Home > Mobile >  Is a user with "Contributor" and "User Access Administrator" roles same as a use
Is a user with "Contributor" and "User Access Administrator" roles same as a use

Time:08-02

So we have got 3 built-in roles: Owner, Contributor and User Access Administrator.

Considering a Contributor can do everything in an Azure Subscription except RBAC role assignment and a User Access Administrator can do RBAC role assignment, can we assume that if a user is assigned both Contributor and User Access Administrator roles at a particular scope (e.g. Subscription), they are effectively an Owner for that scope?

Or are there certain things that still only an Owner can do?

CodePudding user response:

If we look at the permissions:

  • A Owner can do anything: "actions": ["*"].
  • A User Admin can only read anything (except secret), manage roles and create and update support tickets: "actions": ["*/read", "Microsoft.Authorization/*", "Microsoft.Support/*"]
  • A contributor can do anything except managing roles, managing blueprint assignment and sharing a gallery to different scopes 
    "actions": [
  "*"
],
"notActions": [
  "Microsoft.Authorization/*/Delete",
  "Microsoft.Authorization/*/Write",
  "Microsoft.Authorization/elevateAccess/Action",
  "Microsoft.Blueprint/blueprintAssignments/write",
  "Microsoft.Blueprint/blueprintAssignments/delete",
  "Microsoft.Compute/galleries/share/action"
],

So a user with Contributor and User Access Administrator roles is missing some permissions compared to the Owner Role: Can't create/delete blueprint and can't share gallery to different scopes

Page link:https//www.codepudding.com/Mobile/496281.html

Prev:java.lang.NullPointerException: Cannot invoke "topjava.quest.service.DishService.getAll()"
Next:Azure B2C Invalid Jwt Signiture
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding