Custom role creation
When using a Landing Zone (with or without Corporate Addon), you have the possibility to grant permissions over the Azure subscription
, a specific Resource Group
, or a specific Resource
, using a built-in
role.
However, if you need to use a custom role, you are not allowed to create it by yourself, for security reasons, but we can create it for you.
Procedure
- Build a
JSON
file representing the custom role definition. You can find an example in the Microsoft documentation - Open a ticket in Post-it using the
Other Request
template, and asking for a custom role in a Azure IaaS Landing Zone, with theJSON
file attached - We will audit the role to check if it only includes authorized permissions
- We will create the custom role in the next 5 days upon reception of the ticket
Additional Notes
The permissions you are not allowed to have is regarding Blueprint Management, and Policy Assignements when using a Landing Zone with Corporate Add-on