为具有 Azure Active Directory 的用户分配管理员和非管理员角色Assign administrator and non-administrator roles to users with Azure Active Directory

如果你的组织中的某位用户需要有权管理 Azure Active Directory (Azure AD) 资源,则必须根据该用户需要有权执行的操作在 Azure AD 中为该用户分配合适的角色。If a user in your organization needs permission to manage Azure Active Directory (Azure AD) resources, you must assign the user an appropriate role in Azure AD, based on the actions the user needs permission to perform.

有关可用角色的详细信息,请参阅在 Azure Active Directory 中分配管理员角色For more information about the available roles, see Assigning administrator roles in Azure Active Directory. 有关添加用户的详细信息,请参阅向 Azure Active Directory 中添加新用户For more information about adding users, see Add new users to Azure Active Directory.

分配角色Assign roles

向用户分配 Azure AD 角色的一种常用方式是使用用户的“目录角色”页面。A common way to assign Azure AD roles to a user is on the Directory role page for a user.

向用户分配角色To assign a role to a user

  1. 使用目录的全局管理员帐户登录到 Azure 门户Sign in to the Azure portal using a Global administrator account for the directory.

  2. 选择“Azure Active Directory”,选择“用户”,然后搜索并选择要获得角色分配的用户。Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment. 例如,Alain CharonFor example, Alain Charon.

  3. 在“Alain Charon - 个人资料”页面上,选择“目录角色”。On the Alain Charon - Profile page, select Directory role.

    此时将显示“Alain Charon - 目录角色”页面。The Alain Charon - Directory role page appears.

  4. 选择“添加角色”,选择要分配给 Alain 的角色(例如“应用程序管理员”),然后选择“选择”。Select Add role, select the role to assign to Alain (for example, Application administrator), and then choose Select.

    “目录角色”页面,其中显示了所选的角色

    “应用程序管理员”角色将分配给 Alain Charon,并且它将显示在“Alain Charon - 目录角色”页面上。The Application administrator role is assigned to Alain Charon and it appears on the Alain Charon - Directory role page.

删除角色分配Remove a role assignment

如果需要删除用户的角色分配,也可以从“Alain Charon - 目录角色”页面执行该操作。If you need to remove the role assignment from a user, you can also do that from the Alain Charon - Directory role page.

删除用户的角色分配To remove a role assignment from a user

  1. 选择“Azure Active Directory”,选择“用户”,然后搜索并选择要删除角色分配的用户。Select Azure Active Directory, select Users, and then search for and select the user getting the role assignment removed. 例如,Alain CharonFor example, Alain Charon.

  2. 选择“目录角色”,选择“应用程序管理员”,然后选择“删除角色”。Select Directory role, select Application administrator, and then select Remove role.

    “目录角色”页面,其中显示了所选的角色和删除选项

    “应用程序管理员”角色将从 Alain Charon 中删除,并且不再显示在“Alain Charon - 目录角色”页面上。The Application administrator role is removed from Alain Charon and it no longer appears on the Alain Charon - Directory role page.

后续步骤Next steps

另外,你可以执行其他用户管理任务,例如,分配委托、使用策略以及共享用户帐户。Or you can perform other user management tasks, such as assigning delegates, using policies, and sharing user accounts. 有关其他可用操作的详细信息,请参阅 Azure Active Directory 用户管理和文档For more information about other available actions, see Azure Active Directory user management documentation.