All Collections
How to Create a Custom Azure IAM Role
How to Create a Custom Azure IAM Role
Matt Houser avatar
Written by Matt Houser
Updated over a week ago

Azure provides a number of build-in IAM roles. However, often those roles do not provide the right combination of permissions and/or are over-permissive.

Azure allows you to create a custom IAM role and assign specific permissions to it. To create a custom IAM role, please follow these steps:

1. Sign-in to the Microsoft Azure portal.

2. Navigate to "Subscriptions" and select your subscription.

3. In your subscription, choose the "Access Control (IAM)" page.

4. (Optional) Choose the "Roles" tab.

5. Click the "+ Add" button, and select "Add custom role" from the dropdown menu.

6. On the "Basics" tab, give your new role a meaningful name and description. Leave "Baseline permissions" as "Start from scratch".

7. On the "Permissions" tab, select the permissions required for your role.

8. On the "Assignable Scopes" tab, your Azure subscription will be pre-selected. Leave this as-is unless you know what you are doing.

9. Click "Review + Create" button.

10. Click the "Create" button.

You should now be able to assign the new role to an IAM user.

Did this answer your question?