locked
Azure Stack TP3 - Tenant Subscription Co-Admins RRS feed

  • Question

  • Good afternoon folks,

    I've been trying to set up a co-admin to a tenant subscription recently and am having no luck.  It goes through the motions and advises the co-admin addition task completed successfully but it never actually does anything.

    Is this expected in TP3, i.e. is the functionality currently missing or is it me that's missing something :)

    See the attached screenshots for a little more context.

    P.S. In the meantime, I'll likely just set up a subscription for each user.

    Thanks in advance folks.

    Thursday, June 29, 2017 2:14 PM

Answers

  • Hello,

    You can enable this functionality in Azure Stack via Role-Based Access Control.

     

    Please see the documentation for Managing Role-Based Access Control here:

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions

    And documentation for Enabling multi-tenancy in Azure Stack here:

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-enable-multitenancy

     

    We suggest you deploy the latest version of the Azure Stack single node ‘Azure Stack Development Kit’ from here: Download Azure Stack Development Kit (ASDK)

     

    About the Download Azure Stack Development Kit (ASDK)
    The ASDK bits are now available at the
    Azure Stack download page. ASDK has new capabilities that will enrich your Azure-consistency experience. Learn more about Azure Stack innovation at our launch blog.

    More resources:

     

    Azure Stack Development Kit

    Microsoft Azure Stack Development Kit is a single-node version of Azure Stack, which you can use to evaluate and learn about Azure Stack.  You can also use Azure Stack Development Kit as a developer environment, where you can develop using consistent APIs and tooling.

     

    You should be aware of these points with Azure Stack Development Kit:

    Azure Stack Development Kit must not be used as a production environment and should only be used for testing, evaluation, and demonstration.

    Your deployment of Azure Stack is associated with a single Azure Active Directory or Active Directory Federation Services identity provider.

    You can create multiple users in this directory and assign subscriptions to each user.

    With all components deployed on the single machine, there are limited physical resources available for tenant resources.

    This configuration is not intended for scale or performance evaluation.

    Networking scenarios are limited due to the single host/NIC requirement.

     

    We look forward to hearing from you.

    The Microsoft Azure Stack Team


    Gary Gallanes



    Tuesday, July 11, 2017 5:29 PM

All replies

  • Hello,

    You can enable this functionality in Azure Stack via Role-Based Access Control.

     

    Please see the documentation for Managing Role-Based Access Control here:

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-manage-permissions

    And documentation for Enabling multi-tenancy in Azure Stack here:

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-enable-multitenancy

     

    We suggest you deploy the latest version of the Azure Stack single node ‘Azure Stack Development Kit’ from here: Download Azure Stack Development Kit (ASDK)

     

    About the Download Azure Stack Development Kit (ASDK)
    The ASDK bits are now available at the
    Azure Stack download page. ASDK has new capabilities that will enrich your Azure-consistency experience. Learn more about Azure Stack innovation at our launch blog.

    More resources:

     

    Azure Stack Development Kit

    Microsoft Azure Stack Development Kit is a single-node version of Azure Stack, which you can use to evaluate and learn about Azure Stack.  You can also use Azure Stack Development Kit as a developer environment, where you can develop using consistent APIs and tooling.

     

    You should be aware of these points with Azure Stack Development Kit:

    Azure Stack Development Kit must not be used as a production environment and should only be used for testing, evaluation, and demonstration.

    Your deployment of Azure Stack is associated with a single Azure Active Directory or Active Directory Federation Services identity provider.

    You can create multiple users in this directory and assign subscriptions to each user.

    With all components deployed on the single machine, there are limited physical resources available for tenant resources.

    This configuration is not intended for scale or performance evaluation.

    Networking scenarios are limited due to the single host/NIC requirement.

     

    We look forward to hearing from you.

    The Microsoft Azure Stack Team


    Gary Gallanes



    Tuesday, July 11, 2017 5:29 PM
  • Hi Gary,

    Thanks for getting back to me.  I've already set up multi-tenancy for the AAD I want to use, this is working as expected.

    I'll reiterate what I'm trying to do.  I've assigned a tenant user as a subscription owner and am now trying to add co-admins to that same subscription as that same tenant user.  This is where things aren't working as expected.

    So this isn't for RBAC control over a resource within a subscription, but the subscription itself.

    Thanks in advance.

    Wednesday, July 12, 2017 8:34 AM