Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups
Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups
Hi @AnudeepDuddu-4551 • Thank you for reaching out.
When you create a Custom Azure RBAC Role with a subscription is defined in assignable scopes, the Role becomes available at the subscription level to be assigned to Users/Groups/servicePrincipals. However, if you do not assign the role to any identity (Users/Groups/servicePrincipals), there won't be any impact of it. An unassigned RBAC role is just an unused object which is neither restricting nor granting access to any resources within the subscription defined under AssignableScopes parameter of the custom RBAC role.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi @AnudeepDuddu-4551 • Just checking if you have any further question.
5 people are following this question.