commercial agreement with Microsoft.
Commercial agreement | Offer | Role required to accept | Role required to purchase or subscribe |
---|---|---|---|
Microsoft Customer Agreement (MCA) | Public offer | n/a | Subscription owner or contributor |
Private plan | n/a | Subscription owner or contributor | |
Private offer | Billing account owner or contributor | Subscription owner or contributor | |
Enterprise Agreement (EA) | Public offer | n/a | Subscription owner or contributor |
Private plan | n/a | Subscription owner or contributor | |
Private offer | Enterprise administrator | Subscription owner or contributor |
Important
A private offer must be accepted before it can be purchased. These are two separate steps that require different permissions and are usually performed by different people in an organization. To learn more, see Private offers to learn steps on how to accept a private offer.
When purchasing a private offer or private plan, perform a pre-check on your account to verify permissions and account settings that may block the purchase.
A public offer is a solution available for purchase in the marketplace with publicly listed pricing and terms. Follow these steps to check the assigned permissions to purchase a public offer:
Log into the Azure portal at https://www.portal.azure.com using your credentials.
Select the Account profile icon on the top right corner of the screen:
Select the ellipsis (...).
Select My permissions. A list of all assigned permissions displays for the selected subscription.
If you do not have the correct role and permissions, you can follow these steps to find people in your organization with role assignments, including subscription owners who can grant access to the subscription:
Select Go to subscription access control to view information on levels of access to the subscription and view all individuals in your organization with role assignments, including subscription owners and subscription contributors:
Select View access to this resource to view roles assigned to individuals within your organization:
A list of individuals with all role assignments, including subscription owners and subscription contributors displays: