Set access permissions using role-based access control
A user in Azure Stack Hub can be a reader, owner, or contributor for each instance of a subscription, resource group, or service. For example, User A might have reader permissions to Subscription One, but have owner permissions to Virtual Machine Seven.
- Reader: User can view everything, but can't make any changes.
- Contributor: User can manage everything except access to resources.
- Owner: User can manage everything, including access to resources.
- Custom: User has limited, specific access to resources.
For more information about creating a custom role, see Custom roles for Azure resources.
Set access permissions for a user
- Sign in with an account that has owner permissions to the resource you want to manage.
- In the blade for the resource, click the Access icon
. - In the Users blade, click Roles.
- In the Roles blade, click Add to add permissions for the user.
Set access permissions for a universal group
Note
Applicable only to Active Directory Federated Services (AD FS).
- Sign in with an account that has owner permissions to the resource you want to manage.
- In the blade for the resource, click the Access icon .
- In the Users blade, click Roles.
- In the Roles blade, click Add to add permissions for the Universal Group Active Directory Group.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for