You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/deployment-environments/concept-deployment-environments-role-based-access-control.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -84,7 +84,7 @@ To grant users permission to manage Azure Deployment Environments within your or
84
84
85
85
Assign these roles to the *resource group*. The dev center and projects within the resource group inherit these role assignments. Environment types inherit role assignments through projects.
86
86
87
-
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-administrator-scopes.png" alt-text="Diagram that shows the administrator role assignments at the subscription for Azure Deployment Environments":::
87
+
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-administrator-scopes.png" alt-text="Diagram that shows the administrator role assignments at the subscription for Azure Deployment Environments.":::
88
88
89
89
### Owner role
90
90
@@ -106,19 +106,19 @@ Assign the Contributor role to give a user full control to create or manage dev
106
106
107
107
### Custom role
108
108
109
-
To create a project-level environment type in Deployment Environments, you must assign the Owner role or the User Access Administrator role, for the subscription that is being mapped in the environment type in the project. Alternatively, to avoid assigning broad permissions at the subscription level, you can create and assign a custom role that applies Write permissions. Apply the cuustom role at the subscription that is being mapped in the environment type in the project.
109
+
To create a project-level environment type in Deployment Environments, you must assign the Owner role or the User Access Administrator role, for the subscription that is being mapped in the environment type in the project. Alternatively, to avoid assigning broad permissions at the subscription level, you can create and assign a custom role that applies Write permissions. Apply the custom role at the subscription that is being mapped in the environment type in the project.
110
110
111
111
To learn how to Create a custom role with *Microsoft.Authorization/roleAssignments/write* and assign it at subscription level, see: [Create a custom role](/azure/role-based-access-control/custom-roles-portal).
112
112
113
-
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-custom-scopes.png" alt-text="Diagram that shows the custom role assignment at the subscription for Azure Deployment Environments":::
113
+
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-custom-scopes.png" alt-text="Diagram that shows the custom role assignment at the subscription for Azure Deployment Environments.":::
114
114
115
115
In addition to the custom role, the user must be assigned the Owner, Contributor, or Project Admin role on the project where the environment type is created.
116
116
117
117
## Dev Manager roles
118
118
119
119
These roles have more restricted permissions at lower-level scopes than the platform engineer roles. You can assign these roles to developer teams to enable them to perform administrative tasks for their team.
120
120
121
-
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-project-scopes.png" alt-text="Diagram that shows the dev manager role assignment at the project level scopes for Azure Deployment Environments":::
121
+
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-project-scopes.png" alt-text="Diagram that shows the dev manager role assignment at the project level scopes for Azure Deployment Environments.":::
122
122
123
123
124
124
### DevCenter Project Admin role
@@ -135,7 +135,7 @@ The DevCenter Project Admin is the most powerful of the Dev Manager roles. Assig
135
135
136
136
These roles give developers the permissions they require to view, create, and manage environments.
137
137
138
-
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-user-scopes.png" alt-text="Diagram that shows the user role assignments at the project for Azure Deployment Environments":::
138
+
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-user-scopes.png" alt-text="Diagram that shows the user role assignments at the project for Azure Deployment Environments.":::
139
139
140
140
### Deployment Environments User
141
141
@@ -158,7 +158,7 @@ When a developer creates an environment based on an environment type, they're as
158
158
159
159
The **Access control (IAM)** page in the Azure portal is used to configure Azure role-based access control on Azure Deployment Environments resources. You can use built-in roles for individuals and groups in Active Directory. The following screenshot shows Active Directory integration (Azure RBAC) using access control (IAM) in the Azure portal:
160
160
161
-
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/iam-page.png" alt-text="Screenshot that shows the Access control (IAM) page for a dev center":::
161
+
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/access-control-page.png" alt-text="Screenshot that shows the Access control (IAM) page for a dev center.":::
162
162
163
163
For detailed steps, see [Assign Azure roles using the Azure portal](/azure/role-based-access-control/role-assignments-portal).
0 commit comments