You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Azure provides more than 300 built-in RBAC roles that cover common access patterns. When none of these roles fit your requirements exactly, you can create custom roles with precisely the permissions you need.
Three roles appear at every scope in Azure and are the most widely used:
| Role | Description |
|---|---|
| Owner | Full access to all resources, including the ability to assign roles to others |
| Contributor | Full access to all resources, but cannot manage role assignments or manage Blueprints |
| Reader | View all resources but cannot make any changes |
Beyond the three fundamental roles, Azure provides service-specific roles:
| Role | Description |
|---|---|
| User Access Administrator | Manage user access to Azure resources (role assignments) |
| Role Based Access Control Administrator | Manage RBAC role assignments only (no resource access) |
| Role | Description |
|---|---|
| Virtual Machine Contributor | Create and manage VMs, but not the VNet or storage they connect to |
| Virtual Machine Administrator Login | View VMs and log in as administrator |
| Virtual Machine User Login | View VMs and log in as a regular user |
| Role | Description |
|---|---|
| Storage Account Contributor | Manage storage accounts (create, delete, update) |
| Storage Blob Data Contributor | Read, write, and delete blob containers and data |
| Storage Blob Data Reader | Read blob containers and data only |
| Role | Description |
|---|---|
| Network Contributor | Manage all networking resources |
| DNS Zone Contributor | Manage DNS zones and records |
| Role | Description |
|---|---|
| SQL DB Contributor | Manage SQL databases but not their security policies |
| Cosmos DB Account Reader Role | Read Cosmos DB account data |
| Role | Description |
|---|---|
| Monitoring Contributor | Read monitoring data and edit monitoring settings |
| Monitoring Reader | Read all monitoring data |
| Log Analytics Contributor | Read and configure Log Analytics |
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.