PoC for Support Request Contributor Role

2
votes

I would like your guidance and advice on this please. I am trying to build proof of concept for an Azure RBAC role called the "Support Request Contributor" These are the tests I am planning on after creating a non admin regular user account and assigning this role to the account on subscription level.

What can someone do with this role? Submit support requests Can whoever in this role see other people tickets? yes Can whoever in this role increase quotas on the subscription? TBD What are the role imitations? Currently this role can only be assigned on subscription level, hence the user is able to see all the resource groups within that subscription.

Is there anything that you have seen either by experience or else that I can add to this PoC document.

This is my first PoC document, so any tips, your advice and guidance is really appreciated.

Thanks so much :)

1
azureazure-rbac

1 Answers

2
votes

For "Support Request Contributor" Role, it could be assigned to anyone who is in your tenant.This role is assigned on Azure subscription level and once someone is assigned this role, this user could see all request tickets of that Azure subscription.

Though users could see all resource groups in the Azure subscription, but can't see resource details in resource groups.

Users with this role could raise support tickets from the Azure portal, including raising subscription-related support tickets such as require more resource quotas.

What's more, users with this role could read Auth info in Azure AD.

As official indicated,all permissions of this role are : enter image description here

If this role does not meet your requirements, you can also create your custom role with permission: Microsoft.Support/*, so that it could create and manage support tickets.