Azure custom role creation in the Azure portal is in public preview. Previously, creating or editing custom roles was only possible through the command-line or Azure Resource Manager API. Now, ease your role-based access control (RBAC) workflow using the new experience.
In this post we will see how does it work .You can use custom role for security purpose ( least privilege ) or to meet the customer or simply your business needs.
To begin click the add button in the Create a custom role area
Next give a name a desciption and a way to create a baseline permission .
- You can clone a builtin role : in this case you have to add or exclude permissions to one’s defined by the builtin role.
- Start from Scratch : in this case you have to add permissions one by one .
- Start from Json : in this case you have to upload a file in json format
In this post we use clone a role ( Reader )
Next click on Add permissions
There are tons of roles you have to choose the one that fit your needs .In this case it is Blueprint Contributor
Next pick the permissions that will be defined
Next add an assignable scopes . Assignable scopes can be management group subscription or resource group .
You can edit directly the json file ( for exemple to add a description if not defined before . )
Next click review and create to see the summary and create to deploy
Go to Role assignments in Access Control (IAM ) to add one and you can see the new custome role have been succesfully created .
To verify the assignment go to Check access and give the user identity
Done ! Hope this can help
Keep in mind that you can also achieve this goal via
- Azure CLI
- REST API
For more information : https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles