The first task is to ensure that the appropriate teams and application owners can access their resources. It is recognized that each team has different requirements. For the sake of understanding, Azure SQL is deployed in a separate resource group to the Azure IaaS artifacts.
The administrator assigns the following roles for the subscription:
|
Role |
Assigned to |
Description |
|
Owner |
Administrator |
Manages all resource groups and the subscription. |
|
Security manager |
Security administrators |
This role allows users to look at Azure Security Center and the status of the resources. |
|
Contributor |
Infrastructure management |
Managing virtual machines and other resources. |
|
Reader |
Developers |
Can view resources, but cannot modify them. Developers are expected to work in their development/testing environments. |