Difference between various contributor roles available in Azure and how to use it effectively?
There are different type of contributor roles in Azure. If I'm giving "contributor" role at resource group level, and that resouce group has SQL Server, Storage and other resources as well.
Is it that, someone having "contributor" role to the resource group level can perform activities same as "storage account contributor"( for the given perticuler storage) and "SQL Server contributor"( for the given perticuler SQL server ) in that perticuler resource group? So that, I don't have to give any other contributor roles? My intention is here not to duplicate the roles and I can just give "contributor" role at resouce group level once and people can perform other available contributor tasks ( on storage or on SQL server) using main "contributor" role given.
Thanks.
Yes, you are on the right path. Assigning
Contributorrole at the resource group level can perform activities same as "Storage account Contributor"( for the given particular storage) and "SQL Server contributor"( for the given particular SQL server ) in that particular resource group.
Please note that, Contributor role at resource group can give access to manage any resource whereas Storage Account Contributor can give access to manage the specific resource (storage accounts).
I tested the same scenario in my environment and got the below results:
I assigned only Contributor role to a user at resource group level like below:
The user is able to create storage account successfully like below without having Storage Account Contributor role (having only Contributor role).
For more information, please refer below links:
Can Contributor role in Azure see the data of resources like DB, DWH & blobs? - Stack Overflow
Classic subscription administrator roles, Azure roles, and Azure AD roles | Microsoft Docs
- VM has reported a failure when processing extension AzureDiskEncryption
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Trigger / queue build policy pipeline on ADO PR with Azure CLI
- Azure AD B2C Password Reset
- Batch create mailbox folders with GRAPH API (from Graph Explorer)
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How can I apply name=value tags to service principals in Azure?
- Visual Studio Code: Could not find $web blob container for storage account
- Error when registering data factory integration runtime on windows VM
- Retrieve list of repositories and their tag versions in one call
- Getting Error while running Azure DevOps Pipeline "Error: building account: could not acquire access token to parse claims: clientCredentialsToken
- Create Resource Group with Azure Management C# API
- Azure LDAP Authentication Connection Refused On Cloud Server or Other Desktops
- Create a gpu nodepool on azure with a student account
- How to set redirect URLs to b2clogin.com for Azure Active Directory B2C in React JS application
- Cannot connect to SQL Server from logic app
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- How do I open Kudu console in Azure functions consumption plan?
- Azure AutoML Image Classification Job
- Onedrive GRAPH API - 403 when getting user's OneDrive
- Azure Government Get incidents returns 401 Forbidden
- Delta Table Partitioning - why only for tables bigger than 1 TB
- How to check if an Azure storage queue has messages
- Azure WAF exclusion, what's the difference between RequestArgNames and RequestArgValues?
- How to order results of a query by the results of an aggregate function in ComosDb?
- Azure routing between different subscriptions - force one, common outbound IP and share Site-to-site (IPSec) defined in Virtual network gateway
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- Azure DevOps - Create a work item from incoming email
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?