![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 12%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGZ%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
814 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Thank you for posting this in Microsoft Q&A.
As I understand you have missed the deadline to migrate classic administrators to RBAC. Due to this you do not have access on the subscription now.
You can follow below steps to get access on to the subscription as Owner.
I see that you have only 3 users in your Entra ID. to fix this issue you will need atleast one user who has Global admin role assigned in Entra ID.
Follow these steps to elevate access for a Global Administrator using the Azure portal.
Sign in to the Azure portal as a Global Administrator.
If you are using Microsoft Entra Privileged Identity Management, activate your Global Administrator role assignment.
Open Microsoft Entra ID.
- Under Manage, select Properties.
- Under Access management for Azure resources, set the toggle to Yes.
When you set the toggle to Yes, you are assigned the User Access Administrator role in Azure RBAC at root scope (/). This grants you permission to assign roles in all Azure subscriptions and management groups associated with this Microsoft Entra directory. This toggle is only available to users who are assigned the Global Administrator role in Microsoft Entra ID. When you set the toggle to No, the User Access Administrator role in Azure RBAC is removed from your user account. You can no longer assign roles in all Azure subscriptions and management groups that are associated with this Microsoft Entra directory. You can view and manage only the Azure subscriptions and management groups to which you have been granted access. - Click Save to save your setting. This setting is not a global property and applies only to the currently signed in user. You can't elevate access for all members of the Global Administrator role.
- Sign out and sign back in to refresh your access. You should now have access to all subscriptions and management groups in your directory. When you view the Access control (IAM) pane, you'll notice that you have been assigned the User Access Administrator role at root scope.
- Make the changes you need to make at elevated access. For information about assigning roles, see Assign Azure roles using the Azure portal. If you are using Privileged Identity Management, see Discover Azure resources to manage or Assign Azure resource roles. Perform the steps in the following section to remove your elevated access.
NOTE: Once you sign out and sign back in to refresh your access, you can assign an owner role to you account under subscription.
Once you have the owner role assigned on the subscription, we would recommend you remove elevated access for your account.
You can follow steps in below article to remove elevated access for your account.
Let us know if you have any further questions.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.