question

AnudeepDuddu avatar image
0 Votes"
AnudeepDuddu asked amanpreetsingh-msft commented

Does Azure custom role needs additional assignment other than defining assignable scopes.?

Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @AnudeepDuddu-4551 • Thank you for reaching out.

When you create a Custom Azure RBAC Role with a subscription is defined in assignable scopes, the Role becomes available at the subscription level to be assigned to Users/Groups/servicePrincipals. However, if you do not assign the role to any identity (Users/Groups/servicePrincipals), there won't be any impact of it. An unassigned RBAC role is just an unused object which is neither restricting nor granting access to any resources within the subscription defined under AssignableScopes parameter of the custom RBAC role.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @AnudeepDuddu-4551 • Just checking if you have any further question.

0 Votes 0 ·