Azure - RBAC - Custom Role Definition at Management Group level

RBAC - CUSTOM ROLES

Updated: 13 Jan 2019

You can delete the Custom Roles using Management Group Service GUI in the portal untill following gets fixed.

For Architects & Devs, I have some gotchas for you.
Please Vote for user's voice

If you define New Azure Role Definition at the Management Group level then watch out for following two outstanding issues with Microsoft.

1. As you are aware the Custom Role definition JSON file has Actions, NotActions, DataActions etc. So you cannot create a ROLE with DataActions in it. See User Voice

2. At the time of writing, you cannot delete a new Role Definition created at the management group level. it gives the following Error. See GitHub

Command :
========

$role = "myNewAzureRole"
Get-AzRoleDefinition -name $role | Remove-AzRoleDefinition -Debug

Error:
=====

Remove-AzRoleDefinition : Operation returned an invalid status code 'NoContent'
At line:1 char:36
+ Get-AzRoleDefinition -name $role | Remove-AzRoleDefinition -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Remove-AzRoleDefinition], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.RemoveAzureRoleDefinitionCommand

OzeLifeLongLearning

Search This Blog

Azure - RBAC - Custom Role Definition at Management Group level

Comments

Post a Comment