We've added support for role-based access control in the Azure Preview portal to help organizations meet their access management requirements simply and precisely. Now you can give Azure Active Directory users and groups access to the Azure resources they need to do their jobs, while not granting more access than they need. In this release, we’ve added these access management features:
- Group-based role assignment: You can assign access to Azure AD groups that can be synced from your local Active Directory. This enables you to leverage the existing investments that your organization has made in tooling and processes for managing groups. You can also use the delegated group management feature of Azure AD Premium.
- Three new roles: You can use three new roles—Owner, Contributor, and Reader—to ensure that users and groups have permission to do only the tasks they need to do their jobs. We’ll add support for custom roles in a future release. Service administrators and subscription coadministrators are automatically Owners in the Azure Preview portal.
- Granular access to resources: You can assign roles to users and groups for a particular subscription, resource group, or an individual Azure resource such as a website or database. In this way, you can ensure that users have access to all the resources they need and no access to resources that they do not need to manage.
These features are available in the Azure Preview portal, Azure PowerShell, or from a custom client that uses the Azure Resource Management API.
Access to the full Azure portal remains unchanged: only service administrators and coadministrators can access resources in that portal.
Read our documentation to learn more about Role-Based Access Control in the Azure Preview Portal