Change Azure Role Assignment of a user
Role assignment can be edited for a user without deleting and re-adding the account. Here is the way to “Update” the role assignment of a user over a subscription.
- Get the role definition id of the required role to be updated. Select the Role and find it from the jason window
- Find the role assignment details of the subscription
az role assignment list --subscription <sub id>
- The output of the above command will show the jason code something like below for the user.
{
"canDelegate": null,
"condition": null,
"conditionVersion": null,
"description": null,
"id": "/subscriptions/id/providers/Microsoft.Authorization/roleAssignments/66b5d81f-1f82-4562-bded-117787a0fc5a",
"name": "name",
"principalId": "id",
"principalName": "manu1@cloudcompute.info",
"principalType": "User",
"roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"roleDefinitionName": "Owner",
"scope": "/subscriptions/id",
"type": "Microsoft.Authorization/roleAssignments"
}
4. Copy the details and edit the following lines. Update the role definition id from the step1, change the definition name as ‘Owner.’
"roleDefinitionId": "/subscriptions/id/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"roleDefinitionName": "Owner",
5. Save the json file with the changes as assignment.json
6. Run the following command to edit the role assignment value of the user az role assignment update --role-assignment assignment.json
Verify that the changes are reflected for the user from the portal or running the cli command in step2
No responses yet