Versions Compared

Version Old Version 13 New Version 14
Changes made by

Daria Lebedeva

Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Create a Custom Role

Keep in mind that you You need to have Owner or User Access Administrator permissions to create custom roles.

...

1. In the Azure portal, open a subscription or a resource group where the a custom role is to be assigned to.

...

c) 'Clone a role'. Select one* of the existing roles and open .

*Commonly used Azure built-in roles:

Built-in Role

ID

Reader

acdd72a7-3385-48ef-bd42-f606fba81ae7

Contributor

b24988ac-6180-42a0-ab88-20f7382dd24c

Virtual Machine Contributor

d73bb868-a0df-4d4d-bd69-98a00b01fccb

Virtual Network Contributor

b34d265f-36f7-4a0d-a4d4-e158ca92e90f

Storage Account Contributor

86e8f5dc-a6e9-4c67-9d15-de283e8eac25

Web Plan Contributor

2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b

SQL server Contributor

6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437

SQL DB Contributor

9b7fa17d-e63e-47b0-bb0a-15c516ac86ec

Read more

Open the tab 'JSON' to and modify the permissions . The JSON body should look like as in the template below:

Code Block
{
  "name": "{your-existing-Role-definition-id}",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/extensions/write",
        "Microsoft.Storage/storageAccounts/listKeys/action"
      ],
      "notActions": []
    }
  ],
  "AssignableScopes": [
    "/subscriptions/{subscription-id}",
     "/subscriptions/{subscription-id}",
    "/subscriptions/{subscription-id}"
  ],
  "RoleName": "{your-Role-name}",
  "RoleType": "CustomRole",
  "type": "Microsoft.Authorization/RoleDefinitions"
}

Replace {your-existing-Role-definition-id} with your role definition id. In the section "AssignableScopes" add the string "/subscriptions/{subscription-id}" with your {subscription-id}.*Commonly used Azure built-in roles with necessary permissions:

Built-in Role

ID

Reader

acdd72a7-3385-48ef-bd42-f606fba81ae7

Contributor

b24988ac-6180-42a0-ab88-20f7382dd24c

Virtual Machine Contributor

d73bb868-a0df-4d4d-bd69-98a00b01fccb

Virtual Network Contributor

b34d265f-36f7-4a0d-a4d4-e158ca92e90f

Storage Account Contributor

86e8f5dc-a6e9-4c67-9d15-de283e8eac25

Web Plan Contributor

2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b

SQL server Contributor

6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437

SQL DB Contributor

9b7fa17d-e63e-47b0-bb0a-15c516ac86ec

Read more

4. Assign the custom role to a user in case you are adding a Native application, or to the application in case you are adding a Web app/API.

Custom role creation in Azure Portal is an asynchronous operation. This means that a time lag may take place.

5. Open the tab 'Review + Create'. Check the role details and click Create.

Update an Existing Cloudaware Custom Policy

...