Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure DevTest Labs has three built-in roles: Owner, Contributor, and DevTest Labs User, that define the access necessary to do specific lab tasks. Lab owners use Azure role-based access control (RBAC) to add lab users with assigned roles. This article lists the tasks each role can do, and describes how Lab Owners can add members to lab roles by using the Azure portal or an Azure PowerShell script.
Owners, Contributors, and DevTest Labs Users
The following table shows the actions that the DevTest Labs Owner, Contributor, and DevTest Labs User roles can take.
| Action | Owner | Contributor | DevTest Labs User |
|---|---|---|---|
| Lab tasks | |||
| Create labs. | X | X | |
| Add users to labs. | X | ||
| Configure user settings and roles. | X | ||
| Update lab virtual machine (VM) policies. | X | X | |
| Update cost settings. | X | X | |
| VM base tasks | |||
| Enable Marketplace images. | X | X | |
| Add, update, and delete VM base formulas. | X | X | X |
| Add and remove custom images. | X | X | |
| Add, update, and delete formulas. | X | X | |
| Individual VM tasks | |||
| Create VMs. | X | X | X |
| Start, stop, or delete owned VMs. | X | X | X |
| Add or remove VM data disks. | X | X | X |
| Artifact and template tasks | |||
| Add and remove lab artifact and template repositories. | X | X | |
| Create artifacts and templates. | X | X | X |
| Apply artifacts to owned VMs. | X | X | X |
Note
Lab users automatically have the Owner role on VMs they create.
Lab Owner role
Azure permissions propagate from parent scope to child scope. Owners of an Azure subscription that contains labs are automatically Owners of the subscription's labs.
Azure subscription Owners and User Access Administrators can add and assign DevTest Labs Owners, Contributors, and DevTest Labs Users to labs in their subscriptions. Azure subscription Contributors can create labs, but they're Owners of those labs only if a subscription Owner or User Access Administrator assigns them the lab Owner role.
Lab users that are granted the Owner role can add and assign Owners, Contributors, and DevTest Labs Users for their own labs. However, added lab owners have a narrower scope of administration than Azure subscription-based owners. Added owners don't have full access to some resources that the DevTest Labs service creates.
Prerequisites
- You must be a lab Owner, either by assignment from a subscription owner or by inheritance as a subscription owner.
- The user to be added must have a valid Microsoft account. They don't need an Azure subscription.
Add a user to a lab
Lab Owners can add members to lab roles by using the Azure portal or an Azure PowerShell script.
The following procedure adds a user to a lab with DevTest Labs User role. If you're an owner of the Azure subscription the lab is in, you can also do this procedure from the subscription's Access control (IAM) page.
On the lab's home page, select Configuration and policies from the left navigation.
On the Configuration and policies page, select Access control (IAM) from the left navigation.
Select Add > Add role assignment or select the Add role assignment button.
On the Add role assignment page, search for and select the DevTest Labs User role, and then select Next.
On the Members tab, select Select members.
On the Select members screen, search for and select the members you want to add, and then select Select.
Select Review + assign, and after reviewing the details, select Review + assign again to add the members.