Manage users and roles

  • Článok

To access an Azure Sphere tenant, a user's Microsoft account must be registered with Azure Sphere and the user must be assigned a role in the tenant. Anyone can register an account with Azure Sphere, but only a user with the Administrator role can assign a role to another user.

User management

The following tenant user roles are supported:

  • An Administrator has full access to all devices and operations within the tenant, including the permission to add or delete other users. Your organization should have at least two logins with this role, but no more logins than necessary.
  • A Contributor can claim devices, add devices and device groups, download device capabilities, and create and change deployments, but cannot perform any delete operations. Software and hardware developers who create applications, manage connected devices, and update deployments but are not responsible for managing tenant access should have the Contributor role.
  • A Reader has access to information about the tenant, including claimed devices, deployments, and when available, any error reporting data from devices. This role is appropriate for maintenance and operations personnel who are responsible for tracking connected device performance at end-user installations.

Add new user

As an Administrator, you can add a new user by following these steps:

  1. Log in to Azure Sphere.

  2. Register the user's Microsoft account as an Azure Sphere user:

    azsphere register-user --new-user <email-address>

    This command registers the email address with Azure Sphere, so that the user can later sign in by using the azsphere login command. Note that although the user can sign in to Azure Sphere, the user has no access until an administrator assigns a role.

Assign a role to an existing user

To assign a role to a user in the Azure Sphere tenant, run the following command:

azsphere role add --role <role> --user <email-address>

To see a list of supported roles, run the following command:

azsphere role show-types

Delete the role of an existing user

To delete a role from a user in the Azure Sphere tenant:

Run the azsphere role delete command.

Example:

azsphere role delete --role <role> --user <email-address>

To see a list of supported roles, run the following command:

azsphere role show-types

Change the role of an existing user

To remove a role from a user in the Azure Sphere tenant, first remove the user's existing role, then assign a new role.

See also

Manage tenants

Quickstart: Choose a tenant and claim your device

azsphere tenant