Azurecloud~30 mins

Built-in roles (Owner, Contributor, Reader) in Azure - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Assign Azure Built-in Roles to Users

📖 Scenario: You are managing access to an Azure subscription for a small team. You need to assign built-in roles to team members so they have the right permissions to work on resources.The three main roles are Owner, Contributor, and Reader. Each role gives different levels of access.

🎯 Goal: Assign the built-in Azure roles Owner, Contributor, and Reader to specific users by creating role assignment configurations.

📋 What You'll Learn

Create a dictionary with users and their assigned roles

Add a variable for the Azure subscription ID

Write a loop to generate role assignment objects for each user

Complete the role assignment configuration with the subscription scope

💡 Why This Matters

🌍 Real World

Assigning built-in roles is a common task when managing Azure subscriptions to control who can do what with cloud resources.

💼 Career

Understanding role assignments is essential for cloud administrators and engineers to secure and manage access in Azure environments.

Progress0 / 4 steps

Create a dictionary of users and their roles

Create a dictionary called user_roles with these exact entries: 'alice@example.com': 'Owner', 'bob@example.com': 'Contributor', 'carol@example.com': 'Reader'.

Azure

# Create the user_roles dictionary with exact entries
# Your code here

Need a hint?

Use curly braces to create a dictionary. Each key is a user email string, and each value is a role string.

Add the Azure subscription ID variable

Create a variable called subscription_id and set it to the string '12345678-1234-1234-1234-123456789abc'.

Azure

user_roles = {
    'alice@example.com': 'Owner',
    'bob@example.com': 'Contributor',
    'carol@example.com': 'Reader'
}

# Create the subscription_id variable with the exact string
# Your code here

Need a hint?

Assign the subscription ID as a string to the variable subscription_id.

Generate role assignment objects for each user

Create a list called role_assignments that contains dictionaries for each user. Use a for loop with variables user and role to iterate over user_roles.items(). Each dictionary should have keys 'user' and 'role' with the corresponding values.

Azure

user_roles = {
    'alice@example.com': 'Owner',
    'bob@example.com': 'Contributor',
    'carol@example.com': 'Reader'
}

subscription_id = '12345678-1234-1234-1234-123456789abc'

# Create role_assignments list with dictionaries for each user and role
# Your code here

Need a hint?

Start with an empty list. Use a for loop to add a dictionary for each user and role.

Complete role assignment configuration with subscription scope

Add a new key 'scope' to each dictionary in role_assignments with the value f"/subscriptions/{subscription_id}". Use a for loop with variable assignment to iterate over role_assignments and update each dictionary.

Azure

user_roles = {
    'alice@example.com': 'Owner',
    'bob@example.com': 'Contributor',
    'carol@example.com': 'Reader'
}

subscription_id = '12345678-1234-1234-1234-123456789abc'

role_assignments = []
for user, role in user_roles.items():
    role_assignments.append({'user': user, 'role': role})

# Add 'scope' key to each assignment with subscription scope
# Your code here

Need a hint?

Use a for loop to add the scope key with the subscription path to each dictionary.