Vadood on Sun, 30 Dec 2018 05:56:54
I have problem understanding the roles.
I have a CSP subscription and I have an account assigned "Global administrator" role. When trying to create automation, it does not create a RunAs account stating that I am not allowed to create one.
Also I am not able to start a runbook using this credential because it fails stating that the credential needs to be "subscription owner". I wonder what is the subscription owner role and how it can be assigned in a CSP subscription.
Why global admin who can do all sorts of things with resources cannot run an Automation runbook
Marcin Policht on Sun, 30 Dec 2018 13:08:03
Global Admin controls an Azure AD tenant (hosting identities)
Subscription owner controls an Azure subscription (hosting resources)
For CSP-specific aspects of this arrangement, refer to https://docs.microsoft.com/en-us/azure/cloud-solution-provider/customer-management/assign-permissions-to-azure-csp-subscription and https://docs.microsoft.com/en-us/partner-center/customers_revoke_admin_privileges
Vadood on Mon, 07 Jan 2019 05:10:18
Yes thank you, I wonder why Get-AzureRmRoleAssignment does not show Owner for the subscription. This is what confused me. It should show the Owner as like all other roles.
I tried this by a CSP subscription and a Trial, will check with a Pay-As-You_Go account as well to see if it is any different.