To provide PIM access using BICEP


How to add custom RBAC role to Privileged Identity Management using BICEP template at a subscription scope?

Presently, I am using this BICEP template to create a custom role at the subscription level of scope. Kindly let me know how to define a PIM for the below mentioned template.

targetScope = 'subscription'

@description('Array of actions for the roleDefinition')
param actions array = [

@description('ID of the role definition')
param roleDefName string = 'xxxxx'

@description('Array of notActions for the roleDefinition')
param notActions array = []

@description('Friendly name of the role definition')
param roleName string = 'Custom Role - Support Req Contributor'

@description('Detailed description of the role definition')
param roleDescription string = 'Subscription Level Deployment of a Role Definition'

//var roleDefName = guid(subscription().id, string(actions), string(notActions))

resource roleDef 'Microsoft.Authorization/roleDefinitions@2022-04-01' = {
  name: roleDefName
  properties: {
    roleName: roleName
    description: roleDescription
    type: 'customRole'
    permissions: [
        actions: actions
        notActions: notActions
    assignableScopes: [

Microsoft Entra
{count} vote