Azure Classroom Series – 31/Jul//2020

Custom Roles in Azure

  • Prerequisites:

    1. Json
    2. To assign roles to others you should be Owner or User Access Administrator in Azure
  • Simple Method used in creating Roles:

    1. Look at existing roles
    2. Search for permissions
    3. View the available permissions
  • Azure Resource Manager Provider Refer Here:

    • In Azure Resource operations are provided by Resources provider
    • To give fine-grained access we need to Resource Provider operations which are documented over here
    • To view Resource Provider by service Refer Here Preview
  • Custom roles can be created from

    • Portal
    • Powershell
    • Azure CLI
    • REST API
    • ARM Template

Steps for creating roles from Portal

  • Open IAM blade in the subscription Preview
  • Open the Roles tab, select any role and view permissions. If you want a create a similar custom role, we can use clone Preview Preview
  • If you prefer starting from scratch Preview

Json Structure of Custom role

  • Create a Json file file with following syntax Refer here for more info
{
  "properties": {
    "roleName": "",
    "description": "",
    "assignableScopes": [],
    "permissions": [
      {
        "actions": [],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}

  • Lets create a learning role which has access to all virtual machines
{
  "properties": {
    "roleName": "qt vm admin",
    "description": "vm admin for the quality thought",
    "assignableScopes": [],
    "permissions": [
      {
        "actions": [
            "Microsoft.Network/*",
            "Microsoft.Compute/*"

        ],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}
  • Now assign this role to any ad user Preview
  • Now evaluate permissions by log in as user and adjust permissions accordingly.

Important References for writing roles

  1. Operations
  2. Resource Provider By Service
  3. Json Structure

Exercise

  • Create a custom role where the users will have full permissions on Azure SQL, Azure VM and Azure Resource Groups
  • Setup Azure CLI & Azure Powershell Watch Here

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin