Share via


Roles and permissions

Access management and control is a critical function for any organization using the cloud. Azure's role-based access control (RBAC) is a security approach to control access based on roles assigned to people within an organization, providing a layer of security for your Azure environment. Assigning the correct roles and permissions to people within the organization is a foundational step for transacting through the marketplace and ensuring a streamlined purchase experience.

Roles and permissions

The marketplace centralizes your cloud investments from Microsoft and our extended network of partners. It uses Azure Role-Based Controls (RBAC) to enable you to acquire solutions certified to run on Azure. These role-based controls delineate purchasing privileges within your organization, ensuring adherence to compliance standards, established security protocols and workflows by restricting purchases to authorized personnel.

Assigning roles and permissions to people within the organization is a foundational step to guaranteeing secure and compliant access to marketplace transactions and contributes to the secure utilization of the marketplace as a cloud solution procurement platform.

The table below summarizes the roles required to purchase a public offer, a private offer, or a private plan. For private offers, permission considerations to accept the offer and then purchase the offer vary depending on your organization's commercial agreement with Microsoft.

Commercial agreement Offer Role required to accept Role required to purchase or subscribe
Microsoft Customer Agreement (MCA) Public offer n/a Subscription owner or contributor
Private plan n/a Subscription owner or contributor
Private offer Billing account owner or contributor Subscription owner or contributor
Enterprise Agreement (EA) Public offer n/a Subscription owner or contributor
Private plan n/a Subscription owner or contributor
Private offer Enterprise administrator Subscription owner or contributor

Check permissions to purchase a private offer or a private plan

Important

A private offer must be accepted before it can be purchased. These are two separate steps that require different permissions and are usually performed by different people in an organization. To learn more, see Private offers to learn steps on how to accept a private offer.

When purchasing a private offer or private plan, perform a pre-check on your account to verify permissions and account settings that may block the purchase.

Check permissions to purchase a public offer

A public offer is a solution available for purchase in the marketplace with publicly listed pricing and terms. Follow these steps to check the assigned permissions to purchase a public offer:

  1. Log into the Azure portal at https://www.portal.azure.com using your credentials.

  2. Select the Account profile icon on the top right corner of the screen:

    Screenshot of the top bar of the Azure screen, with the Account profile icon selected.

  3. Select the ellipsis (...).

    Screenshot of the top bar of the Azure screen, with the Account profile open and the ellipses highlighted.

  4. Select My permissions. A list of all assigned permissions displays for the selected subscription.

    Screenshot of the My Permissions screen.

Find subscription owners who can grant permissions

If you do not have the correct role and permissions, you can follow these steps to find people in your organization with role assignments, including subscription owners who can grant access to the subscription:

  1. Select Go to subscription access control to view information on levels of access to the subscription and view all individuals in your organization with role assignments, including subscription owners and subscription contributors:

    Screenshot of the My Permissions screen, with the link: Go to subscription access control (IAM) highlighted.

  2. Select View access to this resource to view roles assigned to individuals within your organization:

    Screenshot of the Access Control screen, with the box: View access to this resource (View) highlighted.

    A list of individuals with all role assignments, including subscription owners and subscription contributors displays:

    Screenshot of the Access Control screen, with the owner and contributor roles highlighted.