In this video, Sharon creates a new RBAC role based on a standard role using a JSON script, and adds the role to the subscription using PowerShell.
- [Instructor] We can also design Azure RBAC custom roles…if the standard roles do not meet our needs.…We can create these roles using PowerShell,…the REST API, or the Command Line Interface.…The best way to do is it modify an existing role,…and I'm going to show you how to do that in a moment.…Now, don't start freaking out,…but we are going to be doing this in the JSON format.…It's not that hard.…If I can do it, anybody can do it.…Our JSON template will include a name,…a role description, the Actions.…
So, this is what the user can do.…The NotActions, what the user can't do,…and the AssignableScopes, basically the list…of subscriptions that the role can be applied to.…That means you can make the custom role…in one subscription but use it across several.…Let's take a look at the Actions section…in a little bit more depth.…What we've done here is we've customized the actions…for the virtual machine contributor role.…What we want this custom role to be able to do…is to start and restart virtual machines,…and we can see that here.…
Studying for Microsoft certification? Topics covered here map to objectives on exam 70-534, Architecting Microsoft Azure Solutions.
- Securing with managed identities
- Securing with hybrid identities
- Security with identity providers
- Identifying the right solution
- Designing a role-based Azure security solution
- Managing security risks