Reputation: 21
Is there any chance to extract specific permissions from few roles and create a new role with them
I want to create custom Azure role by extracting few properties from couple of roles like User Administrator and Application Administrator.
I saw few blogs and articles on creating custom RBAC role but my need is for Directory roles.
Permissions needed
microsoft.directory/users/*
microsoft.directory/groups/*
microsoft.directory/applications/*
microsoft.directory/serviceprincipals/*
How to create custom directory role in my case?
Any inputs are needed
Thanks
Upvotes: 1
Views: 178
Answers (1)
Reputation: 22542
To create custom role in Azure AD, you need to have either Azure AD Premium P1 or P2 license along with Global Admin or Privileged Admin roles.
I tried to reproduce the same in my environment and got below results:
I have Azure AD Premium P2 license for my Azure AD tenant like below:
To create custom role in Azure AD, you need to follow below steps:
Go to Azure Portal -> Azure Active Directory -> Roles and administrators -> All roles -> New custom role
In Basics tab, enter custom role name and select Start from scratch option -> Next:
In Permissions tab, you can select the permissions based on your requirement in the list like below:
After selecting all required permissions, you can click on Create in Review + Create tab like below:
After that, custom role created successfully in Azure AD like below:
You can assign that custom role to Azure AD users like below:
Go to Azure Active Directory -> Roles and administrators -> All roles -> Click on your custom role -> Add assignments
I assigned that custom role to one Azure AD user like below:
You can select the type based on your need and assign role accordingly like below:
After few minutes, it assigned to the user successfully like below:
Note that, you cannot find New custom role option if your tenant doesn't have required license.
I have another tenant with Azure AD Free license like below:
When I tried to create custom role, New custom role option is greyed out like below:
So, make sure to have required licenses and roles before creating Azure AD custom roles.
Upvotes: 1
Related Questions
- Manually extract and review access roles for Azure VM
- Azure custom role: authorize role assignment for a specific set of roles
- How to create custom RBAC/ABAC role in Azure?
- Azure role assignment precedence
- Azure RBAC Custom Roles
- How to assign roles to the users in Azure Active Directory
- How to get list of all roles assignments using RBAC API
- How can i do the Role Based Access Control in Azure Kubernetes Service?
- Azure RBAC Permissions Tree?
- Create custom role for subscription in azure