Azure storage account RBAC

Copper Contributor

Is there a built-in Azure role(s) that will accomplish the following:


- Create any Azure resource

- Apply permissions to any Azure resource

- Not have read access to resources unless explicitly granted


Specifically, I am referring to a file share in a storage account.  I would like to have a security "role" be able to do all of the above, but don't want them to be able to access the data in a file share unless they are explicitly granted permissions.  There is a file share that would contain confidential documents that they security "role" should not be able to access, and yes I know that the "role" could easily just give themselves access to that share if they really wanted to.


Thanks for the help.

1 Reply

The Microsoft Learn community is for Learn and certification related questions. You can direct any questions relating to Azure here: Welcome to the Azure Community (