Azure Management roles and permissions

Role Permission Description
 Azure Management Resource Admin

Can run all operations on Azure Management resources.

 azure.alert.read For all customers in the user's defined scope, the user can:
  • View all resources
  • Drill down to view resource details
  • View Azure Alerts
  • Perform start, restart, stop, and deallocate operations
azure.resource.read
azure.resource.readbasic
azure.virtualmachine.deallocate
azure.virtualmachine.restart
azure.virtualmachine.start
azure.virtualmachine.stop
azure.vm.read
azure.vm.readbasic
azuremgmt.error.read
azuremgmt.integration.read
azuremgmt.operation.read
azuremgmt.user.read
Azure Management Resource Reader

Can view all Azure Management resources & alerts.

 azure.alert.read For all customers in the user's defined scope, the user can:
  • View all resources
  • Drill down to view resource details
  • View Azure Alerts
azure.resource.read
azure.resource.readbasic
azure.vm.read
azure.vm.readbasic
azuremgmt.error.read
azuremgmt.integration.read
azuremgmt.user.read
 Azure Management Resource Writer

Can run start, stop, and restart operation on Azure Management resources.

 azure.alert.read For all customers in the user's defined scope, the user can:
  • View all resources
  • Drill down to view resource details
  • View Azure Alerts
  • Perform start, restart, and stop operations
azure.resource.read
azure.resource.readbasic
azure.virtualmachine.restart
azure.virtualmachine.start
azure.virtualmachine.stop
azure.vm.read
azure.vm.readbasic
azuremgmt.error.read
azuremgmt.integration.read
azuremgmt.operation.read
azuremgmt.user.read

Related articles

Updated: May 07, 2024