How to create a custom role using PowerShell?

Question

How to create a custom role using PowerShell?

Sam Wheat 506

I am studying the for this training module:

https://learn.microsoft.com/en-us/training/modules/create-custom-azure-roles-with-rbac/4-manage-custom-roles

I created a custom role in azure portal but I did not save it. I copied the json to a file as is shown below.

When I try to create the role in PowerShell using the exact json I copied from the portal I get this error:

PS C:\temp> New-AzRoleDefinition -InputFile "c:\temp\azure_custom_role.json"

New-AzRoleDefinition : Object reference not set to an instance of an object.

At line:1 char:1 New-AzRoleDefinition -InputFile "c:\temp\azure_custom_role.json" CategoryInfo : CloseError: (:) [New-AzRoleDefinition], NullReferenceException FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.NewAzureRoleDefinitionCommand

I have also seen this article.

{    "properties": {        "roleName": "Learning - Virtual Machine Contributor",        "description": "",        "assignableScopes": [            "/subscriptions/555/resourceGroups/Learning_MS_Azure_Training"        ],        "permissions": [            {                "actions": [                    "Microsoft.Authorization/*/read",                    "Microsoft.ClassicCompute/domainNames/*",                    "Microsoft.ClassicCompute/virtualMachines/*",                    "Microsoft.ClassicNetwork/reservedIps/link/action",                    "Microsoft.ClassicNetwork/reservedIps/read",                    "Microsoft.ClassicNetwork/virtualNetworks/join/action",                    "Microsoft.ClassicNetwork/virtualNetworks/read",                    "Microsoft.ClassicStorage/storageAccounts/disks/read",                    "Microsoft.ClassicStorage/storageAccounts/images/read",                    "Microsoft.ClassicStorage/storageAccounts/listKeys/action",                    "Microsoft.ClassicStorage/storageAccounts/read",                    "Microsoft.Insights/alertRules/*",                    "Microsoft.ResourceHealth/availabilityStatuses/read",                    "Microsoft.Resources/deployments/*",                    "Microsoft.Resources/subscriptions/resourceGroups/read",                    "Microsoft.Support/*"                ],                "notActions": [],                "dataActions": [],                "notDataActions": []            }        ]    }}

0 comments

1 answer

Your answer

Answer 1

Manu Philip 20,651 MVP Volunteer Moderator

Hi Sam Wheat

Make sure that you have the necessary Azure PowerShell modules are installed and imported in your script.

Use these commands to install the modules one more time

Install-Module -Name Az -AllowClobber -Force

Import-Module -Name Az

After the above steps found successful, try running the cmdlet again and see if it helps !

Hope this helps.

--please don't forget to upvote and Accept as answer if the reply is helpful--

kguntaka 6,850 Reputation points Microsoft External Staff

2025-02-14T03:59:14.0633333+00:00

Hi Sam Wheat,

Just wanted to check if you had the chance to review the information that was provided by Manu Philip. Please feel free to contact us if you have any more queries. If I have provided a prompt response, provide your accepted answer by clicking Accept the answer and Upvote. So that other community members can benefit from the information.
kguntaka 6,850 Reputation points Microsoft External Staff

2025-02-18T04:27:28.3333333+00:00

Hi Sam Wheat,

Just wanted to check if you had the chance to review the information that was provided by Manu Philip. If I have provided a prompt response, provide your accepted answer by clicking Accept the answer and Upvote. So that other community members can benefit from the information.

Share via

How to create a custom role using PowerShell?

1 answer

Your answer