Skills
skills/microsoft/azure-skills/azure-rbac

azure-rbac

SKILL.md

Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:

Prerequisites for Granting Roles

To assign RBAC roles to identities, you need a role that includes the Microsoft.Authorization/roleAssignments/write permission. The most common roles with this permission are:

  • User Access Administrator (least privilege - recommended for role assignment only)
  • Owner (full access including role assignment)
  • Custom Role with Microsoft.Authorization/roleAssignments/write
Weekly Installs
10.5K
Repository
microsoft/azure-skills
GitHub Stars
1
First Seen
4 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
github-copilot10.5K
opencode7
gemini-cli7
codex7
amp7
cline7