Forum Discussion
CibinAlbin
Jan 24, 2022Copper Contributor
How to restrict multiple users access to specific subscription under multi subscription Model?
Elaborated question: How to restrict multiple users access to specific subscription when they are a member of the management group ?
Scenario :
I am having a Multi-subscription which is organised by management group for easy governance and management under a single tenant. When i Say Multi-Subscription , i mean 500+ subscription under a single tenant, Now i have all 500+ subscription whose IAM is inherited with Management AD group that is created on Azure Active Directory .
I want to restrict few users from this Management AD group getting access to few subscription which has sentitive data. How to achieve this is my question ?
- Chandrasekhar_AryaSteel ContributorThe best solution for what you're looking for might be locks if this is the only resource you want to lock down: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-lock-resources
There are also more granular RBAC setups than just giving someone full owner/contributor access: https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles