azureazure-active-directoryazure-virtual-machinerbacazure-management-portal

Azure Permission - needed for creating resource group - RBAC


I have assigned with Owner role to a resource group. I am unable to create a new resource group.

For creating a resource group whether I need owner/contributor role to subscription?

And When a user is assigned with Owner and Reader role, which role controls the user access?


Solution

  • I have assigned with Owner role to a resource group. I unable to create new resource group.

    It is a by design behavior because the owner permission works for that resource group, not for the subscription.

    If you want to grant create resource group permission to that account, we can set it here:

    enter image description here

    Grant the owner permission of this subscription to that account, in this way that account will have permission to create new resource group.

    Note: If we grant owner permission of this subscription to that account, that account will get all permission of all resource group.