Azure – You can now create custom RBAC role to access subscription or Resource Groups

As you know, access to Azure subscriptions and resources is managed using Role Based Access Control (RBAC).

While Microsoft is providing a lot of out the box RBAC roles, sometime you may need to create a custom role with very specific permissions to access subscriptions and resource groups.

In the past, this ability to create custom role was only available using command line tools (like PowerShell or Azure Cli).

Well, now you can also use the Azure portal to create a custom role.

Access your Azure portal ( and then search for Subscriptions, select the subscription you want to create the custom role for and finally access the Access Control blade

NOTE you can also do it from the same Access Control blade at the resource group level

image_thumb  image_thumb[1]

From there you will have the ability to create your custom role.

You can create a new role from scratch, clone an existing role (including built in ones) or use a JSON file


If you have multiple subscriptions (or resource groups) and want to also make this new custom role available to the other ones, you can add additional subscription by adding new scope


Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies