Forum Discussion
How to Manage Access to Azure Subscriptions in CSP as an Indirect Provider?
Hi, I have a question about managing access to Azure subscriptions in the CSP model as an Indirect Provider (Distributor). Granting Access to Customers: What is the correct way to grant access to ...
- Granting access to customers: assuming you have Ownership of a deployed Azure sub, and the appropriate GDAP permissions, you can assign RBAC roles to whomever you'd like. You can use any tool that is normally used for managing permissions in Azure. Azure PowerShell is one: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
- Automation: see above, but be careful automating this because you may not know who from the customer should actually have rights to that Azure sub. By default an end-customer global admin can just grant access to the azure sub themselves.
- Permissions: if you sell the Azure sub, you should already have Owner permissions assigned to your AOBO admin agent group. I believe you will also need GDAP to at least enumerate a customer directory and assign permissions, so Global Reader or Directory Reader would work.
Thank you for your response. However, the documentation links you provided do not appear to be relevant to the issue I outlined. Could you please assist me further in addressing the specific matter at hand?
I appreciate your support and look forward to your guidance.
JillArmourMicrosoft
Community Manager
Community ManagerI don't know if they have an answer for you, I will ask them again.
