{"id":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","shortId":"apGWXP","kind":"skill","title":"azure-rbac","tagline":"Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC roles, ABAC conditions, PIM, custom role definit","description":"# Azure Role-based access control Skill\n\nThis skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L35-L43 | Diagnosing and fixing Azure RBAC problems: activity log auditing, role/condition errors, assignment condition troubleshooting, and limits for built‑in and custom roles. |\n| Best Practices | L44-L50 | Security-focused guidance on designing Azure RBAC: choosing scopes, delegating access with ABAC conditions, and applying least privilege and separation-of-duties best practices. |\n| Decision Making | L51-L56 | Guidance on choosing and migrating role models: moving from classic admins to RBAC, scaling with ABAC, selecting Azure vs Entra vs classic roles, and transferring subscriptions between directories. |\n| Limits & Quotas | L57-L62 | Designing and managing Azure RBAC custom roles, including understanding role structure, permissions, and step-by-step creation using the Azure portal |\n| Security | L63-L129 | Azure RBAC roles, permissions, ABAC conditions, custom roles, and PIM: how to assign, secure, scope, and audit access to Azure resources across all service categories. |\n| Configuration | L130-L140 | Configuring Azure RBAC/ABAC: prerequisites, condition syntax, role assignments, built‑in vs custom roles, and creating/inspecting custom role definitions via CLI and PowerShell |\n| Integrations & Coding Patterns | L141-L156 | How to assign, list, and query Azure RBAC role assignments using CLI, PowerShell, portal, REST, ARM/Bicep templates, including managed identities and group-based access. |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Audit Azure RBAC changes using Activity Log | https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report |\n| Resolve common issues with Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq |\n| Troubleshoot Azure RBAC role assignment conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot |\n| Resolve Azure RBAC role and custom role limit issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits |\n| Diagnose and resolve common Azure RBAC issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Apply security-focused best practices for Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices |\n| Example patterns for delegating RBAC with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples |\n| Choose appropriate Azure RBAC scopes for access | https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Scale Azure RBAC assignments using ABAC and attributes | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example |\n| Transfer Azure subscriptions between Entra directories | https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Understand and configure Azure RBAC custom roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles |\n| Create Azure custom roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Reference Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles |\n| Use AI and machine learning Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning |\n| Assign analytics Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics |\n| Assign compute-focused Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute |\n| Control container workloads with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers |\n| Secure database resources using Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases |\n| Apply DevOps Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops |\n| Apply general-purpose Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general |\n| Use RBAC roles for hybrid and multicloud | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud |\n| Reference identity-focused Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity |\n| Configure integration workloads with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration |\n| Manage IoT access with Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things |\n| Use RBAC roles for management and governance | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance |\n| Use Azure RBAC built-in migration roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration |\n| Use Azure RBAC built-in monitor roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor |\n| Use networking Azure RBAC built-in roles and scopes | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking |\n| Use privileged Azure RBAC built-in roles securely | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged |\n| Use security-category Azure RBAC built-in roles safely | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security |\n| Configure storage access with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage |\n| Manage web and mobile access via Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile |\n| Use authorization actions and attributes in Azure ABAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes |\n| Restrict blob read access using tags and ABAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes |\n| Manage Azure RBAC conditions using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli |\n| Configure Azure RBAC role assignment conditions in portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal |\n| Manage Azure RBAC conditions using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell |\n| Manage Azure RBAC conditions via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest |\n| Define Azure RBAC conditions in ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template |\n| Define Azure custom roles using Bicep | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep |\n| Manage Azure custom roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli |\n| Manage Azure custom roles using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell |\n| Manage Azure custom roles via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest |\n| Define Azure custom roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template |\n| Delegate Azure role assignments with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal |\n| List and understand Azure RBAC deny assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments |\n| Elevate Global Administrator access to all subscriptions | https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin |\n| Use AI and ML permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning |\n| Use analytics permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics |\n| Use compute permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute |\n| Use container permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers |\n| Use database permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases |\n| Use DevOps permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops |\n| Use general-category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general |\n| Use hybrid and multicloud permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud |\n| Use identity permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity |\n| Use integration permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration |\n| Use IoT permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things |\n| Use management and governance permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance |\n| Use migration permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration |\n| Use monitor permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor |\n| Use networking permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking |\n| Use security-category permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security |\n| Use storage permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage |\n| Use web and mobile permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile |\n| Use PIM for eligible and time-bound Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration |\n| Apply Azure RBAC built-in policy definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference |\n| Choose between Azure RBAC, Entra, and classic admin roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles |\n| Reference Azure resource provider permissions for RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations |\n| Alert on privileged Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert |\n| Activate eligible Azure RBAC roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate |\n| Assign Azure RBAC roles to external B2B users | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users |\n| Assign Azure RBAC roles in Azure portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal |\n| Assign subscription Owner with constrained RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin |\n| Apply Azure Policy compliance controls to Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Author Azure RBAC condition expressions and syntax | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format |\n| Meet prerequisites to use Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites |\n| Configure and interpret Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments |\n| Understand and configure Azure RBAC role definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions |\n| List and inspect Azure built-in and custom RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list |\n| Create Azure custom RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli |\n| Define Azure custom RBAC roles with PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Assign Azure RBAC roles using Bicep templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep |\n| Assign Azure RBAC roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template |\n| Assign Azure RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli |\n| List Azure RBAC role assignments via Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli |\n| View Azure RBAC role assignments in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal |\n| List Azure RBAC role assignments with PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell |\n| Query Azure RBAC role assignments using REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest |\n| Assign Azure RBAC roles starting from a managed identity | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity |\n| Assign Azure RBAC roles via PowerShell for all principals | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell |\n| Assign Azure RBAC roles through the REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest |\n| Assign Azure RBAC roles using ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template |\n| Grant group-based Azure RBAC access via PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell |\n| Grant Azure RBAC access using PowerShell commands | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell |","tags":["azure","rbac","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-rbac","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-rbac","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (17,034 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:53:58.050Z","embedding":null,"createdAt":"2026-04-18T21:59:53.895Z","updatedAt":"2026-05-18T18:53:58.050Z","lastSeenAt":"2026-05-18T18:53:58.050Z","tsv":"'/en-us/azure/role-based-access-control/best-practices':492 '/en-us/azure/role-based-access-control/built-in-roles':576 '/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning':587 '/en-us/azure/role-based-access-control/built-in-roles/analytics':600 '/en-us/azure/role-based-access-control/built-in-roles/compute':613 '/en-us/azure/role-based-access-control/built-in-roles/containers':623 '/en-us/azure/role-based-access-control/built-in-roles/databases':633 '/en-us/azure/role-based-access-control/built-in-roles/devops':646 '/en-us/azure/role-based-access-control/built-in-roles/general':659 '/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud':669 '/en-us/azure/role-based-access-control/built-in-roles/identity':682 '/en-us/azure/role-based-access-control/built-in-roles/integration':692 '/en-us/azure/role-based-access-control/built-in-roles/internet-of-things':705 '/en-us/azure/role-based-access-control/built-in-roles/management-and-governance':715 '/en-us/azure/role-based-access-control/built-in-roles/migration':726 '/en-us/azure/role-based-access-control/built-in-roles/monitor':737 '/en-us/azure/role-based-access-control/built-in-roles/networking':750 '/en-us/azure/role-based-access-control/built-in-roles/privileged':762 '/en-us/azure/role-based-access-control/built-in-roles/security':776 '/en-us/azure/role-based-access-control/built-in-roles/storage':786 '/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile':798 '/en-us/azure/role-based-access-control/change-history-report':435 '/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes':809 '/en-us/azure/role-based-access-control/conditions-custom-security-attributes':820 '/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example':528 '/en-us/azure/role-based-access-control/conditions-faq':445 '/en-us/azure/role-based-access-control/conditions-format':1241 '/en-us/azure/role-based-access-control/conditions-prerequisites':1251 '/en-us/azure/role-based-access-control/conditions-role-assignments-cli':830 '/en-us/azure/role-based-access-control/conditions-role-assignments-portal':841 '/en-us/azure/role-based-access-control/conditions-role-assignments-powershell':850 '/en-us/azure/role-based-access-control/conditions-role-assignments-rest':860 '/en-us/azure/role-based-access-control/conditions-role-assignments-template':870 '/en-us/azure/role-based-access-control/conditions-troubleshoot':454 '/en-us/azure/role-based-access-control/custom-roles':551 '/en-us/azure/role-based-access-control/custom-roles-bicep':879 '/en-us/azure/role-based-access-control/custom-roles-cli':889 '/en-us/azure/role-based-access-control/custom-roles-portal':561 '/en-us/azure/role-based-access-control/custom-roles-powershell':898 '/en-us/azure/role-based-access-control/custom-roles-rest':908 '/en-us/azure/role-based-access-control/custom-roles-template':918 '/en-us/azure/role-based-access-control/delegate-role-assignments-examples':503 '/en-us/azure/role-based-access-control/delegate-role-assignments-portal':928 '/en-us/azure/role-based-access-control/deny-assignments':938 '/en-us/azure/role-based-access-control/elevate-access-global-admin':948 '/en-us/azure/role-based-access-control/permissions/ai-machine-learning':959 '/en-us/azure/role-based-access-control/permissions/analytics':968 '/en-us/azure/role-based-access-control/permissions/compute':977 '/en-us/azure/role-based-access-control/permissions/containers':986 '/en-us/azure/role-based-access-control/permissions/databases':995 '/en-us/azure/role-based-access-control/permissions/devops':1004 '/en-us/azure/role-based-access-control/permissions/general':1014 '/en-us/azure/role-based-access-control/permissions/hybrid-multicloud':1024 '/en-us/azure/role-based-access-control/permissions/identity':1033 '/en-us/azure/role-based-access-control/permissions/integration':1042 '/en-us/azure/role-based-access-control/permissions/internet-of-things':1051 '/en-us/azure/role-based-access-control/permissions/management-and-governance':1061 '/en-us/azure/role-based-access-control/permissions/migration':1070 '/en-us/azure/role-based-access-control/permissions/monitor':1079 '/en-us/azure/role-based-access-control/permissions/networking':1088 '/en-us/azure/role-based-access-control/permissions/security':1099 '/en-us/azure/role-based-access-control/permissions/storage':1108 '/en-us/azure/role-based-access-control/permissions/web-and-mobile':1118 '/en-us/azure/role-based-access-control/pim-integration':1132 '/en-us/azure/role-based-access-control/policy-reference':1143 '/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep':1321 '/en-us/azure/role-based-access-control/quickstart-role-assignments-template':1331 '/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles':1155 '/en-us/azure/role-based-access-control/resource-provider-operations':1165 '/en-us/azure/role-based-access-control/role-assignments':1261 '/en-us/azure/role-based-access-control/role-assignments-alert':1175 '/en-us/azure/role-based-access-control/role-assignments-cli':1341 '/en-us/azure/role-based-access-control/role-assignments-eligible-activate':1186 '/en-us/azure/role-based-access-control/role-assignments-external-users':1197 '/en-us/azure/role-based-access-control/role-assignments-list-cli':1352 '/en-us/azure/role-based-access-control/role-assignments-list-portal':1363 '/en-us/azure/role-based-access-control/role-assignments-list-powershell':1373 '/en-us/azure/role-based-access-control/role-assignments-list-rest':1384 '/en-us/azure/role-based-access-control/role-assignments-portal':1207 '/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity':1396 '/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin':1217 '/en-us/azure/role-based-access-control/role-assignments-powershell':1408 '/en-us/azure/role-based-access-control/role-assignments-rest':1419 '/en-us/azure/role-based-access-control/role-assignments-template':1429 '/en-us/azure/role-based-access-control/role-definitions':1271 '/en-us/azure/role-based-access-control/role-definitions-list':1285 '/en-us/azure/role-based-access-control/scope-overview':513 '/en-us/azure/role-based-access-control/security-controls-policy':1228 '/en-us/azure/role-based-access-control/transfer-subscription':537 '/en-us/azure/role-based-access-control/troubleshoot-limits':466 '/en-us/azure/role-based-access-control/troubleshooting':476 '/en-us/azure/role-based-access-control/tutorial-custom-role-cli':1296 '/en-us/azure/role-based-access-control/tutorial-custom-role-powershell':1306 '/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell':1441 '/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell':1451 '/microsoftdocs/mcp/blob/main/readme.md)':172 '3':143 'abac':34,264,297,345,499,523,806,817,924 'accept':211 'access':11,44,57,177,262,358,422,510,695,779,791,813,942,1436,1445 'across':362 'action':801 'activ':230,431,1176 'admin':292,1151 'administr':941 'agent':92,136,195,209 'ai':578,950 'alert':1166 'analyt':589,961 'api':857,905,1381,1416 'appli':267,481,634,647,1133,1218 'appropri':505 'arm':866,914,1327,1425 'arm/bicep':413 'assign':235,353,377,400,407,450,521,588,601,835,922,935,1172,1187,1198,1208,1258,1312,1322,1332,1346,1357,1368,1378,1385,1397,1409,1420 'attribut':525,803 'audit':232,357,426 'author':800,1232 'avail':162 'azur':2,7,31,40,53,227,257,299,318,335,341,360,371,404,427,440,447,456,471,488,506,519,530,545,553,566,582,590,605,618,628,636,651,674,687,697,717,728,740,753,767,781,793,805,822,826,832,843,852,862,872,881,885,891,900,910,920,932,955,964,973,982,991,1000,1009,1029,1038,1047,1066,1075,1084,1095,1104,1127,1134,1146,1157,1169,1178,1188,1199,1203,1219,1224,1233,1246,1255,1265,1275,1287,1292,1298,1313,1323,1333,1337,1343,1348,1354,1365,1375,1386,1398,1410,1421,1434,1443 'azure-rbac':1 'b2b':1193 'base':10,43,56,421,1433 'best':16,61,246,275,477,485 'bicep':876,1317 'blob':811 'bound':1126 'built':241,378,569,593,608,639,654,677,700,720,731,743,756,770,1137,1277 'built-in':568,592,607,638,653,676,699,719,730,742,755,769,1136,1276 'capabl':84 'categori':95,103,119,215,217,365,766,1008,1092 'chang':429 'choos':259,284,504,1144 'classic':291,303,1150 'cli':389,409,827,886,1293,1338,1349 'code':26,71,393,1308 'combin':74 'command':1448 'common':437,470 'complianc':1221 'comput':603,970 'compute-focus':602 'condit':35,236,265,346,374,442,451,500,824,836,845,854,864,925,1214,1235,1248 'configur':23,68,366,370,544,683,777,831,1229,1252,1264 'constrain':1212 'contain':615,979 'content':79,181 'control':12,45,58,614,1222 'cover':59 'creat':552,1286 'creating/inspecting':384 'creation':332 'custom':37,244,320,347,381,385,460,547,554,873,882,892,901,911,1280,1288,1299 'databas':625,988 'decis':18,63,277,514 'defin':861,871,909,1297 'definit':39,387,1140,1268 'deleg':261,496,919 'deni':934 'descript':219 'design':256,315 'develop':13 'devop':635,997 'diagnos':224,467 'directori':309,534 'doc':187 'document':82,180 'duti':274 'e.g':107,123 'elev':939 'elig':1122,1177 'entra':301,533,1148 'error':234 'exampl':493 'expert':4,50 'express':1236 'extern':1192 'fallback':199 'fetch':83,179,188,201 'file':113,121,128,133 'fix':226 'focus':253,484,604,673 'general':649,1007 'general-categori':1006 'general-purpos':648 'github.com':171 'github.com/microsoftdocs/mcp/blob/main/readme.md)':170 'global':940 'govern':712,1055 'grant':1430,1442 'group':420,1432 'group-bas':419,1431 'guid':169 'guidanc':51,254,282 'hybrid':664,1016 'ident':417,672,1026,1393 'identity-focus':671 'import':90,134 'includ':14,322,415 'index':96,216 'inspect':1274 'instal':166,168 'integr':25,70,392,684,1035,1307 'interpret':1254 'iot':694,1044 'issu':438,463,473 'knowledg':5 'l120':110 'l129':340 'l130':368 'l130-l140':367 'l140':369 'l141':396 'l141-l156':395 'l156':397 'l35':109,222 'l35-l120':108 'l35-l43':221 'l43':223 'l44':249 'l44-l50':248 'l50':250 'l51':280 'l51-l56':279 'l56':281 'l57':313 'l57-l62':312 'l62':314 'l63':339 'l63-l129':338 'latest':151 'learn':194,208,581 'learn-agent-skil':193,207 'learn.microsoft.com':434,444,453,465,475,491,502,512,527,536,550,560,575,586,599,612,622,632,645,658,668,681,691,704,714,725,736,749,761,775,785,797,808,819,829,840,849,859,869,878,888,897,907,917,927,937,947,958,967,976,985,994,1003,1013,1023,1032,1041,1050,1060,1069,1078,1087,1098,1107,1117,1131,1142,1154,1164,1174,1185,1196,1206,1216,1227,1240,1250,1260,1270,1284,1295,1305,1320,1330,1340,1351,1362,1372,1383,1395,1407,1418,1428,1440,1450 'learn.microsoft.com/en-us/azure/role-based-access-control/best-practices':490 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles':574 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning':585 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics':598 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute':611 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers':621 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases':631 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops':644 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general':657 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud':667 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity':680 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration':690 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things':703 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance':713 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration':724 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor':735 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking':748 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged':760 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security':774 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage':784 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile':796 'learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report':433 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes':807 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes':818 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example':526 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq':443 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format':1239 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites':1249 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli':828 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal':839 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell':848 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest':858 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template':868 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot':452 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles':549 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep':877 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli':887 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal':559 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell':896 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest':906 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template':916 'learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples':501 'learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal':926 'learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments':936 'learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin':946 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning':957 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics':966 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute':975 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers':984 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases':993 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops':1002 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general':1012 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud':1022 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity':1031 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration':1040 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things':1049 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance':1059 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration':1068 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor':1077 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking':1086 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security':1097 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage':1106 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile':1116 'learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration':1130 'learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference':1141 'learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep':1319 'learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template':1329 'learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles':1153 'learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations':1163 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments':1259 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert':1173 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli':1339 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate':1184 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users':1195 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli':1350 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal':1361 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell':1371 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest':1382 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal':1205 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity':1394 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin':1215 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell':1406 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest':1417 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template':1427 'learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions':1269 'learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list':1283 'learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview':511 'learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy':1226 'learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription':535 'learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits':464 'learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting':474 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli':1294 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell':1304 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell':1439 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell':1449 'least':268 'limit':20,65,239,310,462,538 'line':105,117,218 'link':122,131 'list':401,929,1272,1342,1364 'local':75 'locat':99 'log':231,432 'machin':580 'make':19,64,278,515 'manag':30,317,416,693,710,787,821,842,851,880,890,899,1053,1392 'markdown':198,214 'mcp':157,184 'meet':1242 'metadata.generated':138 'microsoft':186 'microsoftdoc':158,185 'migrat':286,722,1063 'ml':952 'mobil':790,1112 'model':288 'monitor':733,1072 'month':144 'move':289 'multicloud':666,1018 'network':176,739,1081 'old':145 'owner':1210 'pattern':27,72,394,494,1309 'permiss':326,344,573,597,643,953,962,971,980,989,998,1011,1019,1027,1036,1045,1056,1064,1073,1082,1093,1102,1113,1160 'pim':36,350,1120 'polici':1139,1220 'portal':336,411,558,838,1183,1204,1360 'powershel':391,410,847,895,1303,1370,1402,1438,1447 'practic':17,62,247,276,478,486 'prefer':182 'prerequisit':373,1243 'princip':1405 'privileg':269,752,1168 'problem':229 'provid':49,1159 'pull':149 'purpos':650 'queri':190,204,403,1374 'quick':77 'quick-refer':76 'quota':21,66,311,539 'rang':106 'rbac':3,32,228,258,294,319,342,405,428,441,448,457,472,489,497,507,520,546,567,583,591,606,619,629,637,652,661,675,688,698,707,718,729,741,754,768,782,794,823,833,844,853,863,933,956,965,974,983,992,1001,1010,1021,1030,1039,1048,1058,1067,1076,1085,1096,1105,1115,1128,1135,1147,1162,1170,1179,1189,1200,1213,1225,1234,1247,1256,1266,1281,1289,1300,1314,1324,1334,1344,1355,1366,1376,1387,1399,1411,1422,1435,1444 'rbac/abac':372 'read':112,127,812 'refer':78,132,565,670,1156 'relev':100 'remot':81 'repositori':155 'requir':175 'resolv':436,455,469 'resourc':361,626,1158 'rest':412,856,904,1380,1415 'restrict':810 'return':197,213 'role':9,33,38,42,55,245,287,304,321,324,343,348,376,382,386,406,449,458,461,548,555,571,584,595,610,620,630,641,656,662,679,689,702,708,723,734,745,758,772,783,795,834,874,883,893,902,912,921,1129,1152,1171,1180,1190,1201,1257,1267,1282,1290,1301,1315,1325,1335,1345,1356,1367,1377,1388,1400,1412,1423 'role-bas':8,41,54 'role/condition':233 'safe':773 'scale':295,518 'scope':260,355,508,747 'section':101 'secur':22,67,252,337,354,483,562,624,759,765,1091 'security-categori':764,1090 'security-focus':251,482 'security.md':124,125 'select':298 'separ':272 'separation-of-duti':271 'servic':364 'skill':46,48,89,174,196,210 'skill-azure-rbac' 'source-microsoftdocs' 'specifi':116 'start':1389 'step':329,331 'step-by-step':328 'storag':778,1101 'string':191,205 'structur':325 'subscript':307,531,945,1209 'suggest':146,163 'syntax':375,1238 'tag':815 'templat':414,867,915,1318,1328,1426 'text/markdown':212 'time':1125 'time-bound':1124 'tool':159 'topic':424,479,516,540,563,1230,1310 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'transfer':306,529 'troubleshoot':15,60,220,237,423,446 'understand':323,542,931,1262 'url':425,480,517,541,564,1231,1311 'use':28,87,93,111,126,183,200,333,408,430,522,577,627,660,706,716,727,738,751,763,799,814,825,846,875,884,894,949,960,969,978,987,996,1005,1015,1025,1034,1043,1052,1062,1071,1080,1089,1100,1109,1119,1245,1291,1316,1336,1379,1424,1446 'user':148,165,1194 'version':152 'via':388,792,855,903,1347,1401,1437 'view':1353 'vs':300,302,380 'web':788,1110 'webpag':202 'workload':616,685","prices":[{"id":"5e7e1cea-a06d-4563-b8f1-f7f374146f75","listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:53.895Z"}],"sources":[{"listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-rbac","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-rbac","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:53.895Z","lastSeenAt":"2026-05-18T18:53:58.050Z"}],"details":{"listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-rbac","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"a8054b8ab97a35d774e443f41a18cb2f51c68fa9","skill_md_path":"skills/azure-rbac/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-rbac"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-rbac","description":"Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC roles, ABAC conditions, PIM, custom role definitions, or role assignments via CLI/ARM, and other Azure Role-based access control related development tasks. Not for Azure Active Directory B2C (use azure-active-directory-b2c), Azure Information Protection (use azure-information-protection), Azure Policy (use azure-policy), Azure Security (use azure-security).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-rbac"},"updatedAt":"2026-05-18T18:53:58.050Z"}}