Process Flow - Built-in roles (Owner, Contributor, Reader)
Assign Role to User
Check Role Type
Owner
Full Control
Access Granted Based on Role
Assign a built-in role to a user, then the system checks the role type and grants permissions accordingly.
0
0
Built-in roles (Owner, Contributor, Reader) in Azure - Step-by-Step Execution
Execution Sample
Azure
AssignRole(user, role) CheckRoleType(role) GrantPermissions(user, permissions)
Assigns a built-in role to a user and grants permissions based on the role type.
Process Table
| Step | Action | Input | Role Type | Permissions Granted |
|---|---|---|---|---|
| 1 | Assign role to user | User: Alice, Role: Owner | Owner | Full control over resources |
| 2 | Assign role to user | User: Bob, Role: Contributor | Contributor | Can create, manage, and delete resources |
| 3 | Assign role to user | User: Carol, Role: Reader | Reader | Can view resources only |
| 4 | Check role type for Dave | User: Dave, Role: Unknown | None | No permissions granted |
| 5 | End | No more assignments | - | - |
💡 All role assignments processed; users have permissions based on their roles.
Status Tracker
| Variable | Start | After Step 1 | After Step 2 | After Step 3 | After Step 4 | Final |
|---|---|---|---|---|---|---|
| User | None | Alice | Bob | Carol | Dave | All users assigned |
| Role | None | Owner | Contributor | Reader | Unknown | Roles assigned or unknown |
| Permissions | None | Full control | Modify resources | View only | None | Permissions set per user |
Key Moments - 3 Insights
Why does the Reader role only allow viewing and not modifying resources?
Because the Reader role is designed with view-only permissions, as shown in execution_table row 3, it grants no rights to change resources.
What happens if a user is assigned a role that is not recognized?
As seen in execution_table row 4, if the role is unknown, no permissions are granted to the user.
Can a Contributor delete resources like an Owner?
Yes, Contributors can create, manage, and delete resources; Owners have full control including managing access (assigning roles), as shown in execution_table rows 1 and 2.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what permissions does Bob have after step 2?
💡 Hint
Check the 'Permissions Granted' column in row 2 of the execution_table.
At which step does a user get no permissions due to an unknown role?
💡 Hint
Look at the 'Role Type' and 'Permissions Granted' columns in the execution_table.
If Carol was assigned the Contributor role instead of Reader, how would her permissions change?
💡 Hint
Compare permissions for Contributor and Reader roles in the execution_table rows 2 and 3.
Concept Snapshot
Built-in roles control access in Azure: - Owner: Full control, including managing access - Contributor: Can create and manage resources but not assign roles - Reader: Can only view resources Assign roles to users to grant permissions accordingly.
Full Transcript
This visual execution shows how Azure built-in roles Owner, Contributor, and Reader grant different permissions to users. When a role is assigned, the system checks the role type and grants permissions: Owner has full control, Contributor can create and manage resources, and Reader can only view. If a role is unknown, no permissions are granted. The execution table tracks each step of role assignment and permission granting, while the variable tracker shows how user, role, and permissions change over time. Key moments clarify common confusions about role capabilities. The quiz tests understanding by referencing the execution steps and permissions.