Skill

azure-rbac

Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC roles, ABAC conditions, deny assignments, PIM, policy integration, or role APIs, and other Azure Role-based access control related development tasks. Not for Azure Active Directory B2C (use azure-active-directory-b2c), Azure Information Protection (use azure-information-protection), Azure Policy (use azure-policy), Azure Security (use azure-security).

npx claudepluginhub atc-net/atc-agentic-toolkit --plugin azure

Tool Access

This skill uses the workspace's default tool permissions.

Preview

This skill provides expert guidance for Azure RBAC. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.

SKILL.md

Similar Skills

azure-rbac

203

Finds least privilege Azure RBAC roles matching desired permissions for identities, generates CLI commands and Bicep code to assign them, and provides guidance on roles needed to grant access. Useful for queries like 'role to read blobs' or 'assign role to managed identity'.

azure

role-devops:azure-expert

Provides expert guidance on Azure production workloads including Entra ID/RBAC, VNets, AKS, Container Apps, App Service, Functions, SQL/Cosmos DB, storage, networking, security, monitoring, and cost management.

3 files4 tools

role-devops

azure-capacity-management

Guides Azure capacity and quota management for SaaS ISVs in EA/MCA subscriptions. Covers VM quota increases, reservation groups, region access, alerts, AKS integration, and governance.

20 files

azure-capacity-management

Stats

Parent Repo Stars1

Parent Repo Forks1

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Category	Lines	Description
Troubleshooting	L29-L36	Diagnosing and fixing Azure RBAC issues: access denials, role/condition misconfigurations, role limit errors, and auditing role/condition changes via Activity Log
Best Practices	L38-L43	Security-focused guidance on designing Azure RBAC: choosing scopes, delegating access with ABAC conditions, and applying least privilege and separation-of-duties best practices.
Decision Making	L45-L51	Guidance on choosing and migrating role models: moving from classic admins to RBAC, scaling with ABAC, selecting Azure vs Entra vs classic roles, and transferring subscriptions between directories.
Limits & Quotas	L53-L57	Designing and managing Azure RBAC custom roles, including understanding role structure, permissions, and step-by-step creation using the Azure portal
Security	L59-L123	Azure RBAC roles, permissions, and conditions: built‑in role references by service, custom roles, ABAC, deny assignments, PIM, policy integration, and secure delegation of access.
Configuration	L125-L135	Configuring Azure RBAC/ABAC: prerequisites, condition syntax, role assignments, built‑in vs custom roles, and creating/inspecting custom role definitions via CLI and PowerShell
Integrations & Coding Patterns	L137-L152	How to assign, list, and query Azure RBAC role assignments using portal, CLI, PowerShell, Bicep/ARM templates, REST API, and managed identities

Topic	URL
Audit Azure RBAC changes using Activity Log	https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report
Resolve common issues with Azure RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq
Troubleshoot Azure RBAC role assignment conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot
Resolve Azure RBAC role and custom role limit issues	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits
Troubleshoot common Azure RBAC access issues	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting

Topic	URL
Apply security-focused best practices for Azure RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices
Example patterns for delegating RBAC with ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples
Choose appropriate Azure RBAC scopes for access	https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview

Topic	URL
Migrate from Azure classic administrators to RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators
Scale Azure RBAC assignments using ABAC and attributes	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example
Choose between Azure, Entra, and classic admin roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
Transfer Azure subscriptions between Entra directories	https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription

Topic	URL
Understand and configure Azure RBAC custom roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Create Azure custom roles in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

azure-rbac

Tool Access

Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

azure-rbac

Tool Access

Preview

SKILL.md

Azure RBAC Skill

How to Use This Skill

Category Index

Troubleshooting

Best Practices

Decision Making

Limits & Quotas

Security

Configuration

Integrations & Coding Patterns

Similar Skills

Help us improve

Azure RBAC Skill

How to Use This Skill

Category Index

Troubleshooting

Best Practices

Decision Making

Limits & Quotas

Security

Configuration

Integrations & Coding Patterns

Topic	URL
Reference for all Azure RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Azure RBAC AI and ML built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning
Azure RBAC analytics built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics
Understand Azure RBAC built-in compute roles and permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute
Azure RBAC containers built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers
Azure RBAC databases built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases
Azure RBAC DevOps built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops
Azure RBAC general built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general
Use hybrid and multicloud RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud
Azure RBAC identity built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity
Azure RBAC integration built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration
Azure RBAC IoT built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things
Apply management and governance RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance
Use Azure RBAC built-in roles for migration tasks	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration
Assign Azure RBAC built-in roles for monitoring	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor
Azure RBAC networking built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking
Azure RBAC privileged built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged
Azure RBAC security built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security
Azure RBAC storage built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage
Azure RBAC web and mobile built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile
Restrict blob read access using tags and ABAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes
Manage Azure RBAC conditions using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli
Configure Azure RBAC role assignment conditions in portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal
Manage Azure RBAC conditions using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell
Manage Azure RBAC conditions via REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest
Define Azure RBAC conditions in ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template
Define Azure custom roles using Bicep	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep
Manage Azure custom roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli
Manage Azure custom roles using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
Manage Azure custom roles via REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest
Define Azure custom roles with ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template
Delegate Azure RBAC role assignment management securely	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-overview
Delegate Azure RBAC role management with ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal
List and understand Azure RBAC deny assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments
Elevate Global Administrator access to all subscriptions	https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
Use AI and machine learning RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning
Use Analytics category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics
Use Azure Compute RBAC permissions for custom roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute
Use Containers category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers
Use Databases category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases
Use DevOps category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops
Use General category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general
Use hybrid and multicloud RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud
Use Identity category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity
Use Integration category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration
Use IoT category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things
Use management and governance RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance
Use Migration category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration
Use Monitor category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor
Use Networking category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking
Use Security category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security
Use Storage category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage
Use Web and Mobile Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile
Use PIM for eligible and time-bound Azure RBAC roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration
Apply Azure RBAC built-in policy definitions	https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference
Reference Azure resource provider permission operations	https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
Alert on privileged Azure RBAC role assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert
Activate eligible Azure RBAC roles in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate
Grant Azure RBAC access to external B2B users	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users
Assign Azure RBAC roles in Azure portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Assign subscription Owner with constrained RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin
Apply Azure Policy compliance controls to Azure RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy

Topic	URL
Use actions and attributes in Azure ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes
Author Azure RBAC condition expressions and syntax	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format
Meet prerequisites to use Azure RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites
Configure and interpret Azure RBAC role assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments
Understand and configure Azure RBAC role definitions	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions
List and inspect Azure built-in and custom RBAC roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list
Create Azure custom RBAC roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli
Define Azure custom RBAC roles with PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

Topic	URL
Assign Azure RBAC roles using Bicep templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep
Assign Azure RBAC roles with ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template
Assign Azure RBAC roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli
List Azure RBAC role assignments via Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli
View Azure RBAC role assignments in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal
List Azure RBAC role assignments using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell
Query Azure RBAC role assignments using REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest
Assign Azure RBAC roles starting from a managed identity	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity
Assign Azure RBAC roles via PowerShell for all principals	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
Assign Azure RBAC roles through the REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest
Assign Azure RBAC roles using ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template
Grant group-based Azure RBAC access via PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell
Grant Azure RBAC access using PowerShell commands	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell