Azure – You can now create custom RBAC role to access subscription or Resource Groups

As you know, access to Azure subscriptions and resources is managed using Role Based Access Control (RBAC).

While Microsoft is providing a lot of out the box RBAC roles, sometime you may need to create a custom role with very specific permissions to access subscriptions and resource groups.

In the past, this ability to create custom role was only available using command line tools (like PowerShell or Azure Cli).

Well, now you can also use the Azure portal to create a custom role.

Access your Azure portal (https://portal.azure.com/) and then search for Subscriptions, select the subscription you want to create the custom role for and finally access the Access Control blade

NOTE you can also do it from the same Access Control blade at the resource group level

image  image

From there you will have the ability to create your custom role.

You can create a new role from scratch, clone an existing role (including built in ones) or use a JSON file

image

If you have multiple subscriptions (or resource groups) and want to also make this new custom role available to the other ones, you can add additional subscription by adding new scope

image

Leave a Comment

Your email address will not be published.