Access - jasper-zanjani/azure GitHub Wiki

Azure methods of administering access to resources can be divided into two groups (Azure AD has its own roles)

• Role-Based Access Control (RBAC) allows fine-grained access management
• Classic subscription administration roles include Account Administrator, Service Administrator, and Co-Administrator

Classic

Classic subscription administrators have full access to a subcription. They can access resources through Azure Portal, ARM APIs (PowerShell and CLI), and classic deployment model APIs. By default, the account that is used to sign up for a subscription is automatically set as both Account Administrator and Service Administrator. There can only be one Account Administrator per account and only 1 Service Administrator per subscription. Co-Administrators have the same access as Service Administrators, and there can be 200 of them per subscription, but cannot change the association of subscriptions to directories.

Current assignments for classic admins can be seen in the Properties blade of a subscription in Azure Portal. Co-Administrator assignments can be added by opening the Access Control (IAM) blade of a subscription, then clicking the Add co-administrator button.