--- id: sm-azure-rbac name: "azure-rbac" url: https://skills.yangsir.net/skill/sm-azure-rbac author: microsoft domain: cloud-infra tags: ["azure-rbac", "identity-and-access-management", "least-privilege", "security-permissions", "role-based-access"] install_count: 141837 rating: 4.80 (2000 reviews) github: https://github.com/microsoft/github-copilot-for-azure --- # azure-rbac > 专注于Azure基于角色的访问控制(RBAC),协助用户精细化管理云资源的访问权限,确保安全性和最小权限原则。 **Stats**: 141,837 installs · 4.8/5 (2000 reviews) ## Before / After 对比 ### Azure RBAC权限管理优化 ## Readme # azure-rbac Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below: ## Prerequisites for Granting Roles To assign RBAC roles to identities, you need a role that includes the `Microsoft.Authorization/roleAssignments/write` permission. The most common roles with this permission are: - **User Access Administrator** (least privilege - recommended for role assignment only) - **Owner** (full access including role assignment) - **Custom Role** with `Microsoft.Authorization/roleAssignments/write` Weekly Installs102.9KRepository[microsoft/githu…or-azure](https://github.com/microsoft/github-copilot-for-azure)GitHub Stars157First SeenFeb 18, 2026Security Audits[Gen Agent Trust HubPass](/microsoft/github-copilot-for-azure/azure-rbac/security/agent-trust-hub)[SocketPass](/microsoft/github-copilot-for-azure/azure-rbac/security/socket)[SnykPass](/microsoft/github-copilot-for-azure/azure-rbac/security/snyk)Installed ongithub-copilot102.9Kcodex354gemini-cli342opencode316kimi-cli306cursor306 --- *Source: https://skills.yangsir.net/skill/sm-azure-rbac* *Markdown mirror: https://skills.yangsir.net/api/skill/sm-azure-rbac/markdown*