In this blog post, we are going to show how to create a read-only Azure Administrator account using Azure CLI.
A read-only administrator is a user or group that has the ability to view Azure resources but does not have the ability to modify or delete them. This type of administrator can be useful for security and compliance purposes, as well as for auditing and monitoring.
Create Read-Only Administrator
The code below shows all steps that are needed to log in to Azure, create a user and assign the user read-only permissions to the entire subscription.
# This line logs you into your Azure account using the device code authentication method
az login --use-device-code
# This line lists all Azure accounts associated with your login credentials in a table format
az account list --output table
# This line creates a new Azure Active Directory (AD) user with the given display name and user principal name
az ad user create --display-name "Name (Read Only)" --password "password" --user-principal-name "firstname.lastname@example.org"
# This line assigns the "Reader" role to the previously created user at the given subscription scope
az role assignment create --assignee "email@example.com" --role "Reader" --scope /subscriptions/subscriptionid