Review fundamental Azure RBAC roles
Azure provides over 100 pre-defined role definitions. Roles can grant access to data within an object. If a user has read data access to a storage account, then they can read the blobs or messages in the storage account.
The following table describes four built-in role definitions that are considered fundamental.
Fundamental role | Description |
---|---|
Owner | The Owner role has full access to all resources, including the right to delegate access to others. The Service Administrator and Co-Administrators roles are assigned the Owner role at the subscription scope. |
Contributor | The Contributor role can create and manage all types of Azure resources. This role can't grant access to others. |
Reader | The Reader role can view existing Azure resources. |
User Access Administrator | The User Access Administrator role can manage user access to Azure resources. |