script-role-creation.adoc

role-creation.py

Create custom roles in a subscription

✏ >> Other scripts

Note

Before Using Authenticate with Azure before invoking the script. Be sure that you are in the root folder of the toolkit. To create a custom role, you must have the Microsoft.Authorization/roleDefinitions/write permission on the target subscription. This permission is part of the Owner role for subscriptions.

Before deploying any resources to your subscription, you first need to create roles and permissions for team members. The default roles are discussed elsewhere in the docs, and you can modify these by editing the roles/aad.roles.json file.

This script can be used to create these roles. To use this script, open a terminal/command line, navigate to the root of the toolkit folder, and then run the following command:

Docker

python role_creation.py -r {path to your role file} -sid {your subscription id}

Linux/OSX

python3 role_creation.py -r {path to your role file} -sid {your subscription id}

Windows

py role_creation.py -r {path to your role file} -sid {your subscription id}

Arguments

Argument	Required?	Description
-r --roles-file	Required	Path to your roles file. Default path is ./roles/aad.roles.json.
-sid --subscription-id	Required	Specifies the subscription identifier where the script defines roles.

After these roles are created in the subscription, you can assign users as appropriate before proceeding with the deployment of resources.

Next steps

See these articles in the Azure documentation:

• Understand role definitions for Azure resources

• Custom roles for Azure resources