Skip to main content

Custom role creation

When using a Landing Zone (with or without Corporate Addon), you have the possibility to grant permissions over the Azure subscription, a specific Resource Group, or a specific Resource, using a built-inrole.

However, if you need to use a custom role, you are not allowed to create it by yourself, for security reasons, but we can create it for you.

Procedure

  • Build a JSON file representing the custom role definition. You can find an example in the Microsoft documentation
  • Open a ticket in Post-it using the Other Request template, and asking for a custom role in a Azure IaaS Landing Zone, with the JSON file attached
  • We will audit the role to check if it only includes authorized permissions
  • We will create the custom role in the next 5 days upon reception of the ticket

Additional Notes

The permissions you are not allowed to have is regarding Blueprint Management, and Policy Assignements when using a Landing Zone with Corporate Add-on