Share via

Not able to give Defender for Storage Scanner Operator permission for subscription. it used to work 4 days back

Ram Srivastava 0 Reputation points
2025-10-30T14:28:08.8766667+00:00

Not able to give Defender for Storage Scanner Operator permission for subscription. it used to work 4 days back ( 27th Oct 2025). Now it is not working. it used be under "job function roles" now i see it under Privileged administrator roles but not letting me review and assign. Not sure what went wrong hereUser's image

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Chivarla 2,005 Reputation points Microsoft External Staff Moderator
    2025-10-31T08:42:56.84+00:00

    Hi Ram,

    Thank you for posting your query on Microsoft Q&A.

    As per our understanding, you are unable to assign the Defender for Storage Scanner Operator permission for your subscription, and you noticed that the role has recently been moved from "Job Function Roles" to "Privileged Administrator Roles," whicAh is affecting your ability to assign it.

    This behavior is due to recent updates in Azure Role-Based Access Control (RBAC) where some roles have been reclassified, impacting how they are managed and assigned. To assign this role, you need sufficient permissions such as Owner or User Access Administrator on the subscription.

    Please follow these steps to resolve the issue:

    Confirm Your Permissions: Ensure your account has the Owner or User Access Administrator role by navigating to: Azure Portal > Subscriptions > Your Subscription > Access control (IAM).

    Locate the Role in the Updated Section: Search for the Defender for Storage Scanner Operator role under the Privileged Administrator Roles section in Access Control (IAM). Attempt to assign the role from this updated location.

    Allow Time for Propagation: If you recently noticed this change or made permission changes, allow up to 24 hours for role visibility and assignment capabilities to update across Azure services.

    Troubleshoot UI Issues: Clear your browser cache or try a different browser or incognito/private session to rule out any UI caching or session issues.

    Monitor Official Documentation: Stay updated with the latest guidance from Microsoft on RBAC and Defender for Storage permissions:

    I hope this information helps you assign the Defender for Storage Scanner Operator role correctly. Please feel free to ask if you need further assistance. If this answer is helpful, kindly click "Accept Answer" and Upvote it.

    0 comments
  2. Ram Srivastava 0 Reputation points
    2025-11-05T03:04:45.3333333+00:00

    again i see it in "Job function roles" My customers are very confused, why this kind of change within a week, User's image

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.