When creating custom Azure RBAC user role, what assignment scope types can you use?
Experience Level: Junior
Tags: Azure Active DirectoryAzure Cloud
Answer
You can assign a role to 4 scopes (and all of them as well):
- All scopes - "/"
- Management group - "/providers/Microsoft.Management/managementGroups/{groupId1}"
- Subscription - "/subscriptions/{subscriptionId1}"
- Resource groups - "/subscriptions/{subscriptionId1}/resourceGroups/resourceGroup1"
- Resources -
This is the full hierarchy that you can use:
/subscriptions
/{subscriptionId}
/resourcegroups
/{resourceGroupName}
/providers
/{providerName}
/{resourceType}
/{resourceSubType1}
/{resourceSubType2}
/{resourceName}
Assignments can be combined, so that you can apply a role to multiple subscriptions, multiple resource groups, to a subscription and a resource group. Any combination can be used. When multiple scopes are assigned, they need to be comma separated.
Related Azure Cloud job interview questions
According to Microsoft Cloud Adoption Framework (CAF), what are the three specific terms related to Management phaze that can help improve conversations among business stakeholders?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are 6 key steps for establishing a management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat is management baseline according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorWhat are the 5 disciplines of cloud governance according to Microsoft Cloud Adoption Framework (CAF)?
Microsoft Cloud Adoption Framework (CAF) JuniorIs Cloud Security Posture Management (CSPM) available for all Azure Subscriptions?
Microsoft Defender Junior