新增或變更 Azure 訂用帳戶系統管理員Add or change Azure subscription administrators

若要管理對 Azure 資源的存取,您必須具有適當的系統管理員角色。To manage access to Azure resources, you must have the appropriate administrator role. Azure 有一個稱為角色型存取控制 (RBAC) 的授權系統,其中含有可供您選擇的內建角色。Azure has an authorization system called role-based access control (RBAC) with several built-in roles you can choose from. 您可以在不同範圍 (例如管理群組、訂用帳戶或資源群組) 指派這些角色。You can assign these roles at different scopes, such as management group, subscription, or resource group. 根據預設,建立新 Azure 訂用帳戶的人員可以將訂用帳戶的系統管理存取權指派給其他使用者。By default, the person who creates a new Azure subscription can assign other users administrative access to a subscription.

本文說明如何在訂用帳戶範圍使用 RBAC 來新增或變更使用者的系統管理員角色。This article describes how add or change the administrator role for a user using RBAC at the subscription scope.

Microsoft 建議您使用 RBAC 來管理對資源的存取。Microsoft recommends that you manage access to resources using RBAC. 不過,如果您仍是使用傳統部署模型,且使用 Azure 服務管理 PowerShell 模組 (英文) 來管理傳統資源,您會需要使用傳統系統管理員。However, if you are still using the classic deployment model and managing the classic resources by using Azure Service Management PowerShell Module, you'll need to use a classic administrator.

提示

如果您只使用 Azure 入口網站來管理傳統資源,則不需要使用傳統系統管理員。If you only use the Azure portal to manage the classic resources, you don't need to use the classic administrator.

如需詳細資訊,請參閱 Azure Resource Manager 與傳統部署Azure 傳統訂用帳戶管理員For more information, see Azure Resource Manager vs. classic deployment and Azure classic subscription administrators.

指派訂用帳戶系統管理員Assign a subscription administrator

若要讓使用者成為 Azure 訂用帳戶的系統管理員,現有系統管理員會在訂用帳戶範圍為其指派擁有者角色 (RBAC 角色)。To make a user an administrator of an Azure subscription, an existing administrator assigns them the Owner role (an RBAC role) at the subscription scope. 「擁有者」角色可授與使用者訂用帳戶中所有資源的完整存取權,包括將存取權委派給其他人的權限。The Owner role gives the user full access to all resources in the subscription, including the right to delegate access to others. 針對任何其他角色指派,這些步驟都相同。These steps are the same as any other role assignment.

如果您不確定誰是訂用帳戶的帳戶管理員,請使用下列步驟來找出帳戶管理員。If you're not sure who the account administrator is for a subscription, use the following steps to find out.

  1. 開啟 Azure 入口網站中的 [訂用帳戶] 頁面Open the Subscriptions page in the Azure portal.
  2. 選取您想要檢查的訂用帳戶,然後查看 [設定] 。Select the subscription you want to check, and then look under Settings.
  3. 選取 [屬性] 。Select Properties. 該訂用帳戶的帳戶管理員會顯示在 [帳戶管理員] 方塊中。The account administrator of the subscription is displayed in the Account Admin box.

將使用者指派為系統管理員To assign a user as an administrator

  1. 以訂用帳戶擁有者身分登入 Azure 入口網站並開啟訂用帳戶Sign in to the Azure portal as the subscription owner and open Subscriptions.

  2. 選擇您想要授與存取權的訂用帳戶。Click the subscription where you want to grant access.

  3. 按一下 [存取控制 (IAM)] 。Click Access control (IAM).

  4. 按一下 [角色指派] 索引標籤以檢視此訂用帳戶的所有角色指派。Click the Role assignments tab to view all the role assignments for this subscription.

    顯示角色指派的螢幕擷取畫面

  5. 按一下 [新增] > [新增角色指派] ,以開啟 [新增角色指派] 窗格。Click Add > Add role assignment to open the Add role assignment pane.

    如果您沒有指派角色的權限,此選項就會被停用。If you don't have permissions to assign roles, the option will be disabled.

  6. 在 [角色] 下拉式清單中,選取 [擁有者] 角色。In the Role drop-down list, select the Owner role.

  7. 在 [選取] 清單中,選取使用者。In the Select list, select a user. 如果在清單中未看到使用者,您可以在 [選取] 方塊中輸入,以在目錄中搜尋顯示名稱與電子郵件地址。If you don't see the user in the list, you can type in the Select box to search the directory for display names and email addresses.

    顯示已選取 [擁有者] 角色的螢幕擷取畫面

  8. 按一下 [儲存] 以指派角色。Click Save to assign the role.

    在幾分鐘之後,即會在訂用帳戶範圍將「擁有者」角色指派給使用者。After a few moments, the user is assigned the Owner role at the subscription scope.

後續步驟Next steps

需要協助嗎?Need help? 請連絡支援人員Contact support

如果仍需要協助,請連絡支援人員以快速解決您的問題。If you still need help, contact support to get your issue resolved quickly.