In this blog post, we will learn how to create a read-only administrator in Microsoft Azure using PowerShell.
RBAC
To create a read-only administrator using PowerShell, I’ll use the built-in role-based access control reader role to give the user read-only permissions to all the resources in the subscription.
The Process
To complete this task, I will use the following process.
- Find the Reader RBAC role ID using.
- Get Azure subscription list (This is needed to assign the role to the subscription).
- Give Reader permissions to the user.
Simply run the first two commanded to get the Reader and subscription ID and run the 3rd command with the user UPN.
#1 Find Reader role ID
az role definition list --name "Reader"
#2 Get Azure Subscription IDs
az account list --query "[].{name:name, id:id}" --output tsv
#3 Give user read-only permissions
az role assignment create --assignee "USERUPN" --role "Type the Reader role ID for output in #1" --subscription "SUBSCRIPTIONID"
In you need help connecting to Azure using PowerShell visit this blog post.