We’ve recently had a client who was quite confused about what Global Admin rights actually provided for rights to their Azure account. They wanted a tech with Global Admin rights to add a ROLE ASSIGNMENT (i.e. give permission to access) an Azure File Share, but when they tried, they saw ADD ROLE ASSIGNMENT (link under ADD at the top of the page) was disabled and the ADD ROLE ASSIGNMENT button (at the bottom of the page) was grayed out.
Global Admin allows for full user and VM control, as well as the ability to add yourself to other roles… but Global Admin does not immediately provide access to all Azure Features. Fortunately, it is easy for Global Admin’s to expand their rights.
Access Control (IAM) activities in an Azure Subscription require you to be an Owner or User Access Administrator role in that Azure subscription. So Azure Global Admin’s have two easy options:
The first option is pretty obvious so we will leave that one, but how to become a full Global Administrator is slightly more difficult.
In our case, our client wanted their Global Administrator to be able to make permission changes to all of their Azure Storage accounts and all of their Azure File Shares. Here we show you how to elevate access to manage all Azure subscriptions and management groups.
You have to wait about 2 minutes for this to fully take hold but after that you can simply refresh the page and you should then be able to access your and modify Access Management AIM in Azure File Shares or elsewhere, without problem.
This website uses cookies.
View Comments