0
0
AzureHow-ToBeginner · 3 min read

How to Assign Role in Azure: Step-by-Step Guide

To assign a role in Azure, use the az role assignment create command with parameters for --assignee, --role, and --scope. This command grants the specified user or service principal the chosen role at the defined scope.
📐

Syntax

The basic syntax to assign a role in Azure using Azure CLI is:

  • az role assignment create: Command to create a role assignment.
  • --assignee: The user, group, or service principal to assign the role to.
  • --role: The name or ID of the role to assign (e.g., Contributor, Reader).
  • --scope: The resource or resource group where the role applies.
bash
az role assignment create --assignee <assignee> --role <role> --scope <scope>
💻

Example

This example assigns the Contributor role to a user with email user@example.com at a specific resource group scope.

bash
az role assignment create --assignee user@example.com --role Contributor --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup
Output
{ "canDelegate": false, "id": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleAssignments/12345678-1234-1234-1234-123456789abc", "name": "12345678-1234-1234-1234-123456789abc", "principalId": "abcdef12-3456-7890-abcd-ef1234567890", "principalType": "User", "roleDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup", "type": "Microsoft.Authorization/roleAssignments" }
⚠️

Common Pitfalls

  • Using an incorrect --assignee value such as a display name instead of an email or object ID.
  • Omitting the --scope parameter, which defaults to the subscription and may assign roles too broadly.
  • Trying to assign a role without sufficient permissions yourself.
  • Confusing role names; always verify the exact role name or ID.
bash
az role assignment create --assignee "John Doe" --role Contributor

# Correct way:
az role assignment create --assignee user@example.com --role Contributor --scope /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup
📊

Quick Reference

ParameterDescriptionExample
--assigneeUser, group, or service principal to assign roleuser@example.com
--roleRole name or ID to assignContributor
--scopeResource or resource group scope for the role/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup

Key Takeaways

Use az role assignment create with --assignee, --role, and --scope to assign roles.
Always specify the correct scope to limit role permissions to the intended resources.
Verify the assignee identifier is an email or object ID, not just a display name.
Ensure you have permission to assign roles before running the command.
Check role names carefully to avoid assignment errors.

Related by keyword

How to Create an Azure Account: Step-by-Step GuideGetting StartedHow to Install Azure CLI: Step-by-Step GuideGetting StartedHow to Attach a Disk to an Azure VM: Step-by-Step GuideVirtual MachinesHow to Create VM Scale Set in Azure: Step-by-Step GuideVirtual MachinesHow to RDP into Azure VM: Step-by-Step GuideVirtual Machines

Up next

What is Azure Used For: Key Uses and ExamplesWhat is Microsoft Azure: Overview and Use CasesHow to Choose VM Size in Azure: A Simple GuideHow to Connect to Azure VM: Simple Steps for Beginners

More in Azure AD and Identity

Azure AD B2B vs B2C: Key Differences and When to Use EachHow to Create a Group in Azure AD Quickly and EasilyHow to Create a Service Principal in Azure: Step-by-Step GuideHow to Create a User in Azure AD: Step-by-Step Guide