Azure Classroom Series – 17/Apr/2021

Scenario-1: Create a Custom Role using Azure Powershell

  • Lets create a custom role which allows users to have full access on
    • Azure Virtual Machines
    • Azure SQL
  • And the readonly access on Azure Virtual Networks and Azure Storage Accounts
  • Assignable scopes for this role should be any where (Management Groups, Subscription, Resource Group, Resource Level)
  • for resource provider operations Refer Here and for custom role definition Refer Here
  • All the azure cmdlets will have the following basic form <verb>-Az<noun>. Examples are


  • After finding the command , use Get-Help -Online <cmdlet>. So lets execute Get-Help -Online New-AzRoleDefinition
  • Now create the role definition Preview Preview
  • Refer Here for the role definition created.
  • Find the Groups Preview
  • Now try to assign roles
    • Find the right cmd let and its usage Preview
    • Refer Here for samples
  • Now apply the role Preview Preview
  • Exercise: update the Role json and make it work for the above mentined scenario, to change the role defintion use Set-AzRoleDefinition cmdlet
  • Next Steps:
    • Understanding scope failures
    • Creating similar role assignment and creation using Azure CLI

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin