How To Create Custom Roles in Azure
IT Tips & Insights: Learn the basics steps to create a custom role in Azure.
By Bidkar Solis, Site reliability Engineer
If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group (in preview only), subscription, and resource group scopes.
Here are the steps to create a custom role:
1. Determine the permissions you need.
When you create a custom role, you need to know the actions that are available to define your permissions. Typically, you start with an existing built-in role and then modify it for your needs. You will add the actions to the Actions or NotActions properties of the role definition. If you have data actions, you will add those to the DataActions or NotDataActions properties.
Read more about How to determine the permissions you need.
2. Decide how you want to create the custom role.
You can create custom roles using Azure portal, Azure PowerShell, Azure CLI, or the REST API.
3. Create the custom role.
The easiest way to create a custom role is to use the Azure portal. For steps on how to create a custom role using the Azure portal, see Create or update Azure custom roles using the Azure portal.
4. Test the custom role.
Once you have your custom role, you have to test it to verify that it works as you expect. If you need to make adjustments later, you can update the custom role.
Bidkar Solis is a Scrum Master/SRE engineer at Softensity with 5 years of experience in Azure technologies. Serving as an Azure administrator, Bidkar uses his experience to help advise the SRE team and facilitate their activities.