Roles

Azure Roles != Entra ID Roles

Entra ID != Azure

  • Entra ID Roles = just a Directory of all the Objects (users, App Registration/service principals, VMs...etc). Teams, Office 365, intune/MEM...etc

  • Azure Roles = because not all MS cloud customers use "Azure" (compute, storage, networking...etc)

RBAC (Azure Role)

Built-in role
Description
ID

Contributor

Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.

b24988ac-6180-42a0-ab88-20f7382dd24c

Owner

Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.

8e3af657-a8ff-443c-a75c-2fe8c4bcb635

Reservations Administrator

Lets one read and manage all the reservations in a tenant

a8889054-8d42-49c9-bc1c-52486c10e7cd

Role Based Access Control Administrator

Manage access to Azure resources by assigning roles using Azure RBAC. This role does not allow you to manage access using other ways, such as Azure Policy.

f58310d9-a9f6-439a-9e8d-f62e7b41a168

User Access Administrator

Lets you manage user access to Azure resources.

18d7d88d-d35e-4fb5-a5c3-7773c20a72d9

General

Built-in role
Description
ID

Reader

View all resources, but does not allow you to make any changes.

acdd72a7-3385-48ef-bd42-f606fba81ae7

PreviousHierarchyNextArchitecture

Last updated