How to Create an Azure Custom Role?

You can create a custom role in Azure by using the Azure portal, Azure CLI, or Azure PowerShell.

Using the Azure Portal

1. Navigate to the Azure portal: Log in to the Azure portal and search for "Role assignments".
2. Click on "Role assignments": You'll be taken to the role assignments page.
3. Click on "Add role assignment": This will open a new window where you can create a new role assignment.
4. Select the scope: Choose the scope for the role assignment. This could be a resource group, subscription, or management group.
5. Select the role: Choose the built-in role or select "Custom role" to create a new custom role.
6. Define the permissions: Specify the permissions that you want to assign to the custom role. You can choose from a list of available actions, or you can define custom permissions.
7. Name the custom role: Give your custom role a descriptive name.
8. Click "Create": This will create the custom role and assign it to the selected scope.

Using Azure CLI

1. Open Azure Cloud Shell: Launch Azure Cloud Shell in your browser.
2. Use the az role definition create command: This command creates a new custom role.
3. Provide the required information: You'll need to provide the following information:
   • --name: The name of the custom role.
   • --role-type: The type of role, which is always "CustomRole" for custom roles.
   • --description: A description of the custom role.
   • --permissions: The permissions that you want to assign to the custom role. You can specify actions, data actions, or not actions.

Example:

az role definition create --name "MyCustomRole" --role-type CustomRole --description "My custom role description" --permissions "Microsoft.Storage/storageAccounts/read"

Using Azure PowerShell

1. Connect to Azure: Connect to your Azure subscription using Azure PowerShell.
2. Use the New-AzRoleDefinition cmdlet: This cmdlet creates a new custom role.
3. Provide the required information: You'll need to provide the following information:
   • Name: The name of the custom role.
   • RoleType: The type of role, which is always "CustomRole" for custom roles.
   • Description: A description of the custom role.
   • Permissions: The permissions that you want to assign to the custom role. You can specify actions, data actions, or not actions.

Example:

New-AzRoleDefinition -Name "MyCustomRole" -RoleType CustomRole -Description "My custom role description" -Permissions "Microsoft.Storage/storageAccounts/read"

Practical Insights

• Use custom roles to control access to Azure resources: You can use custom roles to restrict access to specific resources or actions.
• Create roles for specific tasks: You can create custom roles for different tasks, such as managing virtual machines, deploying applications, or monitoring resources.
• Simplify role management: Custom roles can help you simplify role management by grouping permissions together.