You have an Azure subscription named Sub1. Sub1 contains two resource groups named RG1 and RG2.
You need to ensure that Global Administrators can manage all resources contained in RG1 and RG2.
Solution: From the subscription's Access control (IAM) blade, you click Add role assignment.
Does this solution meet the goal?
This solution does not meet the goal. Azure Active Directory (Azure AD) permissions are distinct from Azure resource permissions. In this case, you should enable the Access management for Azure resources property from the Azure AD tenant's Properties blade. This property, when enabled, ensures that Azure AD users assigned to the Global Administrators role maintain full resource access even if their account is stripped from resource-level access control lists (ACLs). The Add role assignment button is used to make an addition to that scope's ACL. For instance, you may need to add a new Azure administrator to the Owner role for a subscription, resource group, or resource.