Azure Customised Global Admin role

Patrik Jakus 1 Reputation point
2022-10-27T15:20:22.19+00:00

Hi Community,

I would like to create an Azure customised role (in JSON format) with Global Admin perms but with a limitation to creating resources. Anyone can help with that?

(or a more relevant built-in Azure role?)

Much appreciated!

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
702 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,173 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. David Broggy 5,701 Reputation points MVP
    2022-10-27T15:25:55.463+00:00

    Hi Patrik,
    Are you asking because you don't have PIM?
    From my experience it's better to work with the existing roles but use PIM to control access to all privileged roles.
    You should can also use PIM to have another user authorize the use of privileged roles so there's no single person allowed to do any changes.

    And if you're dealing with b2b, supply chains, etc that need privileged access to resources I'd suggest looking at Priva.

    Reference:
    pim-getting-started
    microsoft-priva-risk-management

    0 comments No comments

  2. Patrik Jakus 1 Reputation point
    2022-11-02T16:34:28.367+00:00

    Hi David,

    I might have been a bit confusing. Let me clarify it.

    I want to create a "limited contributor" role, with the limitations of create new resources, but want to manage the ones which are already created. I hope that makes sense.

    0 comments No comments