Skip to main content



Azure RBAC Custom Roles

Azure supports Role-Based-Access-Control (RBAC) to controlling what actions a principal (user, service principal etc) can perform via the Azure Portal, XPlat Cli or Azure PowerShell module.

Azure provides quite a few built-in roles (48 at this time) but it is also possible to define your own custom roles. In this post I will provide a few general tips on RBAC and also how to go about creating your own custom roles.

Actions and NotActions Actions are permissions/operations that you wish to allow and NotActions are ones that you wish to restrict. When assigning roles you need to be conscious of the fact that NotActions are not deny rules as mentioned in the Microsoft document:

If a user is assigned a role that excludes an operation in NotActions, and is assigned a second role that grants access to the same operation, the user will be allowed to perform that operation. NotActions is not a deny rule – it is simply a convenient way to create a set of allowed operations when sp…

Latest posts

ARM Template Plaster Template Manifest

Azure ARM Templates and Testing with Pester

Azure ASEs ARM Templates and resourceGroup.location() function

Azure App Service Environments (ASEs) and AD Integration

Auditing Azure RBAC Assignments

HDInsight and WebSSH Security Issue

KVM Automation

Simple way to run the beeline client on a Kerberised Hadoop cluster

Simple way to kinit as a Hadoop system user with CDH

How to fix SemanticException No valid privileges error when creating a database with Hive