Azure Subscription vs. Resource Group Roles & Permissions Clarification

security permissions resources azure owner

To read or create resources in a resource group, you do not need subscription-wide permissions; they can also be applied just at resource group level.

The role that takes precedence is the highest role, regardless of wide/narrow scope.

If you are contributor on the group or the subscription, you can create the resources in the group. If you are reader in the group, and contributor in the subscription, you can also create the resources.

The subscription is a wider scope and applies to all resource groups within, but reader on the group does not apply to anything else in the subscription.

Related

Google Cloud - ChronoSync - Data
404 on LiteSpeed vhost
Get rid of debian-sys-maint instead of root in MySQL 8
lighttpd virtual hosting configuration
How to reliably & portably serialize binary information into POSIX shell
GKE application (container) logs being delivered to Cloud Logging with ERROR severity - where does that come from?
Nginx upstream health check - custom header
making a host port accessible from within a container in Kubernetes
Dual Intel Xeon E5-2670 (current) vs AMD Ryzen 9 3900 (new box), for combined web/database server
Centos 8 in AWS - PHP install error
MySQL remote connection slow
Downloaded P 12 file from Google to my computer and dont remember password