The current Microsoft Azure portal has the disadvantage of not being able to assign roles to accounts associated with a subscription to its management. Once given access as co-administrator is given access to all the resources of the platform and the possibility of create, modify and delete at will.
This situation has been improved in the new portal, where it is possible to assign roles to subscription level, resource group or a single element.
This not only limits access to a set of elements but also allows us to decide the level of interaction with them. In the picture above you can see three records in the access window where, as happens in the current portal, you can assign users from Azure Active Directory or using a Microsoft Account (what was once known as Live ID) the first of them corresponds to an account related to resource level, in this example a Web App, using the Website Contributor role. The following user only has only reading access and Subscription admins group has the role of Owner for all subscription administrators. In each of the roles available there is associated an icon that clarifies the scope.
At the end of this article is possible to review the different roles available today.