Be able to manage Role/Action at subnet level inside a vnet
In ARM and RBAC model : Possiblity to have the subnet as an independant resource to be able to say using RBAC : "i want my user1 to be able to deploy VM to subnet 1 and 2 but not 3 because subnet 3 is an infrastructure subnet unhautorized to users."
Thank you for your suggestion, we added this to our roadmap.
Michael Elleby commented
This is possible to do with Azure PowerShell, using the following code:
$user = 'firstname.lastname@example.org'
$role = 'Contributor'
$subscriptionId = '00000000-0000-0000-0000-000000000000'
$resourceGroup = 'testrg'
$virtualNetwork = 'testvnet'
$subnet = 'testsubnet'
New-AzureRmRoleAssignment -SignInName $user -RoleDefinitionName $role -Scope "/subscriptions/$($subscriptionId)/resourceGroups/$($resourceGroup)/providers/Microsoft.Network/virtualNetworks/$($virtualNetwork)/subnets/$($subnet)"
Has this functionality been removed? I was able to do this and now it is no longer available.
[Deleted User] commented
It seems like the ability exist now. If you create a vnet and then add a subnet to it, you can drill down to the subnet blade in the vnet resource. There is a new panel on the subnet blade that say manage users. It use to lead back to the vnet IAM. Now if you add a user to the subnet IAM panel and then go to the IAM panel for that vnet the added identity will not appear on the vnet IAM panel, but it still exist on the subnet IAM panel. I have not figure how to do this through code.
may i know the solution to this please.
We also require this feature for managing VNets better. Any progress?
Shashidharan Sukumaran commented
This feature will be required for managing Vnet and subnets in a better fashion. Currently, users should be granted access to VNet which trickles down to all the subnets. We need to be able to restrict users to only a certain subnet instead of allowing access to all the subnets.
Has there been any progress on this ability. I would like to define a VNET for the whole company and have teams deploy into specific subnets