Suppose you work for an organization where your team manages a website hosted on Azure VMs. You're assigned the Owner role for the subscription that contains the website's resources. To keep Azure resources secure, you segregate duties within your team and only grant users the minimum access permissions they need to do their job. You have a new employee who's responsible for managing VMs within the subscription. They need to monitor and do troubleshooting tasks like restarting the VMs.

In this module, you'll learn what Azure custom roles are and how they're used to provide granular permissions.

Learning objectives

In this module, you'll:

  • Identify role definition structure and properties
  • Create and manage an Azure custom role for resource access management


  • Basic knowledge of access management concepts in Azure, like Azure role-based access control (RBAC).
  • (Optional) Access to an Azure subscription where you have the User Access Administrator or Owner role for your account