azure-rbac
Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. Also provides guidance on permissions required to grant roles. WHEN: bicep for role assignment, what role should I assign, least privilege role, RBAC role for, role to read blobs, role for managed identity, custom role definition, assign role to identity, what role do I need to grant access, permissions to assign roles.
80
75%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Optimize this skill with Tessl
npx tessl skill review --optimize ./.github/plugins/azure-skills/skills/azure-rbac/SKILL.mdQuality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a strong skill description that clearly articulates specific capabilities (finding RBAC roles, generating CLI/Bicep code, permissions guidance) and provides an explicit WHEN clause with a rich set of natural trigger phrases. The description is well-scoped to a distinct domain (Azure RBAC role assignment) and covers multiple user intent variations, making it highly effective for skill selection.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: finding the right Azure RBAC role, generating CLI commands, generating Bicep code for role assignment, and providing guidance on permissions required to grant roles. | 3 / 3 |
Completeness | Clearly answers both 'what' (find the right Azure RBAC role, generate CLI commands and Bicep code, provide permissions guidance) and 'when' (explicit WHEN clause with multiple trigger phrases covering various user scenarios). | 3 / 3 |
Trigger Term Quality | Excellent coverage of natural terms users would say: 'bicep for role assignment', 'what role should I assign', 'least privilege role', 'RBAC role for', 'role to read blobs', 'role for managed identity', 'custom role definition', 'assign role to identity', 'permissions to assign roles'. These are highly natural phrases a user would type. | 3 / 3 |
Distinctiveness Conflict Risk | Highly distinctive niche focused specifically on Azure RBAC role assignment with Bicep/CLI generation. The combination of Azure RBAC, least privilege, Bicep code, and role assignment creates a clear, unique domain unlikely to conflict with other skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
50%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a reasonable tool-chaining workflow for Azure RBAC role assignment but lacks concrete examples, explicit validation steps, and clear sequential formatting. The tool references are helpful but the instructions read more like a description of what to do rather than precise, actionable guidance with examples of inputs and expected outputs.
Suggestions
Break the opening paragraph into numbered steps with explicit tool names and example inputs/outputs for each step (e.g., show a sample azure__documentation query and what to look for in the result).
Add a validation/feedback loop: what should Claude do if the documentation search returns no matching built-in role, or if the generated Bicep doesn't match the user's scope?
Include a concrete example showing the full workflow end-to-end (e.g., 'User wants blob read access for a managed identity' → specific tool calls → expected CLI output → expected Bicep snippet).
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | Mostly efficient but includes some unnecessary explanation in the Prerequisites section (e.g., 'full access including role assignment' for Owner is something Claude already knows). The tool-chaining instructions are reasonably lean. | 2 / 3 |
Actionability | Provides a clear sequence of which tools to use and when, but lacks concrete examples of tool invocations, expected inputs/outputs, or copy-paste ready code snippets. The guidance is procedural but not fully executable. | 2 / 3 |
Workflow Clarity | The multi-step process (find role → generate CLI → generate Bicep) is described but not explicitly numbered or sequenced with validation checkpoints. There's no feedback loop for when the documentation search doesn't return a matching role or when the generated code needs verification. | 2 / 3 |
Progressive Disclosure | The Prerequisites section is a reasonable inline addition for a short skill, but the content could benefit from clearer structural separation. For a skill this short, the organization is acceptable but the single-paragraph instruction block before the section header is a wall of text that could be better structured with headers or numbered steps. | 2 / 3 |
Total | 8 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- microsoft/azure-skills
- Commit
742d20b
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.