In this blog post, we will show you how to assign read-only permission to an Azure subscription using Azure CLI
Managing cloud resources can be a complex task, especially when multiple users and teams are involved. As an Azure administrator, you need to ensure that your colleagues and partners have the right level of access to Azure resources without compromising security or compliance. One common scenario is granting read-only permission to an Azure subscription, which allows users to view but not modify resources
Create a Read-Only Administrator
To get started, log in to Azure using the Azure CLI commands below.
# Login to Azure using device code authentication az login --use-device-code
To assign permissions, we need the subscription ID of the subscription to which the read-only user will have access. The command below will list all the subscription IDs.
# List all the Azure subscriptions associated with the logged in account in a table format az account list --output table
Use the command below to first create a user, if the user already exists, you can skip this step.
# Create a new user in Azure Active Directory with display az ad user create --display-name "User (Read Only)" --password "setpassword" --user-principal-name "email@example.com"
Assign Reader permissions to the user using the command below.
# Assign the "Reader" role to the user az role assignment create --assignee "firstname.lastname@example.org" --role "Reader" --scope /subscriptions/subscription-id