Azure landing zone Documentation
Home GitHub Issue Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Azure landing zone Documentation
  2. /
  3. Accelerator
  4. /
  5. Phase 1 - Prerequisites
  6. /
  7. Root Access
Edit page

Root Access

Root Access Configuration

In order to successfully deploy the Platform landing zone using AVM Bicep, you need to ensure that the account you are using has at least User Access Administrator permissions at the root (/) level.

Assign Root Access to your User Account

Follow the steps in the Microsoft Documentation to elevate to root access. Once you have followed those steps you’ll have the permissions required to proceed.

Warning
Be sure to remove the elevated access once you have completed the bootstrap process to maintain security best practices.

Assigning Root Access to a Service Principal or another User Account

If you want to assign the User Access Administrator role to a Service Principal or another User account, you can do that via Azure CLI. You’ll need to have followed the previous steps to ensure you have the required permissions before running this command.

  1. Open a PowerShell terminal using PowerShell 7.

  2. Login to Azure CLI and select your tenant:

    az login --tenant "<tenant-id>" --use-device-code

  3. Run the following command to assign the User Access Administrator role at the root level:

    az role assignment create `
  --assignee "<service-principal-or-user-object-id-or-name>" `
  --role "User Access Administrator" `
  --scope "/"
gdoc_arrow_left_alt Authenticating via Service Principal Phase 2 - Bootstrap gdoc_arrow_right_alt