Management Roles Needed for Azure License Manager

Owned by Phillip Hanegan
Last updated: Aug 19, 2024
3 min read

The access to the pages and features of Azure Licensing Manager (ALM) granted to users depends on the Management Roles assigned to the currently logged in user. ALM Management Roles include the following:

  • License Admin for All Pools and Bundles – This role grants full administrative access to ALM. Users with the role can perform all available actions.

  • License Manager for All Bundles – This role grants access to the management settings for existing license bundles.

  • License Manager for Bundles Where Owner – This role grants access the management setting for license bundles where the person with the role is assigned as the owner (responsible party) for a license bundle.

  • License Reporter for All Roles and Bundles – This role grants access to the Reports and Analytics Dashboard pages of ALM.

  • License Self-Service User –  This role grants access to the IAM Shop to allow users with the role to view their current licenses and request any additional licenses for which they are an eligible assignee.

All Management Roles grant access to the IAM Shop.

The Management Roles each user should have depends on the type of access they need.

Management Roles needed to configure Azure License Manager to connect to Azure AD Tenants

Management Role

Access granted by Management Role

License Admin for All Pools and Bundles

  • Can access the Azure License Config page

  • Can create a new Azure AD tenant

  • Can set provisioning preferences for an Azure AD tenant

  • Can enable inventory of the licensing, user and group information in an Azure AD tenant

  • Can publish the EmpowerID Azure SCIM microservice to Azure

 

Management Roles needed to manage license pools

Management Role

Access to license pools granted by Management Role

License Admin for All Pools and Bundles

  • Can see all license pools

  • Can create and delete license pools

  • Can add and remove license bundles to and from license pools

 

Management Roles needed to manage license bundles

Management Role

Access to license bundles granted by Management Role

License Admin for All Pools and Bundles

Grants users with the role the following access to license bundles:

  • Can see all license bundles and the information related to those bundles

  • Can create and delete license bundles

  • Can add and remove license bundles to and from license pools

  • Can add and remove license assignees to and from license bundles

  • Can add and remove eligible license assignees to and from license bundles

  • Can exclude users from receiving a license from the license bundle

  • Can exclude users from being added to a license bundle as eligible assignees

  • Can exclude services from being included in the license bundle

  • Can assign the License Fulfillment Group for the license bundle

  • Can assign the Responsible Party for the license bundle

License Manager for All Bundles

Users with this role have the same access to license bundles as the users with the License Admin for All Pools and Bundles role, except they cannot create and delete license bundles or add and remove license bundles to and from license pools. Specifically, this role grants users with the role the following access to license bundles:

  • Can see all license bundles and the information related to those bundles

  • Can add and remove license assignees to and from license bundles

  • Can add and remove eligible license assignees to and from license bundles

  • Can exclude users from receiving a license from the license bundle

  • Can exclude users from being added to a license bundle as eligible assignees

  • Can exclude services from being included in the license bundle

  • Can assign the License Fulfillment Group for the license bundle

  • Can assign the Responsible Party for the license bundle

License Manager for Bundles Where Owner

Users with this role have the same access to license bundles as the users with the License Manager for All Bundles role, except they can only access license bundles where they are the Responsibility Party. Specifically, this role grants users with the role the following access to license bundles:

  • Can see all license bundles and the information related to those bundles where they are the Responsible Party

  • Can add and remove license assignees to and from license bundles where they are the Responsible Party

  • Can add and remove eligible license assignees to and from license bundles where they are the Responsible Party

  • Can exclude users from receiving a license from the license bundle where they are the Responsible Party

  • Can exclude users from being added to a license bundle as eligible assignees where they are the Responsible Party

  • Can exclude services from being included in the license bundle where they are the Responsible Party

  • Can reassign the Responsible Party for the license bundle

Management Roles needed to view Azure Report Data

Management Role

Access to Report Data granted by Management Role

License Admin for All Pools and Bundles

Can access all available reports as well as the Azure Analytics Dashboard

License Reporter for All Pools and Bundles

In addition to the Azure Analytics Dashboard, users with the role can access the following reports:

  • Azure License Fulfillment Queue

  • Azure License Policy Memberships

  • Azure Service Plan Assignments