The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.3 votes
We have a high priority to get Custom RBAC supported on Management Groups. We have this in our backlog and are looking to support this soon after we release GA.
Until the inherited management group access is represented properly on the portal, management groups can't really be used in anger. When will this be fixed?1 vote
Can you please let us know more details on what is not being represented correctly in the portal? Are you not seeing the access shown in the IAM tab or are you having issues with the access to the subscriptions?
- Don't see your idea?