6

I created an empty Azure cloud service and I want to allow other developers to deploy to it. So far the only route I can see is adding the developers as Azure subscription administrators. I would rather give them more specific access to the cloud services only.

ghawkes
  • 63
  • 1
  • 3
  • I know the question is old, but Mike's answer is correct now. In the latest version each user who has access to the portal can just click "Get Publish Profile", and then import that file when publishing in Visual Studio. – Matt Edwards Jun 01 '16 at 13:07

2 Answers2

2

No such functionality exist today which will allow you to grant/revoke permissions at the cloud service level. Once a developer is provided access to the subscription, they would have access to all the resources under that subscription.

There's a REST API behind cloud service deployments and all the tools (including Windows Azure Portal and Visual Studio) consume this API for creating deployments. One possible solution would be to build your own solution consuming this API. In this solution you will implement access control based on your requirements so that when your user use this service, they will only see the cloud service they're assigned to and can only manage that cloud service. There's a managed library for consuming this API. You can find more information here: http://www.bradygaster.com/post/getting-started-with-the-windows-azure-management-libraries.

Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
  • Is this still accurate? The .publishSettings file is the only (supported/simple) way? – vvolkgang Mar 03 '15 at 11:35
  • To the best of my knowledge, yes. However, Azure recently announced Role Based Access Control (RBAC) using which it would be possible to grant permissions to perform various management activities based on a user's role. Unfortunately this functionality is still not supported for Cloud Services as of today. So you may want to wait out for this. – Gaurav Mantri Mar 03 '15 at 11:43
1

It seems that if the original developer downloads the publish profile from Azure (it's an xml file that with a .PublishSettings extension), you can copy the userPWD from that file, give it to another developer and they can paste it into the password field in the Connection section of the Publish dialog.

The userPWD is a string that looks something like this: EFFCLfDqDKHlXcA2YDZPvX4BZXWFaobxaLN0aPJd4HCfa8WxlqEkt2yywBsx

Mike Yeager
  • 131
  • 6