This template assigns Owner, Reader, Contributor, Virtual Machine Contributor access to an existing VM in a resource group. Inputs to this template are following fields:

Principal ID Role Definition ID Virtual Machine Name GUID

**Use following powershell command to get Principal ID associated with a user using their email id. Please note, principal id maps to the id inside the directory and can point to a user, service principal, or security group. The ObjectId is the principal ID.

PS C:> Get-AzureADUser -mail

DisplayName Type ObjectId

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

**Use following powershell command to learn about RoleDefinitions. Please note, the template already uses appropriate roleDefinition Id. The applicable RoleDefinition names are avialable in the parameter dropdown.

PS C:> Get-AzureRoleDefinition | fl

Name : Contributor Id : /subscriptions/ xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c Actions : {} NotActions : {Microsoft.Authorization//Write, Microsoft.Authorization/*/Delete}

Tags: Microsoft.Authorization/roleAssignments, Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines