AZURE CLOUD ENGINEERING

Change Azure Role Assignment of a user

Role assignment can be edited for a user without deleting and re-adding the account. Here is the way to “Update” the role assignment of a user over a subscription.

1. Get the role definition id of the required role to be updated. Select the Role and find it from the jason window  
2. Find the role assignment details of the subscription az role assignment list --subscription <sub id>
3. The output of the above command will show the jason code something like below for the user.

   {
       "canDelegate": null,
       "condition": null,
       "conditionVersion": null,
       "description": null,
       "id": "/subscriptions/id/providers/Microsoft.Authorization/roleAssignments/66b5d81f-1f82-4562-bded-117787a0fc5a",
       "name": "name",
       "principalId": "id",
       "principalName": "manu1@cloudcompute.info",
       "principalType": "User",
       "roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
       "roleDefinitionName": "Owner",
       "scope": "/subscriptions/id",
       "type": "Microsoft.Authorization/roleAssignments"
     }

4. Copy the details and edit the following lines. Update the role definition id from the step1, change the definition name as ‘Owner.’

   "roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
   "roleDefinitionName": "Owner",

5. Save the json file with the changes as assignment.json

6. Run the following command to edit the role assignment value of the user az role assignment update --role-assignment assignment.json

Verify that the changes are reflected for the user from the portal or running the cli command in step2