Does Azure custom role needs additional assignment other than defining assignable scopes.?

Anudeep Duddu 21 Reputation points
2021-08-05T13:25:54.397+00:00

Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
677 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2021-08-06T07:40:35.103+00:00

    Hi @AnudeepDuddu-4551 • Thank you for reaching out.

    When you create a Custom Azure RBAC Role with a subscription is defined in assignable scopes, the Role becomes available at the subscription level to be assigned to Users/Groups/servicePrincipals. However, if you do not assign the role to any identity (Users/Groups/servicePrincipals), there won't be any impact of it. An unassigned RBAC role is just an unused object which is neither restricting nor granting access to any resources within the subscription defined under AssignableScopes parameter of the custom RBAC role.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.