You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: azure-local/manage/assign-vm-rbac-roles.md
+10-13Lines changed: 10 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: alkohli
5
5
ms.author: alkohli
6
6
ms.topic: how-to
7
7
ms.service: azure-stack-hci
8
-
ms.date: 10/24/2024
8
+
ms.date: 11/15/2024
9
9
---
10
10
11
11
# Use Role-based Access Control to manage Azure Local virtual machines
@@ -16,25 +16,22 @@ This article describes how to use the Role-based Access Control (RBAC) to contro
16
16
17
17
You can use the builtin RBAC roles to control access to VMs and VM resources such as virtual disks, network interfaces, VM images, logical networks and storage paths. You can assign these roles to users, groups, service principals and managed identities.
To control access to VMs and VM resources on Azure Local, you can use the following RBAC roles:
25
22
26
-
-**Azure Local Administrator** - This role grants full access to your Azure Local instance and its resources. An Azure Local administrator can register the system as well as assign Azure Local VM contributor and Azure Local VM reader roles to other users. They can also create shared resources such as logical networks, VM images, and storage paths.
27
-
-**Azure Local VM Contributor** - This role grants permissions to perform all VM actions such as start, stop, restart the VMs. An Azure Local VM Contributor can create and delete VMs, as well as the resources and extensions attached to VMs. An Azure Local VM Contributor can't register the system or assign roles to other users, nor create system-shared resources such as logical networks, VM images, and storage paths.
28
-
-**Azure Local VM Reader** - This role grants permissions to only view the VMs. A VM reader can't perform any actions on the VMs or VM resources and extensions.
23
+
-**Azure Stack HCI Administrator** - This role grants full access to your Azure Local instance and its resources. An Azure Stack HCI administrator can register the system as well as assign Azure Stack HCI VM contributor and Azure Stack HCI VM reader roles to other users. They can also create shared resources such as logical networks, VM images, and storage paths.
24
+
-**Azure Stack HCI VM Contributor** - This role grants permissions to perform all VM actions such as start, stop, restart the VMs. An Azure Stack HCI VM Contributor can create and delete VMs, as well as the resources and extensions attached to VMs. An Azure Stack HCI VM Contributor can't register the system or assign roles to other users, nor create system-shared resources such as logical networks, VM images, and storage paths.
25
+
-**Azure Stack HCI VM Reader** - This role grants permissions to only view the VMs. A VM reader can't perform any actions on the VMs or VM resources and extensions.
29
26
30
27
Here's a table that describes the VM actions granted by each role for the VMs and the various VM resources. The VM resources are referred to resources required to create a VM and include virtual disks, network interfaces, VM images, logical networks, and storage paths:
31
28
32
29
33
30
| Builtin role | VMs | VM resources |
34
31
|--|--|--|
35
-
| Azure Local Administrator | Create, list, delete VMs<br><br> Start, stop, restart VMs | Create, list, delete all VM resources including logical networks, VM images, and storage paths |
36
-
| Azure Local VM Contributor | Create, list, delete VMs<br><br> Start, stop, restart VMs | Create, list, delete all VM resources except logical networks, VM images, and storage paths |
37
-
| Azure Local VM Reader | List all VMs | List all VM resources |
32
+
| Azure Stack HCI Administrator | Create, list, delete VMs<br><br> Start, stop, restart VMs | Create, list, delete all VM resources including logical networks, VM images, and storage paths |
33
+
| Azure Stack HCI VM Contributor | Create, list, delete VMs<br><br> Start, stop, restart VMs | Create, list, delete all VM resources except logical networks, VM images, and storage paths |
34
+
| Azure Stack HCI VM Reader | List all VMs | List all VM resources |
38
35
39
36
40
37
## Prerequisites
@@ -60,9 +57,9 @@ You can assign RBAC roles to user via the Azure portal. Follow these steps to as
60
57
61
58
1. On the **Role** tab, select an RBAC role to assign and choose from one of the following builtin roles:
62
59
63
-
-**Azure Local Administrator**
64
-
-**Azure Local VM Contributor**
65
-
-**Azure Local VM Reader**
60
+
-**Azure Stack HCI Administrator**
61
+
-**Azure Stack HCI VM Contributor**
62
+
-**Azure Stack HCI VM Reader**
66
63
67
64
:::image type="content" source="./media/assign-vm-rbac-roles/add-role-assignment-2.png" alt-text="Screenshot showing Role tab during RBAC role assignment in Azure portal for your Azure Local instance." lightbox="./media/assign-vm-rbac-roles/add-role-assignment-2.png":::
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments