Very often at my work I get questions about permissions in Azure. Someone needs access to a specific resource. It’s very simple really. You have the follwing hierarchy in Azure:

• Root
• Management groups
• Subscriptions
• Resource groups
• resources

At the same time there are also central roles in Azure. Network access administrator for example. Which gives you access for all the network components in Azure.

When I have to check if someone has the correct access I click on IAM on one of the levels I just described and there you can click Check Access. There you type the name in of the employee you’re looking for. It will also calculate if the said account is in a group.