You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/deployment-environments/concept-deployment-environments-role-based-access-control.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,9 +17,7 @@ This article describes the different built-in roles that Azure Deployment Enviro
17
17
18
18
Azure role-based access control (RBAC) specifies built-in role definitions that outline the permissions to be applied. You assign a user or group this role definition via a role assignment for a particular scope. The scope can be an individual resource, a resource group, or across the subscription. In the next section, you learn which built-in roles Azure Deployment Environments supports.
19
19
20
-
For more information, see [What is Azure role-based access control (Azure RBAC)?](/azure/role-based-access-control/overview.md)
21
-
22
-
20
+
For more information, see [What is Azure role-based access control (Azure RBAC)?](/azure/role-based-access-control/overview)
23
21
24
22
> [!NOTE]
25
23
> When you make role assignment changes, it can take a few minutes for these updates to propagate.
@@ -67,8 +65,8 @@ The following table shows common Deployment Environments activities and the role
67
65
|**Activity**|**Role type**|**Role**|**Scope**|
68
66
|---|---|---|---|
69
67
| Grant permission to create a resource group. | Platform engineer | Owner or Contributor | Subscription |
70
-
| Grant permission to submit a Microsoft support ticket, including to [request a quota limit increase](how-to-request-quota-increase.md). | Platform engineer | Owner, Contributor, Support Request Contributor | Subscription |
71
-
| Grant permission to create environment types in a project. | Platform engineer |[Custom role](/azure/role-based-access-control/custom-roles-portal.md): Microsoft.Authorization/roleAssignments/write </br></br> Owner, Contributor, or Project Admin | Subscription </br></br></br> Project|
68
+
| Grant permission to submit a Microsoft support ticket, including to [request a quota limit increase](how-to-request-quota-increase). | Platform engineer | Owner, Contributor, Support Request Contributor | Subscription |
69
+
| Grant permission to create environment types in a project. | Platform engineer |[Custom role](/azure/role-based-access-control/custom-roles-portal): Microsoft.Authorization/roleAssignments/write </br></br> Owner, Contributor, or Project Admin | Subscription </br></br></br> Project|
72
70
| Grant permission to assign roles to other users. | Platform engineer | Owner | Resource group |
73
71
| Grant permission to: </br>- Create / manage dev centers and projects.</br>- Attach / detach catalog to a dev center or project.</br>- Add, sync, remove catalog (project-level catalogs must be enabled on the dev center).</br>- Configure expiry date and time to trigger automatic deletion.</br>- Update & delete environment types.</br>- Delete environments.| Platform engineer | Owner, Contributor | Resource group |
74
72
| Grant permission to enable / disable project catalogs. | Dev Manager | Owner, Contributor | Dev center |
@@ -110,7 +108,7 @@ Assign the Contributor role to give a user full control to create or manage dev
110
108
111
109
To create a project-level environment type in Deployment Environments, you must assign the Owner role or the User Access Administrator role, for the subscription that is being mapped in the environment type in the project. Alternatively, to avoid assigning broad permissions at the subscription level, you can create and assign a custom role that applies Write permissions. Apply the cuustom role at the subscription that is being mapped in the environment type in the project.
112
110
113
-
To learn how to Create a custom role with *Microsoft.Authorization/roleAssignments/write* and assign it at subscription level, see: [Create a custom role](/azure/role-based-access-control/custom-roles-portal.md).
111
+
To learn how to Create a custom role with *Microsoft.Authorization/roleAssignments/write* and assign it at subscription level, see: [Create a custom role](/azure/role-based-access-control/custom-roles-portal).
114
112
115
113
:::image type="icon" source="media/concept-deployment-environments-role-based-access-control/deployment-environments-custom-scopes.png" alt-text="Diagram that shows the custom role assignment at the subscription for Azure Deployment Environments":::
0 commit comments