Create a Read-Only Administrator in Azure With PowerShell

In this blog post, we will learn how to create a read-only administrator in Microsoft Azure using PowerShell.


To create a read-only administrator using PowerShell, I’ll use the built-in role-based access control reader role to give the user read-only permissions to all the resources in the subscription.

The Process

To complete this task, I will use the following process.

  • Find the Reader RBAC role ID using.
  • Get Azure subscription list (This is needed to assign the role to the subscription).
  • Give Reader permissions to the user.

Simply run the first two commanded to get the Reader and subscription ID and run the 3rd command with the user UPN.

#1 Find Reader role ID
az role definition list --name "Reader"

#2 Get Azure Subscription IDs
az account list --query "[].{name:name, id:id}" --output tsv

#3 Give user read-only permissions 
az role assignment create --assignee "USERUPN" --role "Type the Reader role ID for output in #1" --subscription "SUBSCRIPTIONID"

In you need help connecting to Azure using PowerShell visit this blog post.