-
Notifications
You must be signed in to change notification settings - Fork 21.1k
/
role-assignments-portal-managed-identity.yml
97 lines (82 loc) · 5.07 KB
/
role-assignments-portal-managed-identity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
### YamlMime:HowTo
metadata:
title: Assign Azure roles to a managed identity (Preview) - Azure RBAC
description: Learn how to assign Azure roles by starting with the managed identity and then select the scope and role using the Azure portal and Azure role-based access control (Azure RBAC).
author: rolyon
ms.author: rolyon
manager: amycolannino
ms.date: 02/15/2021
ms.service: role-based-access-control
ms.topic: how-to
ms.custom:
- ge-structured-content-pilot
title: |
Assign Azure roles to a managed identity (Preview)
introduction: |
You can assign a role to a managed identity by using the **Access control (IAM)** page as described in [Assign Azure roles using the Azure portal](role-assignments-portal.yml). When you use the Access control (IAM) page, you start with the scope and then select the managed identity and role. This article describes an alternate way to assign roles for a managed identity. Using these steps, you start with the managed identity and then select the scope and role.
> [!IMPORTANT]
> Assign a role to a managed identity using these alternate steps is currently in preview.
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
prerequisites:
summary: |
[!INCLUDE [Azure role assignment prerequisites](../../includes/role-based-access-control/prerequisites-role-assignments.md)]
procedureSection:
- title: |
System-assigned managed identity
summary: |
Follow these steps to assign a role to a system-assigned managed identity by starting with the managed identity.
steps:
- |
In the Azure portal, open a system-assigned managed identity.
- |
In the left menu, click **Identity**.
![System-assigned managed identity](./media/shared/identity-system-assigned.png)
- |
Under **Permissions**, click **Azure role assignments**.
If roles are already assigned to the selected system-assigned managed identity, you see the list of role assignments. This list includes all role assignments you have permission to read.
![Role assignments for a system-assigned managed identity](./media/shared/role-assignments-system-assigned.png)
- |
To change the subscription, click the **Subscription** list.
- |
Click **Add role assignment (Preview)**.
- |
Use the drop-down lists to select the set of resources that the role assignment applies to such as **Subscription**, **Resource group**, or resource.
If you don't have role assignment write permissions for the selected scope, an inline message will be displayed.
- |
In the **Role** drop-down list, select a role such as **Virtual Machine Contributor**.
![Add role assignment pane for system-assigned managed identity](./media/role-assignments-portal-managed-identity/add-role-assignment-with-scope.png)
- |
Click **Save** to assign the role.
After a few moments, the managed identity is assigned the role at the selected scope.
- title: |
User-assigned managed identity
summary: |
Follow these steps to assign a role to a user-assigned managed identity by starting with the managed identity.
steps:
- |
In the Azure portal, open a user-assigned managed identity.
- |
In the left menu, click **Azure role assignments**.
If roles are already assigned to the selected user-assigned managed identity, you see the list of role assignments. This list includes all role assignments you have permission to read.
![Role assignments for a user-assigned managed identity](./media/shared/role-assignments-user-assigned.png)
- |
To change the subscription, click the **Subscription** list.
- |
Click **Add role assignment (Preview)**.
- |
Use the drop-down lists to select the set of resources that the role assignment applies to such as **Subscription**, **Resource group**, or resource.
If you don't have role assignment write permissions for the selected scope, an inline message will be displayed.
- |
In the **Role** drop-down list, select a role such as **Virtual Machine Contributor**.
![Add role assignment pane for a user-assigned managed identity](./media/role-assignments-portal-managed-identity/add-role-assignment-with-scope.png)
- |
Click **Save** to assign the role.
After a few moments, the managed identity is assigned the role at the selected scope.
relatedContent:
- text: What are managed identities for Azure resources?
url: ../active-directory/managed-identities-azure-resources/overview.md
- text: Assign Azure roles using the Azure portal
url: role-assignments-portal.yml
- text: List Azure role assignments using the Azure portal
url: role-assignments-list-portal.yml