Adding a user in Azure Active Directory caused some troubles: it didn’t work as I thought it would. Let me explain.
Adding the user
I went to Azure Active Directory, clicked “Users” in the left menu and added the user via “New user”. I filled in some information and clicked on role “User” and choose “Global reader”: in the description it says “Can read everything that a global administrator can, but update nothing”. When I look at the user that I normally use in my main account, this user has the role “Global administrator” assigned to it, so this sounds good:
I choose “Netherlands” as usage location and pressed “Create”. In the list of users, I copied the User principal name:
Logging on as a new user
After logging out from my main account and logging on with my New User account, I went to the resource groups and saw the following:
I didn’t expect this: why is it asking for a (new) subscription? I have a perfectly valid subscription in my main account. Why doesn’t it use that, and why doesn’t it show the resource groups that I have in my main account? I looked at the settings for my new user in Azure Active Directory. I did that both with my main account credentials and also with the New User account. This went fine, so it did assign some permissions, but I couldn’t find a place where I could add my “main account subscription” to this user…
In the end, I went to the subscription, and changed the IAM settings: I choose for reader and clicked on my newly created user.
When I refreshed the resource groups screen in the session I used for my New User account, I got a rather vague error. After a few minutes I refreshed the screen again and then I saw that my resource groups were visible. All the other screens worked as well.
Learning a new cloud can be hard: there are many features, many settings and the settings you need can also be in places you don’t expect them to be. But in the end I succeeded in achieving my goal and I’m glad I know a little bit more about the way Azure works.