다음을 통해 공유

RBAC - Grant Built In Role Access for multiple existing VMs in a Resource Group

  • Code Sample
Browse code

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy to Azure Deploy To Azure US Gov Visualize

This template assigns Owner, Reader, Contributor, Virtual Machine Contributor access to multiple VMs in a resource group. Inputs to this template are following fields:

  1. Subscription ID
  2. Principal IDs
  3. Role Definition ID
  4. Resource Group Names
  5. GUIDs
  6. Virtual Machine Names
  7. Built In Role Types
  8. Count of VM

**Use following powershell command to get Principal ID associated with a user using their email id. Please note, principal id maps to the id inside the directory and can point to a user, service principal, or security group. The ObjectId is the principal ID.

PS C:> Get-AzureADUser -mail

DisplayName Type ObjectId

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

**Use following powershell command to learn about RoleDefinitions. Please note, the template already uses appropriate roleDefinition Id. The applicable RoleDefinition names are avialable in the parameter dropdown.

PS C:> Get-AzureRoleDefinition | fl

Name : Contributor Id : /subscriptions/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c Actions : {} NotActions : {Microsoft.Authorization//Write, Microsoft.Authorization/*/Delete}

Tags: Microsoft.Authorization/roleAssignments, Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines