When creating custom Azure RBAC user role, what assignment scope types can you use?

Experience Level: Junior
Tags: Azure Active DirectoryAzure Cloud

Answer

You can assign a role to 4 scopes (and all of them as well):
  • All scopes - "/"
  • Management group - "/providers/Microsoft.Management/managementGroups/{groupId1}"
  • Subscription - "/subscriptions/{subscriptionId1}"
  • Resource groups - "/subscriptions/{subscriptionId1}/resourceGroups/resourceGroup1"
  • Resources

This is the full hierarchy that you can use:

/subscriptions

    /{subscriptionId}

        /resourcegroups

            /{resourceGroupName}

                /providers

                    /{providerName}

                        /{resourceType}

                            /{resourceSubType1}

                                /{resourceSubType2}

                                    /{resourceName}

Assignments can be combined, so that you can apply a role to multiple subscriptions, multiple resource groups, to a subscription and a resource group. Any combination can be used. When multiple scopes are assigned, they need to be comma separated.

Related Azure Cloud job interview questions

Comments

No Comments Yet.
Be the first to tell us what you think.
Azure Active Directory
Azure Active Directory

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself
AZ-104 Microsoft Azure Administrator Preparation
AZ-104 Microsoft Azure Administrator Preparation

Are you learning Azure Cloud ? Try our test we designed to help you progress faster.

Test yourself