使用 Azure Active Directory 將系統管理員和非系統管理員角色指派給使用者Assign administrator and non-administrator roles to users with Azure Active Directory

如果貴組織的使用者需要管理 Azure Active Directory (Azure AD) 資源的權限,您必須根據使用者需要權限才能執行的動作,在 Azure AD 中為使用者指派適當的角色。If a user in your organization needs permission to manage Azure Active Directory (Azure AD) resources, you must assign the user an appropriate role in Azure AD, based on the actions the user needs permission to perform.

如需可用角色的詳細資訊,請參閱在 Azure Active Directory 中指派系統管理員角色For more information about the available roles, see Assigning administrator roles in Azure Active Directory. 如需新增使用者的詳細資訊,請參閱將新的使用者新增至 Azure Active DirectoryFor more information about adding users, see Add new users to Azure Active Directory.

指派角色Assign roles

指派 Azure AD 角色給使用者的常用方式,是在使用者的 [目錄角色] 頁面上指派。A common way to assign Azure AD roles to a user is on the Directory role page for a user.

您也可以使用 Privileged Identity Management (PIM) 來指派角色。You can also assign roles using Privileged Identity Management (PIM). 如需更多 PIM 使用方式的詳細資訊,請參閱 Privileged Identity ManagementFor more detailed information about how to use PIM, see Privileged Identity Management.

若要將角色指派給使用者To assign a role to a user

  1. 使用目錄的全域系統管理員帳戶登入 Azure 入口網站Sign in to the Azure portal using a Global administrator account for the directory.

  2. 選取 [Azure Active Directory] 並選取 [使用者],然後搜尋並選取要接受角色指派的使用者。Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. 例如 Alain CharonFor example, Alain Charon.

  3. 在 [Alain Charon - 設定檔] 頁面上選取 [目錄角色]。On the Alain Charon - Profile page, select Directory role.

    隨即會顯示 [Alain Charon - 目錄角色] 頁面。The Alain Charon - Directory role page appears.

  4. 選取 [新增角色],選取要指派給 Alain 的角色 (例如 [應用程式系統管理員]),然後選擇 [選取]。Select Add role, select the role to assign to Alain (for example, Application administrator), and then choose Select.

    [目錄角色] 頁面上顯示所選的角色

    應用程式系統管理員角色隨即會指派給 Alain Charon,並顯示在 [Alain Charon - 目錄角色]頁面上。The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Directory role page.

移除角色指派Remove a role assignment

如需移除使用者的角色指派,您也可以從 [Alain Charon - 目錄角色]頁面操作。If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Directory role page.

若要移除使用者的角色指派To remove a role assignment from a user

  1. 選取 [Azure Active Directory] 並選取 [使用者],然後搜尋並選取要移除角色指派的使用者。Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. 例如 Alain CharonFor example, Alain Charon.

  2. 選取 [目錄角色],選取 [應用程式系統管理員],然後選取 [移除角色]。Select Directory role, select Application administrator, and then select Remove role.

    [目錄角色] 頁面上顯示所選的角色和移除選項

    Alain Charon 的應用程式系統管理員角色隨即會移除,並消失在 [Alain Charon - 目錄角色]頁面上。The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Directory role page.

後續步驟Next steps

或者,您也可以執行其他使用者管理工作,例如指派委派、使用原則及共用使用者帳戶。Or you can perform other user management tasks, such as assigning delegates, using policies, and sharing user accounts. 如需其他可用動作的詳細資訊,請參閱 Azure Active Directory 使用者管理文件For more information about other available actions, see Azure Active Directory user management documentation.