You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/managed-identities-azure-resources/how-manage-user-assigned-managed-identities.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,16 +9,14 @@ ms.service: active-directory
9
9
ms.subservice: msi
10
10
ms.topic: how-to
11
11
ms.workload: identity
12
-
ms.date: 02/18/2022
12
+
ms.date: 03/04/2022
13
13
ms.author: barclayn
14
14
ms.custom: devx-track-azurecli
15
15
zone_pivot_groups: identity-mi-methods
16
16
---
17
17
18
18
# Manage user-assigned managed identities
19
19
20
-
21
-
22
20
Managed identities for Azure resources eliminate the need to manage credentials in code. You can use them to get an Azure Active Directory (Azure AD) token for your applications. The applications can use the token when accessing resources that support Azure AD authentication. Azure manages the identity so you don't have to.
23
21
24
22
There are two types of managed identities: system-assigned and user-assigned. System-assigned managed identities have their lifecycle tied to the resource that created them. User-assigned managed identities can be used on multiple resources. To learn more about managed identities, see [What are managed identities for Azure resources?](overview.md).
@@ -76,13 +74,13 @@ Deleting a user-assigned identity doesn't remove it from the VM or resource it w
76
74
77
75
:::image type="content" source="media/how-manage-user-assigned-managed-identities/delete-user-assigned-managed-identity-portal.png" alt-text="Screenshot that shows the Delete user-assigned managed identities.":::
78
76
79
-
## Assign a role to a user-assigned managed identity
77
+
## Manage access to user-assigned managed identities
80
78
81
-
To assign a role to a user-assigned managed identity, your account needs the [User Access Administrator](../../role-based-access-control/built-in-roles.md#user-access-administrator) role assignment.
79
+
In some environments, administrators choose to limit who can manage user-assigned managed identities. You do this by using [built-in](../../role-based-access-control/built-in-roles.md#identity) RBAC roles. You can use these roles to grant a user or group in your organization rights over a user-assigned managed identity.
82
80
83
81
1. Sign in to the [Azure portal](https://portal.azure.com).
84
82
1. In the search box, enter **Managed Identities**. Under **Services**, select **Managed Identities**.
85
-
1. A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to assign a role.
83
+
1. A list of the user-assigned managed identities for your subscription is returned. Select the user-assigned managed identity that you want to manage.
86
84
1. Select **Azure role assignments**, and then select **Add role assignment**.
87
85
1. In the **Add role assignment** pane, configure the following values, and then select **Save**:
88
86
-**Role**: The role to assign.
@@ -91,6 +89,8 @@ To assign a role to a user-assigned managed identity, your account needs the [Us
91
89
92
90
93
91
92
+
>[!NOTE]
93
+
>You can information on assigning roles to managed identities in [Assign a managed identity access to a resource by using the Azure portal](../../role-based-access-control/role-assignments-portal-managed-identity.md)
0 commit comments