question

AzCoAdmCore03-3811 avatar image
0 Votes"
AzCoAdmCore03-3811 asked JamesTran-MSFT answered

We are looking for create a global read custom role at Root management group level

We are looking to create a global read custom role at Root management group level, we have elevated the access in one account but i can not see the option on the portal to create a custom role at this level.

Can you please let me know if this is possible?

Thanks

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@AzCoAdmCore03-3811
Thank you for your post and I apologize for the delayed response!

When creating a custom role within the Azure Portal, setting assignable scope to root scope ("/") is not supported. You cannot add a management group as an assignable scope, the highest option would be subscription. For more info - Assignable scopes

89691-image.png

Note: If you'd like to create a custom role using PS, CLI, or REST API, and add it to the Management group level under AssignableScopes this is currently in preview.

Create or update Azure custom roles using Azure PowerShell
Create or update Azure custom roles using Azure CLI
Create or update Azure custom roles using the REST API


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


image.png (53.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.