Giving AAD user or groups permission on Azure Resource

Create a resource group

1. In the navigation list, click Resource groups.
2. Click New to open the Create a resource group page.
   
3. Select a subscription.
4. For Resource group name, enter example-group or another name.
5. Click Review + create and then click Create to create the resource group.
6. Click Refresh to refresh the list of resource groups.The new resource group appears in your resource groups list.

Grant access

In Azure RBAC, to grant access, you assign an Azure role.

1. In the list of Resource groups, open the new example-group resource group.
2. In the navigation menu, click Access control (IAM).
3. Click the Role assignments tab to see the current list of role assignments.
   
4. Click Add > Add role assignment.
   If you don’t have permissions to assign roles, the Add role assignment option will be disabled.
   
5. On the Role tab, select the Virtual Machine Contributor role.
   
6. On the Members tab, select yourself or another user.
7. On the Review + assign tab, review the role assignment settings.
8. Click Review + assign to assign the role.
   After a few moments, the user is assigned the Virtual Machine Contributor role at the example-group resource group scope.
   

Remove access

In Azure RBAC, to remove access, you remove a role assignment.

1. In the list of role assignments, add a checkmark next to the user with the Virtual Machine Contributor role.
2. Click Remove.
   
3. In the remove role assignment message that appears, click Yes.