Azure Active Directory角色(Azure Active Directory Roles)

Azure Active Directory角色(Azure Active Directory Roles)

我试图弄清楚Azure AD角色是如何工作的。

我登录了旧门户网站（manage.windowsazure.com），因为Active Directory尚未移至新门户网站（portal.azure.com）。 然后我添加了一个角色为“User”的用户，另一个角色为“Billing Admin”的用户和另一个具有“Global Admin”的用户。

在新门户中，我可以分配角色来管理用户有权访问的资源。 但是，如果我尝试使用其中任一帐户登录Azure AD，则会收到“未找到订阅”消息。 我不明白为什么，因为根据微软的这篇文章 ，至少全局管理员和计费管理员应该有权访问。

那么，我如何才能拥有角色，以便财务团队中的人员只能访问与财务相关的信息？

I'm trying to figure out how do Azure AD roles work.

I signed into the old portal (manage.windowsazure.com) because the Active Directory is not yet moved to the new portal (portal.azure.com). Then I added a user with the role "User", another user with the role "Billing Admin" and another one with "Global Admin".

In the new portal, I can assign roles to manage the resources both users have access to. However, if I try to log in the Azure AD with either of those accounts, I get a "No subscriptions found" message. I don't understand why, because according to this Microsoft's article, at least the Global Admin and Billing Admin should have access.

So, how could I have roles so that people in the finances team can only access finances-related information?

最满意答案

我理解这一点的方式是Azure AD（用户管理，计费管理等）中的角色仅适用于Azure AD。 它们与订阅角色（您在Azure门户中设置的角色，如所有者，贡献者，读者）无关。

您需要做的是在旧门户中的Azure AD中创建这些用户后，返回Azure门户并根据您的要求为这些用户分配订阅角色。 一旦这些人员分配了订阅角色，他们就应该能够访问Azure门户。 您可能会发现此链接对分配订阅角色很有用： https ： //azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/ 。

The way I understand this is that roles in Azure AD (User Admin, Billing Admin etc.) are only applicable to Azure AD only. They have nothing to do with subscription roles (the roles you set in Azure portal like Owner, Contributor, Reader).

What you have to do is once you have created these users in Azure AD in the old portal, go back to Azure Portal and assign subscription roles to these users according to your requirement. Once these folks have a subscription role assigned to them, they should be able to access Azure Portal. You may find this link useful for assigning subscription roles: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/.