Custom Role is a set of permissions that can be chosen from a list of permissions. Custom Roles can be assigned in two steps:
- Create custom roles.
- Assign it to User/Group.
Prerequisites:
- Azure subscription
- Azure Global Administrator or Role Administrator permissions to create custom roles.
Custom Role can be assigned organization wise or object wise(e.g., Resource).Below are the steps to assign custom roles to a resource which can utilized by a user/group:
1.Sign into the Azure portal and choose resource group.
2.Mention the Resource Group name and click ‘Review + Create’. From sample, our Resource Group name is ‘ResAndDev’.
3.Once Resource group is created, go to ‘Access Control (IAM)’ under the reosurce group. Click ‘Add Custom Role’.
4.Enter the Custom Role Name, description and choose ‘Start from scratch’. For Sample, ‘ResAndDevRole’ is the custom Role name.
5.Under permission tab, click ‘Add Permission’ to choose the permission from the list of permissions.
Below are the sample permissions for respective requirements.
- To create Bot Service – > And select ‘Bot Service’ from the card and select.
- Microsoft.BotService/register/action
- Microsoft.BotService/botServices/write
- To create App Service -> Select ‘Microsoft Web Apps’ from the card and select
- microsoft.web/register/action
- Microsoft.Web/sites/Write
- Microsoft.Web/serverfarms/Write
- To create SQL database -> Select ‘Microsoft SQL Database’ from the card and select.
- Microsoft.Sql/register/action
- Microsoft.Sql/managedInstances/databases/write
As mentioned, all the permissions are added at the resource group level. This means that the user or group is going to have mentioned permissions for the selected Resource Group (ResAndDev).
To add required permission, click ‘Review +Create’. Once Custom Role is created, click ‘Add’ ->’Add Role Assignments’. Choose the custom Role created in the ‘Job Function Role’ tab and click ‘Next’.
In the ‘Members’ tab, choose the user or group to be assigned with the custom role and click ‘Review + Assign’. Now, the chosen user will be able to perform the above mentioned action in the permission list within the chosen resource group.
For example, the chosen user can create an App service in the ‘ResAndDev’ resource group.
Summary:
Hope this blog helps in understanding custom role creation and assignment at the resource level.
No Comment! Be the first one.