向用户分配 Azure AD 角色Assign Azure AD roles to users

现在,可在 Azure AD 管理中心查看和管理管理员角色的所有成员。You can now see and manage all the members of the administrator roles in the Azure AD admin center. 如果你经常需要管理角色分配,也许更乐意使用此体验。If you frequently manage role assignments, you will probably prefer this experience. 本文介绍如何使用 Azure AD 管理中心分配 Azure AD 角色。This article describes how to assign Azure AD roles using the Azure AD admin center.

分配角色Assign a role

  1. 使用“全局管理员”或“特权角色管理员”权限登录到 Azure 门户Sign in to the Azure portal with Global Administrator or Privileged Role Administrator permissions.

  2. 选择“Azure Active Directory” 。Select Azure Active Directory.

  3. 选择“角色和管理员”以查看所有可用角色列表。Select Roles and administrators to see the list of all available roles.

    “角色和管理员”页的屏幕截图

  4. 选择一个角色,查看其分配情况。Select a role to see its assignments.

    为了帮助你找到需要的角色,Azure AD 可以根据角色类别显示角色子集。To help you find the role you need, Azure AD can show you subsets of the roles based on role categories. 查看“类型”筛选器,其中只显示所选类型中的角色。Check out the Type filter to show you only the roles in the selected type.

  5. 选择“添加分配”,然后选择要分配给此角色的用户。Select Add assignments and then select the users you want to assign to this role.

    如果你看到与下图不同的内容,请阅读 Privileged Identity Management (PIM) 中的“说明”,以确认你是否正在使用 PIM。If you see something different from the following picture, read the Note in Privileged Identity Management (PIM) to verify whether you are using PIM.

    管理员角色的权限列表

  6. 选择“添加”以分配角色。Select Add to assign the role.

Privileged Identity Management (PIM)Privileged Identity Management (PIM)

可以使用 Azure AD Privileged Identity Management (PIM) 为其他管理功能选择“在 PIM 中管理”。You can select Manage in PIM for additional management capabilities using Azure AD Privileged Identity Management (PIM). 特权角色管理员可将“永久”(始终充当该角色)分配更改为“符合条件”(仅当提升了权限时才充当该角色)。Privileged Role Administrators can change “Permanent” (always active in the role) assignments to “Eligible” (in the role only when elevated). 如果没有 Privileged Identity Management,仍可以选择“在 PIM 中管理”来注册试用版。If you don't have Privileged Identity Management, you can still select Manage in PIM to sign up for a trial. Privileged Identity Management 需要 Azure AD Premium P2 许可证计划Privileged Identity Management requires an Azure AD Premium P2 license plan.

显示“用户管理员 - 分配”页的屏幕截图,其中选择了“在 PIM 中管理”操作

全局管理员或特权角色管理员可以轻松添加或删除成员、筛选列表,或选择某个成员以查看为其分配的有效角色。If you are a Global Administrator or a Privileged Role Administrator, you can easily add or remove members, filter the list, or select a member to see their active assigned roles.

备注

如果你有 Azure AD Premium P2 许可证,并且已使用 Privileged Identity Management,则所有角色管理任务都会在 Privilege Identity Management 中执行,而不会在 Azure AD 中执行。If you have an Azure AD premium P2 license and you already use Privileged Identity Management, all role management tasks are performed in Privilege Identity Management and not in Azure AD.

在 PIM 中为已使用 PIM 且具有 Premium P2 许可证的用户管理的 Azure AD 角色

后续步骤Next steps