Azure Role-Based Access Control (RBAC): who can do what, where

Common built-in roles

Roles define what actions you're allowed to perform. Reader: view only. Contributor: manage resources (not access). Owner: full access plus can assign roles. User Access Administrator: can manage access (role assignments).