You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/role-based-access-control/check-access.md
+13-11Lines changed: 13 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ manager: amycolannino
7
7
ms.service: role-based-access-control
8
8
ms.topic: quickstart
9
9
ms.workload: identity
10
-
ms.date: 12/09/2020
10
+
ms.date: 08/26/2022
11
11
ms.author: rolyon
12
12
ms.custom: contperf-fy21q2, mode-other
13
13
#Customer intent: As a new user, I want to quickly see access for myself, user, group, or application, to make sure they have the appropriate permissions.
@@ -21,19 +21,19 @@ Sometimes you need to check what access a user has to a set of Azure resources.
21
21
22
22
To check the access for a user, you first need to open the Azure resources you want to check access for. Azure resources are organized into levels that are typically called the *scope*. In Azure, you can specify a scope at four levels from broad to narrow: management group, subscription, resource group, and resource.
23
23
24
-
24
+
25
25
26
26
Follow these steps to open the set of Azure resources that you want to check access for.
27
27
28
28
1. Open the [Azure portal](https://portal.azure.com).
29
29
30
-
1. Open the set of Azure resources, such as **Management groups**, **Subscriptions**, **Resource groups**, or a particular resource.
30
+
1. Open the set of Azure resources you want to check access for, such as **Management groups**, **Subscriptions**, **Resource groups**, or a particular resource.
31
31
32
32
1. Click the specific resource in that scope.
33
33
34
34
The following shows an example resource group.
35
35
36
-
36
+
37
37
38
38
## Step 2: Check access for a user
39
39
@@ -43,23 +43,25 @@ Follow these steps to check the access for a single user, group, service princip
43
43
44
44
The following shows an example of the Access control (IAM) page for a resource group.
45
45
46
-
46
+
47
47
48
-
1. On the **Check access** tab, in the **Find** list, select the user, group, service principal, or managed identity you want to check access for.
48
+
1. On the **Check access** tab, click the **Check access** button.
49
+
50
+
1. In the **Check access** pane, click **User, group, or service principal**.
49
51
50
52
1. In the search box, enter a string to search the directory for display names, email addresses, or object identifiers.
53
55
54
-
1. Click the security principal to open the **assignments** pane.
56
+
1. Click the user to open the **assignments** pane.
55
57
56
-
On this pane, you can see the access for the selected security principal at this scope and inherited to this scope. Assignments at child scopes are not listed. You see the following assignments:
58
+
On this pane, you can see the access for the selected user at this scope and inherited to this scope. Assignments at child scopes are not listed. You see the following assignments:
57
59
58
60
- Role assignments added with Azure RBAC.
59
61
- Deny assignments added using Azure Blueprints or Azure managed apps.
60
62
- Classic Service Administrator or Co-Administrator assignments for classic deployments.
61
63
62
-
64
+
63
65
64
66
## Step 3: Check your access
65
67
@@ -71,7 +73,7 @@ Follow these steps to check your access to the previously selected Azure resourc
71
73
72
74
An assignments pane appears that lists your access at this scope and inherited to this scope. Assignments at child scopes are not listed.
73
75
74
-
76
+
Copy file name to clipboardExpand all lines: articles/role-based-access-control/role-assignments-external-users.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ ms.devlang:
10
10
ms.topic: how-to
11
11
ms.tgt_pltfrm:
12
12
ms.workload: identity
13
-
ms.date: 10/15/2021
13
+
ms.date: 08/26/2022
14
14
ms.author: rolyon
15
15
ms.custom: it-pro,subject-rbac-steps
16
16
@@ -225,7 +225,7 @@ If a guest user has been granted access to a directory, but they do not see the
225
225
226
226
If a guest user has been granted access to a directory, but they do not see the resources they have been granted access to in the Azure portal, make sure the guest user has selected the correct directory. A guest user might have access to multiple directories. To switch directories, in the upper left, click **Settings** > **Directories**, and then click the appropriate directory.
227
227
228
-
228
+
Copy file name to clipboardExpand all lines: articles/role-based-access-control/role-assignments-list-portal.md
+16-16Lines changed: 16 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ manager: amycolannino
7
7
ms.service: role-based-access-control
8
8
ms.topic: how-to
9
9
ms.workload: identity
10
-
ms.date: 11/12/2021
10
+
ms.date: 08/26/2022
11
11
ms.author: rolyon
12
12
---
13
13
@@ -32,7 +32,7 @@ A quick way to see the roles assigned to a user or group in a subscription is to
32
32
33
33
You see a list of roles assigned to the selected user or group at various scopes such as management group, subscription, resource group, or resource. This list includes all role assignments you have permission to read.
34
34
35
-
35
+
36
36
37
37
1. To change the subscription, click the **Subscriptions** list.
38
38
@@ -50,7 +50,7 @@ Users that have been assigned the [Owner](built-in-roles.md#owner) role for a su
50
50
51
51
1. Scroll to the **Owners** section to see all the users that have been assigned the Owner role for this subscription.
52
52
53
-
53
+
54
54
55
55
## List role assignments at a scope
56
56
@@ -62,7 +62,7 @@ Users that have been assigned the [Owner](built-in-roles.md#owner) role for a su
62
62
63
63
1. Click the **Role assignments** tab to view all the role assignments at this scope.
64
64
65
-
65
+
66
66
67
67
On the Role assignments tab, you can see who has access at this scope. Notice that some roles are scoped to **This resource** while others are **(Inherited)** from another scope. Access is either assigned specifically to this resource or inherited from an assignment to the parent scope.
68
68
@@ -76,15 +76,15 @@ To list access for a user, group, service principal, or managed identity, you li
76
76
77
77
1. Click **Access control (IAM)**.
78
78
79
-
1. Click the **Check access** tab.
79
+
80
80
81
-
81
+
1. On the **Check access** tab, click the **Check access** button.
82
82
83
-
1. In the **Find**list, select the user, group, service principal, or managed identity you want to check access for.
83
+
1. In the **Check access**pane, click **User, group, or service principal** or **Managed identity**.
84
84
85
85
1. In the search box, enter a string to search the directory for display names, email addresses, or object identifiers.
110
110
111
111
1. Under **Permissions**, click **Azure role assignments**.
112
112
113
113
You see a list of roles assigned to the selected system-assigned managed identity at various scopes such as management group, subscription, resource group, or resource. This list includes all role assignments you have permission to read.
114
114
115
-
115
+
116
116
117
117
1. To change the subscription, click the **Subscription** list.
118
118
@@ -124,7 +124,7 @@ You can list role assignments for system-assigned and user-assigned managed iden
124
124
125
125
You see a list of roles assigned to the selected user-assigned managed identity at various scopes such as management group, subscription, resource group, or resource. This list includes all role assignments you have permission to read.
126
126
127
-
127
+
128
128
129
129
1. To change the subscription, click the **Subscription** list.
130
130
@@ -134,11 +134,11 @@ You can have up to **2000** role assignments in each subscription. This limit in
134
134
135
135
The role assignments limit for a subscription is currently being increased. For more information, see [Troubleshoot Azure RBAC](troubleshooting.md#limits).
136
136
137
-
137
+
138
138
139
139
If you are getting close to the maximum number and you try to add more role assignments, you'll see a warning in the **Add role assignment** pane. For ways that you can reduce the number of role assignments, see [Troubleshoot Azure RBAC](troubleshooting.md#limits).
140
140
141
-
141
+
142
142
143
143
## Download role assignments
144
144
@@ -160,7 +160,7 @@ Follow these steps to download role assignments at a scope.
160
160
161
161
1. Click **Download role assignments** to open the Download role assignments pane.
162
162
163
-
163
+
164
164
165
165
1. Use the check boxes to select the role assignments you want to include in the downloaded file.
166
166
@@ -176,7 +176,7 @@ Follow these steps to download role assignments at a scope.
176
176
177
177
The following show examples of the output for each file format.
178
178
179
-
179
+
180
180
181
181
@@ -28,7 +28,7 @@ If you need to assign administrator roles in Azure Active Directory, see [Assign
28
28
29
29
[!INCLUDE [Scope for Azure RBAC introduction](../../includes/role-based-access-control/scope-intro.md)] For more information, see [Understand scope](scope-overview.md).
30
30
31
-
31
+
32
32
33
33
1. Sign in to the [Azure portal](https://portal.azure.com).
34
34
@@ -147,7 +147,7 @@ Currently, conditions can be added to built-in or custom role assignments that h
147
147
148
148
[!INCLUDE [Scope for Azure RBAC introduction](../../includes/role-based-access-control/scope-intro.md)] For more information, see [Understand scope](scope-overview.md).
149
149
150
-
150
+
151
151
152
152
1. Sign in to the [Azure portal](https://portal.azure.com).
0 commit comments