This article explains step by step procedure to accomplish the below requirement in Azure Storage using custom RBAC role:
The above custom RBAC role should be assigned at the resource group level.
You could follow the below steps to create a custom RBAC role using the Azure portal.
The creation of custom RBAC role can be done using the below methods:
Give a suitable name and description for the role.
The Baseline permission parameters helps with deciding whether you want to create your custom role by cloning and then modifying an existing role or by starting from scratch.
Under the Permissions Tab, I would be altering the permissions as per my use case. I would be making changes to the below highlighted permissions as it aligns to my use case:
To Add/ Exclude permissions
Excluding the required permissions:
The final format of the Custom RBAC role is as below, with scope at resource group level. This has been created by clicking on the create option
Once the role has been created the role, we can assign it to the user as below
Along with the above permission, I have given the user Reader permission at the subscription level. You could give the Reader permission at the resource group level too.
We mainly have Management Plane and Data Plane while providing permissions to the user.
Hence, it is important that you give minimum of ‘Reader’ role at the Management plane level
The storage account <teststorage2355> was deployed under the resource group <CustomRBAC> where the Custom RBAC role was assigned for the user
The below operations were checked by the user to see if the RBAC role was working appropriately:
Hope this helps !
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.