Grant access using RBAC and the Azure portal
A co-worker named Alain at First Up Consultants needs the ability to create and manage virtual machines for a project he is working on. Your manager has asked that you handle this request. Using the best practice to grant users the least privileges to get their work done, you decide to assign Alain the Virtual Machine Contributor role for a resource group.
Follow these steps to assign the Virtual Machine Contributor role to a user at the resource group scope.
In the navigation list, click Resource groups.
Find and click the FirstUpConsultantsRG1-XXXXXXX resource group.
Click Access control (IAM).
Click the Role assignments tab to see the current list of role assignments.
At the top, click Add role assignment.
The Add role assignment pane opens.
In the Role drop-down list, select Virtual Machine Contributor.
In the Select list, select LabUser-XXXXXXX.
You can find the username on the Resources tab next to the instructions.
Click Save to create the role assignment.
After a few moments, the LabUser-XXXXXXX user is assigned the Virtual Machine Contributor role at the FirstUpConsultantsRG1-XXXXXXX resource group scope. The user can now create and manage virtual machines just within this resource group.
In RBAC, to remove access, you remove a role assignment.
In the list of role assignments, select the LabUser-XXXXXXX user with the Virtual Machine Contributor role.
In the Remove role assignments message that appears, click Yes.
In this unit, you learned how to grant a user access to create and manage virtual machines in a resource group using the Azure portal.