Add or change Azure subscription administrators

To manage access to Azure resources, you must have the appropriate administrator role. Azure has an authorization system called role-based access control (RBAC) with several built-in roles you can choose from. You can assign these roles at different scopes, such as management group, subscription, or resource group.

Microsoft recommends that you manage access to resources using RBAC. However, if you are still using the classic deployment model and managing the classic resources by using Azure Service Management PowerShell Module, you'll need to use a classic administrator.


If you only use the Azure portal to manage the classic resources, you won’t need to use the classic administrator.

For more information, see Azure Resource Manager vs. classic deployment and Azure classic subscription administrators.

This article describes how add or change the administrator role for a user using RBAC at the subscription scope.

Assign a user as an administrator of a subscription

To make a user an administrator of an Azure subscription, assign them the Owner role (an RBAC role) at the subscription scope. The Owner role gives the user full access to all resources in the subscription, including the right to delegate access to others. These steps are the same as any other role assignment.

  1. In the Azure portal, open Subscriptions.

  2. Click the subscription where you want to grant access.

  3. Click Access control (IAM).

  4. Click the Role assignments tab to view all the role assignments for this subscription.

    Screenshot that shows role assignments

  5. Click Add > Add role assignment to open the Add role assignment pane.

    If you don't have permissions to assign roles, the option will be disabled.

  6. In the Role drop-down list, select the Owner role.

  7. In the Select list, select a user. If you don't see the user in the list, you can type in the Select box to search the directory for display names and email addresses.

    Screenshot that shows the Owner role selected

  8. Click Save to assign the role.

    After a few moments, the user is assigned the Owner role at the subscription scope.

Next steps

Need help? Contact support

If you still need help, contact support to get your issue resolved quickly.