Hi Folks,

 Azure custom role creation in the Azure portal is in public preview. Previously, creating or editing custom roles was only possible through the command-line or Azure Resource Manager API. Now, ease your role-based access control (RBAC) workflow using the new experience.

In this post we will see how does it work .You can use custom role for security purpose ( least privilege ) or to meet the customer or simply your business needs.

To begin click the add button in the Create a custom role area

Next give a name a desciption and a way to create a baseline permission .

  • You can clone a builtin role : in this case you have to add or exclude permissions to one’s defined by the builtin role.
  • Start from Scratch : in this case you have to add permissions one by one .
  • Start from Json : in this case you have to upload a file in json format

In this post we use clone a role ( Reader )

Next click on Add permissions

There are tons of roles you have to choose the one that fit your needs .In this case it is Blueprint Contributor

Next pick the permissions that will be defined

Next add an assignable scopes . Assignable scopes can be management group subscription or resource group .

You can edit directly the json file ( for exemple to add a description if not defined before . )

Next click review and create to see the summary and create to deploy

Go to Role assignments in Access Control (IAM ) to add one and you can see the new custome role have been succesfully created .

To verify the assignment go to Check access and give the user identity

Done ! Hope this can help

Keep in mind that you can also achieve this goal via

  • Powershell
  • Azure CLI

For more information : https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

Categories: RBAC

Ibrahima Mbodji

Passionné de nouvelles technologies


Leave a Reply