Name: azure-rbac
Rating: 0.828 (1 reviews)
Author: microsoft

azure-rbac

Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. USE FOR: "what role should I assign", "least privilege role", "RBAC role for", "role to read blobs", "role for managed identity", "custom role definition", "assign role to identity", "what role do I need to grant access", "permissions to assign roles". DO NOT USE FOR: creating or configuring managed identities, or general Azure security hardening; those are out of scope for this role-selection skill.

Install with Tessl CLI

npx tessl i github:microsoft/azure-skills --skill azure-rbac

What are skills?

1.06x

Quality

75%

Does it follow best practices?

Impact

94%

1.06x

Average score across 3 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./.github/plugins/azure-skills/skills/azure-rbac/SKILL.md

SKILL.md

Review

Evals

Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:

Prerequisites for Granting Roles

To assign RBAC roles to identities, you need a role that includes the Microsoft.Authorization/roleAssignments/write permission. The most common roles with this permission are:

User Access Administrator (least privilege - recommended for role assignment only)
Owner (full access including role assignment)
Custom Role with Microsoft.Authorization/roleAssignments/write

Repository: microsoft/azure-skills
Commit: 12d081d
Last updated: about 17 hours ago
Created: about 17 hours ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.