You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -65,12 +65,24 @@ If you're using an ARM template or the Azure CLI, you'll need the Principal ID (
65
65
- Azure portal: Go to **Azure Active Directory** and search for your Automanage Account by name. Under **Enterprise Applications**, select the Automanage Account name when it appears.
66
66
67
67
### Azure portal
68
+
68
69
1. Under **Subscriptions**, go to the subscription that contains your automanaged VMs.
69
-
1. Go to **Access control (IAM)**.
70
-
1. Select **Add role assignments**.
71
-
1. Select the **Contributor** role and enter the name of your Automanage Account.
72
-
1. Select **Save**.
73
-
1. Repeat steps 3 through 5, this time with the **Resource Policy Contributor** role.
70
+
71
+
1. Select **Access control (IAM)**.
72
+
73
+
1. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
74
+
75
+
1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
76
+
77
+
| Setting | Value |
78
+
| --- | --- |
79
+
| Role | Contributor |
80
+
| Assign access to | User, group, or service principal |
81
+
| Members |\<Name of your Automanage account> |
82
+
83
+
84
+
85
+
1. Repeat steps 2 through 4, selecting the **Resource Policy Contributor** role.
74
86
75
87
### ARM template
76
88
Run the following ARM template. You'll need the Principal ID of your Automanage Account. The steps to get it are at the start of this section. Enter the ID when you're prompted.
#Customer intent: As an administrator, I want to understand permissions so that I use the least necessary set of permissions.
10
10
---
11
11
@@ -328,42 +328,26 @@ The following section shows you how to configure Azure RBAC on your Automation a
328
328
329
329
### Configure Azure RBAC using the Azure portal
330
330
331
-
1. Log in to the [Azure portal](https://portal.azure.com/) and open your Automation account from the Automation Accounts page.
332
-
2. Click on **Access control (IAM)** to open the Access control (IAM) page. You can use this page to add new users, groups, and applications to manage your Automation account and view existing roles that are configurable for the Automation account.
333
-
3. Click the **Role assignments** tab.
331
+
1. Sign in to the [Azure portal](https://portal.azure.com/) and open your Automation account from the **Automation Accounts** page.
1. Select **Access control (IAM)** and select a role from the list of available roles. You can choose any of the available built-in roles that an Automation account supports or any custom role you might have defined. Assign the role to a user to which you want to give permissions.
336
334
337
-
#### Add a new user and assign a role
335
+
For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.md).
338
336
339
-
1. From the Access control (IAM) page, click **+ Add role assignment**. This action opens the Add role assignment page where you can add a user, group, or application, and assign a corresponding role.
340
-
341
-
2. Select a role from the list of available roles. You can choose any of the available built-in roles that an Automation account supports or any custom role you may have defined.
342
-
343
-
3. Type the name of the user that you want to give permissions to in the **Select** field. Choose the user from the list and click **Save**.
You can also assign a role to the user from the Roles page.
337
+
> [!NOTE]
338
+
> You can only set role-based access control at the Automation account scope and not at any resource below the Automation account.
352
339
353
-
4. Click **Roles** from the Access control (IAM) page to open the Roles page. You can view the name of the role and the number of users and groups assigned to that role.
340
+
#### Remove role assignments from a user
354
341
355
-
342
+
You can remove the access permission for a user who isn't managing the Automation account, or who no longer works for the organization. The following steps show how to remove the role assignments from a user. For detailed steps, see [Remove Azure role assignments](../../articles/role-based-access-control/role-assignments-remove.md):
356
343
357
-
> [!NOTE]
358
-
> You can only set role-based access control at the Automation account scope and not at any resource below the Automation account.
344
+
1. Open **Access control (IAM)** at a scope, such as management group, subscription, resource group, or resource, where you want to remove access.
359
345
360
-
#### Remove a user
346
+
1. Select the **Role assignments** tab to view all the role assignments at this scope.
361
347
362
-
You can remove the access permission for a user who isn't managing the Automation account, or who no longer works for the organization. Following are the steps to remove a user:
348
+
1. In the list of role assignments, add a checkmark next to the user with the role assignment you want to remove.
363
349
364
-
1. From the Access control (IAM) page, select the user to remove and click **Remove**.
365
-
2. Click the **Remove** button in the assignment details pane.
Copy file name to clipboardExpand all lines: articles/azure-functions/start-stop-vms/deploy.md
+13-6Lines changed: 13 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,6 +5,7 @@ services: azure-functions
5
5
ms.subservice: start-stop-vms
6
6
ms.date: 06/25/2021
7
7
ms.topic: conceptual
8
+
ms.custon: subject-rbac-steps
8
9
---
9
10
10
11
# Deploy Start/Stop VMs v2 (preview)
@@ -61,17 +62,23 @@ To simplify management and removal, we recommend you deploy Start/Stop VMs v2 (p
61
62
62
63
After the Start/Stop deployment completes, perform the following steps to enable Start/Stop VMs v2 (preview) to take action across multiple subscriptions.
63
64
64
-
1. Copy the value for the Azure Function App Name that you specified during the deployment.
65
+
1. Copy the value for the Azure Function App name that you specified during the deployment.
65
66
66
-
1. In the portal, navigate to your secondary subscription. Select the subscription, and then select **Access Control (IAM)**
67
+
1. In the Azure portal, navigate to your secondary subscription.
67
68
68
-
1. Select **Add** and then select **Add role assignment**.
69
+
1. Select **Access control (IAM)**.
69
70
70
-
1. Select the **Contributor** role from the **Role**drop down list.
71
+
1. Select **Add**> **Add role assignment** to open the **Add role assignment**page.
71
72
72
-
1.Enter the Azure Function Application Name in the **Select** field. Select the function name in the results.
73
+
1.Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../../role-based-access-control/role-assignments-portal.md).
73
74
74
-
1. Select **Save** to commit your changes.
75
+
| Setting | Value |
76
+
| --- | --- |
77
+
| Role | Contributor |
78
+
| Assign access to | User, group, or service principal |
79
+
| Members |\<Your Azure Function App name> |
80
+
81
+
0 commit comments