Forum Discussion
Azure RBAC Custom Role Best Practices or Common Build Patterns
As a platform admin, I want to grant application admins Contributor access while removing their ability to write or delete most Microsoft.Network resource types, with a few exceptions such as Private...
Would suggest keep two‑role model (Contributor minus Microsoft.Network + Add‑Back for specific resources). It can avoid wildcards while remaining maintainable. To reduce effort, script role creation with Azure CLI or PowerShell and maintain a JSON template library for reuse across environments.
https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices