Question 220667 in Azure Question posted in
The official documentation to get you started can be found here.

Selective Resource/Infra isolation on Azure. Possible?

Good day, folks!
I have an Azure subscription and it has multiple resources created, like App Services, Databases, Key Vault, Storage, account, etc
I want only a few people to see the full resources, for the rest of the team, I don’t want all the resources to be seen.
For example –

  1. Matt sees 5 App services out of 10
  2. Kevin sees 10 App services out of 10
    Is this possible to create selective isolation? If yes, then how?

I tried this link
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json
But, did not get it. Am I looking in the right direction?

Tags:

2

Answers


  1. 0

    Yes, it is certainly possible to do so. Resource locking however is not the answer. Azure Role-based access control (RBAC) is the answer.

    Essentially what you would need to do is assign roles to users on specific resources. For example, let’s say you want you want Kevin to manage all 10 app services then you would assign Website Contributor role to Kevin on those 10 app services. Similarly you would assign the same role to Matt on the 5 app services that you want Matt to manage.

    Login or Signup to reply.
  2. 0

    Yes, it is possible. Here’s a more detailed step-by-step guide:

    Create Custom Roles:

    • Sign in to the Azure portal (https://portal.azure.com) with your
      Azure account.

      Go to "Azure Active Directory" from the left-hand menu.

      Click on "Roles and administrators" under "Security."

      Click "+ New custom role."

      Name the role, add a description, and specify the desired permissions
      (e.g., read, write) for Matt and Kevin.

      Click "Create" to save the custom roles.

    Assign Custom Roles:

    • Navigate to the resource group containing the 10 App Services.

      Click on "Access control (IAM)" from the left-hand menu.

      Click "+ Add" to add a role assignment.

      Select the custom role for Matt from the "Role" dropdown.

      Search for and select Matt’s user account or group.

      Click "Save" to assign the custom role to Matt.

      Repeat the same process for Kevin, assigning him the custom role that
      grants access to all 10 App Services.

    Verify Access:

    • Make sure Matt can only see 5 App Services, and Kevin can see all 10
      when they access the Azure portal or use Azure CLI/PowerShell.

    By following these steps, you can control the visibility and access level of resources within your Azure subscription based on the needs of your team members.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search