Exercise 2 – creating a custom RBAC role
This section will look at creating a custom RBAC role.
You can use an existing Azure AD instance to perform this exercise if you wish.
The following subsections cover how to complete this exercise, segregated into tasks for ease of understanding.
Task – accessing the Azure portal
- Log into the Azure portal at https://portal.azure.com. Alternatively, you can use the Azure desktop app: https://portal.azure.com/App/Download.
Task – creating a custom RBAC role
- In the search bar, type subscriptions; click Subscriptions from the results list.
- From the Subscriptions blade, click on your subscription.
- From the left menu of the Subscriptions blade, click Access Control (IAM).
- From the Access control blade, click +Add.
- Then, click Add custom role.
- From the Create a custom role blade, on the basics tab, enter the following information:
- Custom role name.
- Description.
- Baseline permissions: leave as the default of Start from scratch.
- Click Next.
- From the Permissions tab, click +Add permissions.
- From the Add permissions blade, you can now search for each permission to add. You can now select the actions you wish the custom role to have. Then, click Add for each permission you wish to add.
- From the Permissions tab, click +Add permissions.
- Evaluate whether you need to add any exclude permissions; click Add or Cancel to return to the main blade to continue.
- Click Next: Review + create.
- On the Review + create tab, review your settings; you may go back to the previous tabs and make any edits if required. Once you have confirmed your settings, click Create.
- You will receive a message stating that the new custom RBAC role was created; click OK on the message.
- From the main Access control (IAM) blade, you will now be able to search/locate the new custom role that was created from the Roles tab.
In this exercise, we successfully created a custom RBAC role. In the following exercise, we will look at applying a resource lock to a resource group.