RBAC for assigning IAM

Category: azure security center


farslayer9 on Tue, 17 Mar 2020 20:36:57

I have a user who is a contributor to an Azure subscription.  He created a resource group, but now he must be able to fully leverage that group, including assigning other users access to resources within that group.  What WBAC permission does he need?  I already made him an owner of the resource group.

Thank you,



SubhashVasarapu-MSFT on Wed, 18 Mar 2020 04:12:19

Make a user an administrator of an Azure subscription, by assigning them the Owner role at the subscription scope. The Owner role gives the user full access to all resources in the subscription, including the permission to grant access to others. where as contributor role, Lets you manage everything except granting access to resources.
Ref Doc.


SubhashVasarapu-MSFT on Fri, 08 May 2020 06:48:30



If you think your question has been answered, please click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.


Best regards