Azure RBAC Custom Roles
- Refer Here for official docs
- Properties of custom roles Refer Here
- Actions Refer Here
- Actions format Refer Here
- Refer Here for the list of resource providers
Activity 1: Lets create a role in Azure for a user to view every thing and create virtual networks from portal
- We want all read actions
*/readandMicrosoft.Network/virtualNetworks/write - Creating a custom role in azure portal Refer Here
{
"properties": {
"roleName": "ltvnetcreator",
"description": "this will have permission to read and create vnets",
"assignableScopes": [],
"permissions": [
{
"actions": ["*/read", "Microsoft.Network/virtualNetworks/write"],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
Activity 1: Lets create a role in Azure for a user to view every thing and create storage acconts from cli
- Refer Here for the quick start
- role
{
"Name": "activity2",
"IsCustom": true,
"Description": "Can read and create storage accounts",
"Actions": [
"*/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Resources/deployments/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/{your-subscription-id}"
]
}
- Exercise:
- Create a role for a user to have all read permissions and create network but not delete network
- Create a role for a user to perform all actions but not delete actions.
