Good day, folks! I have an Azure subscription and it has multiple resources created, like App Services, Databases, Key Vault, Storage, account, etc I want only a few people to see the full resources, for the rest of the team, I don't want all the resources to be seen. For example -
I tried this link https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json But, did not get it. Am I looking in the right direction?
I was in a similar situation. I had a team in Atlanta, Georgia and one team in Bangalore, India. So, Team B has to see all the resources but Team A had to see only the new or selective resources.
Now there could be multiple ways to do this, but this is what I did. You can try the same. (Make sure you're owner and has the appropriate access)
Go to Subscriptions -> Select your Subscription
Got to IAM
Go to Roles
Click on Add -> Add a Custom role
Give it a name and fill the Description
You can create a JSON or Start from Scratch
In the JSON file, add these properties
properties": { "roleName": "NoAccess_SubscriptionLevel", "description": "", "assignableScopes": [ "/subscriptions/your_subscription" ], "permissions": [ { "actions": [], "notActions": [ "" ], "dataActions": [], "notDataActions": [ "" ] } ] }
Save it
Now, whenever you add a new person/teammate, at first assign them this role. No moderator, no owner, no contributor, nothing!
Go to resource group -> create a new RG -> IAM -> Assign the access here to the new user.
Now, whatever you create in this Resource Group, only that would be visible to the new user.
Disclaimer : This is how I controlled the access. Now, there could be multiple ways to do this but this is is what I did and will save you some time unless there is a better solution.