{"id":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","shortId":"apGWXP","kind":"skill","title":"azure-rbac","tagline":"Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC/ABAC roles, PIM, custom roles, Activity Log audi","description":"# Azure Role-based access control Skill\n\nThis skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L35-L43 | Diagnosing and fixing Azure RBAC issues: access denials, role/condition misconfigurations, role limit errors, and auditing role/condition changes via Activity Log |\n| Best Practices | L44-L50 | Security-focused guidance on designing Azure RBAC: choosing scopes, delegating access with ABAC conditions, and applying least privilege and separation-of-duties best practices. |\n| Decision Making | L51-L58 | Guidance on choosing and migrating role models: moving from classic admins to RBAC, scaling with ABAC, selecting Azure vs Entra vs classic roles, and transferring subscriptions between directories. |\n| Limits & Quotas | L59-L64 | Designing and managing Azure RBAC custom roles, including understanding role structure, permissions, and step-by-step creation using the Azure portal |\n| Security | L65-L130 | Azure RBAC/ABAC roles, permissions, custom roles, conditions, PIM, and policy: how to assign, secure, and govern access to Azure resources across all service categories |\n| Configuration | L131-L141 | Configuring Azure RBAC/ABAC: prerequisites, condition syntax, role assignments, built‑in vs custom roles, and creating/inspecting custom role definitions via CLI and PowerShell |\n| Integrations & Coding Patterns | L142-L157 | How to assign, list, and query Azure RBAC role assignments using portal, CLI, PowerShell, Bicep/ARM templates, REST API, and managed identities |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Audit Azure RBAC changes using Activity Log | https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report |\n| Resolve common issues with Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq |\n| Troubleshoot Azure RBAC role assignment conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot |\n| Resolve Azure RBAC role and custom role limit issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits |\n| Troubleshoot common Azure RBAC access issues | https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Apply security-focused best practices for Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices |\n| Example patterns for delegating RBAC with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples |\n| Choose appropriate Azure RBAC scopes for access | https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Migrate from Azure classic administrators to RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators |\n| Scale Azure RBAC assignments using ABAC and attributes | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example |\n| Choose between Azure, Entra, and classic admin roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles |\n| Transfer Azure subscriptions between Entra directories | https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Understand and configure Azure RBAC custom roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles |\n| Create Azure custom roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Reference Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles |\n| Use AI and machine learning Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning |\n| Assign analytics Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics |\n| Assign compute-focused Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute |\n| Control container workloads with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers |\n| Secure database resources using Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases |\n| Apply DevOps Azure RBAC built-in roles and permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops |\n| Apply general-purpose Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general |\n| Use RBAC roles for hybrid and multicloud | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud |\n| Reference identity-focused Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity |\n| Configure integration workloads with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration |\n| Manage IoT access with Azure RBAC built-in roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things |\n| Use RBAC roles for management and governance | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance |\n| Use Azure RBAC built-in migration roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration |\n| Use Azure RBAC built-in monitor roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor |\n| Use networking Azure RBAC built-in roles and scopes | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking |\n| Use privileged Azure RBAC built-in roles securely | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged |\n| Use security-category Azure RBAC built-in roles safely | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security |\n| Configure storage access with Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage |\n| Manage web and mobile access via Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile |\n| Use authorization actions and attributes in Azure ABAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes |\n| Restrict blob read access using tags and ABAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes |\n| Manage Azure RBAC conditions using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli |\n| Configure Azure RBAC role assignment conditions in portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal |\n| Manage Azure RBAC conditions using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell |\n| Manage Azure RBAC conditions via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest |\n| Define Azure RBAC conditions in ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template |\n| Define Azure custom roles using Bicep | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep |\n| Manage Azure custom roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli |\n| Manage Azure custom roles using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell |\n| Manage Azure custom roles via REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest |\n| Define Azure custom roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template |\n| Delegate Azure role assignments with ABAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal |\n| List and understand Azure RBAC deny assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments |\n| Elevate Global Administrator access to all subscriptions | https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin |\n| Use AI and ML permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning |\n| Use analytics permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics |\n| Use compute permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute |\n| Use container permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers |\n| Use database permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases |\n| Use DevOps permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops |\n| Use general-category Azure RBAC permissions | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general |\n| Use hybrid and multicloud permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud |\n| Use identity permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity |\n| Use integration permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration |\n| Use IoT permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things |\n| Use management and governance permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance |\n| Use migration permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration |\n| Use monitor permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor |\n| Use networking permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking |\n| Use security-category permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security |\n| Use storage permissions in Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage |\n| Use web and mobile permissions in RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile |\n| Use PIM for eligible and time-bound Azure RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration |\n| Apply Azure RBAC built-in policy definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference |\n| Reference Azure resource provider permissions for RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations |\n| Alert on privileged Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert |\n| Activate eligible Azure RBAC roles in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate |\n| Grant Azure RBAC access to external B2B users | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users |\n| Assign Azure RBAC roles in Azure portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal |\n| Assign subscription Owner with constrained RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin |\n| Apply Azure Policy compliance controls to Azure RBAC | https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Author Azure RBAC condition expressions and syntax | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format |\n| Meet prerequisites to use Azure RBAC conditions | https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites |\n| Configure and interpret Azure RBAC role assignments | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments |\n| Understand and configure Azure RBAC role definitions | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions |\n| List and inspect Azure built-in and custom RBAC roles | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list |\n| Create Azure custom RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli |\n| Define Azure custom RBAC roles with PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Assign Azure RBAC roles using Bicep templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep |\n| Assign Azure RBAC roles with ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template |\n| Assign Azure RBAC roles using Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli |\n| List Azure RBAC role assignments via Azure CLI | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli |\n| View Azure RBAC role assignments in the portal | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal |\n| List Azure RBAC role assignments using PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell |\n| Query Azure RBAC role assignments using REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest |\n| Assign Azure RBAC roles starting from a managed identity | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity |\n| Assign Azure RBAC roles via PowerShell for all principals | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell |\n| Assign Azure RBAC roles through the REST API | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest |\n| Assign Azure RBAC roles using ARM templates | https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template |\n| Grant group-based Azure RBAC access via PowerShell | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell |\n| Grant Azure RBAC access using PowerShell commands | https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell |","tags":["azure","rbac","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-rbac","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-rbac","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (17,143 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:53:36.229Z","embedding":null,"createdAt":"2026-04-18T21:59:53.895Z","updatedAt":"2026-04-22T00:53:36.229Z","lastSeenAt":"2026-04-22T00:53:36.229Z","tsv":"'/en-us/azure/role-based-access-control/best-practices':484 '/en-us/azure/role-based-access-control/built-in-roles':589 '/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning':600 '/en-us/azure/role-based-access-control/built-in-roles/analytics':613 '/en-us/azure/role-based-access-control/built-in-roles/compute':626 '/en-us/azure/role-based-access-control/built-in-roles/containers':636 '/en-us/azure/role-based-access-control/built-in-roles/databases':646 '/en-us/azure/role-based-access-control/built-in-roles/devops':659 '/en-us/azure/role-based-access-control/built-in-roles/general':672 '/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud':682 '/en-us/azure/role-based-access-control/built-in-roles/identity':695 '/en-us/azure/role-based-access-control/built-in-roles/integration':705 '/en-us/azure/role-based-access-control/built-in-roles/internet-of-things':718 '/en-us/azure/role-based-access-control/built-in-roles/management-and-governance':728 '/en-us/azure/role-based-access-control/built-in-roles/migration':739 '/en-us/azure/role-based-access-control/built-in-roles/monitor':750 '/en-us/azure/role-based-access-control/built-in-roles/networking':763 '/en-us/azure/role-based-access-control/built-in-roles/privileged':775 '/en-us/azure/role-based-access-control/built-in-roles/security':789 '/en-us/azure/role-based-access-control/built-in-roles/storage':799 '/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile':811 '/en-us/azure/role-based-access-control/change-history-report':428 '/en-us/azure/role-based-access-control/classic-administrators':519 '/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes':822 '/en-us/azure/role-based-access-control/conditions-custom-security-attributes':833 '/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example':530 '/en-us/azure/role-based-access-control/conditions-faq':438 '/en-us/azure/role-based-access-control/conditions-format':1242 '/en-us/azure/role-based-access-control/conditions-prerequisites':1252 '/en-us/azure/role-based-access-control/conditions-role-assignments-cli':843 '/en-us/azure/role-based-access-control/conditions-role-assignments-portal':854 '/en-us/azure/role-based-access-control/conditions-role-assignments-powershell':863 '/en-us/azure/role-based-access-control/conditions-role-assignments-rest':873 '/en-us/azure/role-based-access-control/conditions-role-assignments-template':883 '/en-us/azure/role-based-access-control/conditions-troubleshoot':447 '/en-us/azure/role-based-access-control/custom-roles':564 '/en-us/azure/role-based-access-control/custom-roles-bicep':892 '/en-us/azure/role-based-access-control/custom-roles-cli':902 '/en-us/azure/role-based-access-control/custom-roles-portal':574 '/en-us/azure/role-based-access-control/custom-roles-powershell':911 '/en-us/azure/role-based-access-control/custom-roles-rest':921 '/en-us/azure/role-based-access-control/custom-roles-template':931 '/en-us/azure/role-based-access-control/delegate-role-assignments-examples':495 '/en-us/azure/role-based-access-control/delegate-role-assignments-portal':941 '/en-us/azure/role-based-access-control/deny-assignments':951 '/en-us/azure/role-based-access-control/elevate-access-global-admin':961 '/en-us/azure/role-based-access-control/permissions/ai-machine-learning':972 '/en-us/azure/role-based-access-control/permissions/analytics':981 '/en-us/azure/role-based-access-control/permissions/compute':990 '/en-us/azure/role-based-access-control/permissions/containers':999 '/en-us/azure/role-based-access-control/permissions/databases':1008 '/en-us/azure/role-based-access-control/permissions/devops':1017 '/en-us/azure/role-based-access-control/permissions/general':1027 '/en-us/azure/role-based-access-control/permissions/hybrid-multicloud':1037 '/en-us/azure/role-based-access-control/permissions/identity':1046 '/en-us/azure/role-based-access-control/permissions/integration':1055 '/en-us/azure/role-based-access-control/permissions/internet-of-things':1064 '/en-us/azure/role-based-access-control/permissions/management-and-governance':1074 '/en-us/azure/role-based-access-control/permissions/migration':1083 '/en-us/azure/role-based-access-control/permissions/monitor':1092 '/en-us/azure/role-based-access-control/permissions/networking':1101 '/en-us/azure/role-based-access-control/permissions/security':1112 '/en-us/azure/role-based-access-control/permissions/storage':1121 '/en-us/azure/role-based-access-control/permissions/web-and-mobile':1131 '/en-us/azure/role-based-access-control/pim-integration':1145 '/en-us/azure/role-based-access-control/policy-reference':1156 '/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep':1322 '/en-us/azure/role-based-access-control/quickstart-role-assignments-template':1332 '/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles':541 '/en-us/azure/role-based-access-control/resource-provider-operations':1166 '/en-us/azure/role-based-access-control/role-assignments':1262 '/en-us/azure/role-based-access-control/role-assignments-alert':1176 '/en-us/azure/role-based-access-control/role-assignments-cli':1342 '/en-us/azure/role-based-access-control/role-assignments-eligible-activate':1187 '/en-us/azure/role-based-access-control/role-assignments-external-users':1198 '/en-us/azure/role-based-access-control/role-assignments-list-cli':1353 '/en-us/azure/role-based-access-control/role-assignments-list-portal':1364 '/en-us/azure/role-based-access-control/role-assignments-list-powershell':1374 '/en-us/azure/role-based-access-control/role-assignments-list-rest':1385 '/en-us/azure/role-based-access-control/role-assignments-portal':1208 '/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity':1397 '/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin':1218 '/en-us/azure/role-based-access-control/role-assignments-powershell':1409 '/en-us/azure/role-based-access-control/role-assignments-rest':1420 '/en-us/azure/role-based-access-control/role-assignments-template':1430 '/en-us/azure/role-based-access-control/role-definitions':1272 '/en-us/azure/role-based-access-control/role-definitions-list':1286 '/en-us/azure/role-based-access-control/scope-overview':505 '/en-us/azure/role-based-access-control/security-controls-policy':1229 '/en-us/azure/role-based-access-control/transfer-subscription':550 '/en-us/azure/role-based-access-control/troubleshoot-limits':459 '/en-us/azure/role-based-access-control/troubleshooting':468 '/en-us/azure/role-based-access-control/tutorial-custom-role-cli':1297 '/en-us/azure/role-based-access-control/tutorial-custom-role-powershell':1307 '/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell':1442 '/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell':1452 '/microsoftdocs/mcp/blob/main/readme.md)':172 '3':143 'abac':262,295,491,525,819,830,937 'accept':211 'access':11,44,57,177,230,260,355,464,502,708,792,804,826,955,1191,1437,1446 'across':359 'action':814 'activ':37,242,424,1177 'admin':290,537 'administr':514,954 'agent':92,136,195,209 'ai':591,963 'alert':1167 'analyt':602,974 'api':412,870,918,1382,1417 'appli':265,473,647,660,1146,1219 'appropri':497 'arm':879,927,1328,1426 'assign':351,374,397,404,443,523,601,614,848,935,948,1173,1199,1209,1259,1313,1323,1333,1347,1358,1369,1379,1386,1398,1410,1421 'attribut':527,816 'audi':39 'audit':238,419 'author':813,1233 'avail':162 'azur':2,7,31,40,53,227,255,297,316,333,339,357,368,401,420,433,440,449,462,480,498,512,521,533,543,558,566,579,595,603,618,631,641,649,664,687,700,710,730,741,753,766,780,794,806,818,835,839,845,856,865,875,885,894,898,904,913,923,933,945,968,977,986,995,1004,1013,1022,1042,1051,1060,1079,1088,1097,1108,1117,1140,1147,1158,1170,1179,1189,1200,1204,1220,1225,1234,1247,1256,1266,1276,1288,1293,1299,1314,1324,1334,1338,1344,1349,1355,1366,1376,1387,1399,1411,1422,1435,1444 'azure-rbac':1 'b2b':1194 'base':10,43,56,1434 'best':16,61,244,273,469,477 'bicep':889,1318 'bicep/arm':409 'blob':824 'bound':1139 'built':375,582,606,621,652,667,690,713,733,744,756,769,783,1150,1278 'built-in':581,605,620,651,666,689,712,732,743,755,768,782,1149,1277 'capabl':84 'categori':95,103,119,215,217,362,779,1021,1105 'chang':240,422 'choos':257,282,496,531 'classic':289,301,513,536 'cli':386,407,840,899,1294,1339,1350 'code':26,71,390,1309 'combin':74 'command':1449 'common':430,461 'complianc':1222 'comput':616,983 'compute-focus':615 'condit':263,345,371,435,444,492,837,849,858,867,877,938,1215,1236,1249 'configur':23,68,363,367,557,696,790,844,1230,1253,1265 'constrain':1213 'contain':628,992 'content':79,181 'control':12,45,58,627,1223 'cover':59 'creat':565,1287 'creating/inspecting':381 'creation':330 'custom':35,318,343,378,382,453,560,567,886,895,905,914,924,1281,1289,1300 'databas':638,1001 'decis':18,63,275,506 'defin':874,884,922,1298 'definit':384,1153,1269 'deleg':259,488,932 'deni':947 'denial':231 'descript':219 'design':254,313 'develop':13 'devop':648,1010 'diagnos':224 'directori':307,547 'doc':187 'document':82,180 'duti':272 'e.g':107,123 'elev':952 'elig':1135,1178 'entra':299,534,546 'error':236 'exampl':485 'expert':4,50 'express':1237 'extern':1193 'fallback':199 'fetch':83,179,188,201 'file':113,121,128,133 'fix':226 'focus':251,476,617,686 'general':662,1020 'general-categori':1019 'general-purpos':661 'github.com':171 'github.com/microsoftdocs/mcp/blob/main/readme.md)':170 'global':953 'govern':354,725,1068 'grant':1188,1431,1443 'group':1433 'group-bas':1432 'guid':169 'guidanc':51,252,280 'hybrid':677,1029 'ident':415,685,1039,1394 'identity-focus':684 'import':90,134 'includ':14,320 'index':96,216 'inspect':1275 'instal':166,168 'integr':25,70,389,697,1048,1308 'interpret':1255 'iot':707,1057 'issu':229,431,456,465 'knowledg':5 'l120':110 'l130':338 'l131':365 'l131-l141':364 'l141':366 'l142':393 'l142-l157':392 'l157':394 'l35':109,222 'l35-l120':108 'l35-l43':221 'l43':223 'l44':247 'l44-l50':246 'l50':248 'l51':278 'l51-l58':277 'l58':279 'l59':311 'l59-l64':310 'l64':312 'l65':337 'l65-l130':336 'latest':151 'learn':194,208,594 'learn-agent-skil':193,207 'learn.microsoft.com':427,437,446,458,467,483,494,504,518,529,540,549,563,573,588,599,612,625,635,645,658,671,681,694,704,717,727,738,749,762,774,788,798,810,821,832,842,853,862,872,882,891,901,910,920,930,940,950,960,971,980,989,998,1007,1016,1026,1036,1045,1054,1063,1073,1082,1091,1100,1111,1120,1130,1144,1155,1165,1175,1186,1197,1207,1217,1228,1241,1251,1261,1271,1285,1296,1306,1321,1331,1341,1352,1363,1373,1384,1396,1408,1419,1429,1441,1451 'learn.microsoft.com/en-us/azure/role-based-access-control/best-practices':482 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles':587 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning':598 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics':611 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute':624 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers':634 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases':644 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops':657 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general':670 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud':680 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity':693 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration':703 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things':716 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance':726 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration':737 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor':748 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking':761 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged':773 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security':787 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage':797 'learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile':809 'learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report':426 'learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators':517 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes':820 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes':831 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example':528 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq':436 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format':1240 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites':1250 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli':841 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal':852 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell':861 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest':871 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template':881 'learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot':445 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles':562 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep':890 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli':900 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal':572 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell':909 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest':919 'learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template':929 'learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples':493 'learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal':939 'learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments':949 'learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin':959 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning':970 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics':979 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute':988 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers':997 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases':1006 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops':1015 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general':1025 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud':1035 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity':1044 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration':1053 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things':1062 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance':1072 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration':1081 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor':1090 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking':1099 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security':1110 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage':1119 'learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile':1129 'learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration':1143 'learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference':1154 'learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep':1320 'learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template':1330 'learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles':539 'learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations':1164 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments':1260 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert':1174 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli':1340 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate':1185 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users':1196 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli':1351 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal':1362 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell':1372 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest':1383 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal':1206 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity':1395 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin':1216 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell':1407 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest':1418 'learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template':1428 'learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions':1270 'learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list':1284 'learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview':503 'learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy':1227 'learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription':548 'learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits':457 'learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting':466 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli':1295 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell':1305 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell':1440 'learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell':1450 'least':266 'limit':20,65,235,308,455,551 'line':105,117,218 'link':122,131 'list':398,942,1273,1343,1365 'local':75 'locat':99 'log':38,243,425 'machin':593 'make':19,64,276,507 'manag':30,315,414,706,723,800,834,855,864,893,903,912,1066,1393 'markdown':198,214 'mcp':157,184 'meet':1243 'metadata.generated':138 'microsoft':186 'microsoftdoc':158,185 'migrat':284,510,735,1076 'misconfigur':233 'ml':965 'mobil':803,1125 'model':286 'monitor':746,1085 'month':144 'move':287 'multicloud':679,1031 'network':176,752,1094 'old':145 'owner':1211 'pattern':27,72,391,486,1310 'permiss':324,342,586,610,656,966,975,984,993,1002,1011,1024,1032,1040,1049,1058,1069,1077,1086,1095,1106,1115,1126,1161 'pim':34,346,1133 'polici':348,1152,1221 'portal':334,406,571,851,1184,1205,1361 'powershel':388,408,860,908,1304,1371,1403,1439,1448 'practic':17,62,245,274,470,478 'prefer':182 'prerequisit':370,1244 'princip':1406 'privileg':267,765,1169 'provid':49,1160 'pull':149 'purpos':663 'queri':190,204,400,1375 'quick':77 'quick-refer':76 'quota':21,66,309,552 'rang':106 'rbac':3,228,256,292,317,402,421,434,441,450,463,481,489,499,516,522,559,580,596,604,619,632,642,650,665,674,688,701,711,720,731,742,754,767,781,795,807,836,846,857,866,876,946,969,978,987,996,1005,1014,1023,1034,1043,1052,1061,1071,1080,1089,1098,1109,1118,1128,1141,1148,1163,1171,1180,1190,1201,1214,1226,1235,1248,1257,1267,1282,1290,1301,1315,1325,1335,1345,1356,1367,1377,1388,1400,1412,1423,1436,1445 'rbac/abac':32,340,369 'read':112,127,825 'refer':78,132,578,683,1157 'relev':100 'remot':81 'repositori':155 'requir':175 'resolv':429,448 'resourc':358,639,1159 'rest':411,869,917,1381,1416 'restrict':823 'return':197,213 'role':9,33,36,42,55,234,285,302,319,322,341,344,373,379,383,403,442,451,454,538,561,568,584,597,608,623,633,643,654,669,675,692,702,715,721,736,747,758,771,785,796,808,847,887,896,906,915,925,934,1142,1172,1181,1202,1258,1268,1283,1291,1302,1316,1326,1336,1346,1357,1368,1378,1389,1401,1413,1424 'role-bas':8,41,54 'role/condition':232,239 'safe':786 'scale':293,520 'scope':258,500,760 'section':101 'secur':22,67,250,335,352,475,575,637,772,778,1104 'security-categori':777,1103 'security-focus':249,474 'security.md':124,125 'select':296 'separ':270 'separation-of-duti':269 'servic':361 'skill':46,48,89,174,196,210 'skill-azure-rbac' 'source-microsoftdocs' 'specifi':116 'start':1390 'step':327,329 'step-by-step':326 'storag':791,1114 'string':191,205 'structur':323 'subscript':305,544,958,1210 'suggest':146,163 'syntax':372,1239 'tag':828 'templat':410,880,928,1319,1329,1427 'text/markdown':212 'time':1138 'time-bound':1137 'tool':159 'topic':417,471,508,553,576,1231,1311 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'transfer':304,542 'troubleshoot':15,60,220,416,439,460 'understand':321,555,944,1263 'url':418,472,509,554,577,1232,1312 'use':28,87,93,111,126,183,200,331,405,423,524,590,640,673,719,729,740,751,764,776,812,827,838,859,888,897,907,962,973,982,991,1000,1009,1018,1028,1038,1047,1056,1065,1075,1084,1093,1102,1113,1122,1132,1246,1292,1317,1337,1370,1380,1425,1447 'user':148,165,1195 'version':152 'via':241,385,805,868,916,1348,1402,1438 'view':1354 'vs':298,300,377 'web':801,1123 'webpag':202 'workload':629,698","prices":[{"id":"5e7e1cea-a06d-4563-b8f1-f7f374146f75","listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:53.895Z"}],"sources":[{"listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-rbac","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-rbac","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:53.895Z","lastSeenAt":"2026-04-22T00:53:36.229Z"}],"details":{"listingId":"3a7fc0d6-9710-4a60-8981-4593238c5d9c","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-rbac","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-19T02:43:40Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"ba5de57661898ec342af2ce6f2ec647e7c7d7213","skill_md_path":"skills/azure-rbac/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-rbac"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-rbac","description":"Expert knowledge for Azure Role-based access control development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. Use when managing Azure RBAC/ABAC roles, PIM, custom roles, Activity Log audits, or role assignments via CLI/ARM, and other Azure Role-based access control related development tasks. Not for Azure Active Directory B2C (use azure-active-directory-b2c), Azure Information Protection (use azure-information-protection), Azure Policy (use azure-policy), Azure Security (use azure-security).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-rbac"},"updatedAt":"2026-04-22T00:53:36.229Z"}}