Assigning Azure Permissions for Dynamic Permissioning
    • PDF

    Assigning Azure Permissions for Dynamic Permissioning

    • PDF

    Article summary

    Within Azure, there are management groups and subscriptions. To read them, you need to assign Azure permissions to the tenant root group.


    Perform the following steps to assign Azure permissions at the Tenant Root Group:

    1. Login to Azure with administrator privileges. 
    2. From the Home page, select Management groups.
    3. Click on Tenant Root Group from the list.
    4. Click Access control (IAM) from the navigation menu.
    5. Click Role assignments tab. 
    6. Click Add -> Add custom role
    7. Enter the role name as Britive-Integration-Role in Custom role name
    8. Click Next.
    9. Click +Add permissions
    10. Search for Microsoft Authorization
    11. Click the Microsoft Authorization tile.
    12. Select the following permissions from the displayed list:
      • Read: Get Role Assignment 
      • Write: Create Role Assignment 
      • Delete: Delete Role Assignment
    13. Click Add
    14. Click Next
    15. Click Add assignable scopes
    16. Select all the subscriptions and resource groups under the subscriptions. 
    17. Click Add
    18. Click Next
    19. Click Edit
    20. Under permissions > actions, add the following permission: "*/read",
    21. Click Save. A message is displayed that the role assignment is being added.
    22. Click Next
    23. Review the role settings and click Create
    24. Click the Role Assignments tab.  
    25. Click Add
    26. Click Add Role Assignment
    27. Select the role created above (Britive-Integration-Role).  
    28. Select Britive from the “select” field. 
    29. Click Save.

    The new role assignment is visible from the Role Assignments tab.

    For more information about assigning Azure permissions, see Create or update Azure custom roles using the Azure portal.




    Was this article helpful?