Azure Management Groups
Azure Management Groups provide a way to efficiently manage access, policies, and compliance across an enterprise through a hierarchy made up of management groups and subscriptions. Using the Azure portal, PowerShell, CLI, or the Rest API, customers are able to build a flexible structure for unified policy and access management.
Please take a few minutes to submit your idea or vote up an idea submitted by another Azure Management Group customer. All of the feedback you share in these forums are directly monitored and reviewed by the Azure Management Group engineering team.
-
Allow custom RBAC Definitions at the Management Group Level
The customer I currently work with has several custom roles that are currently maintained in a central subscription. This has become quite burdensome as every new subscription which needs the role assigned needed to have the Role.AssignableScopes attribute appended with the custom role. We would like to centrally manage these, using management groups similar to the way we manage Policy applied over several subscriptions.
163 votesHi Everyone,
I apologize about the delay but Custom RBAC Support is now available in Production. You are able to to create role definitions at the MG scope and assign them to inherited MGs and Subs.There is a bug that is in the portal where the new custom role is not showing when you are trying to do a role assignment on an inherited child MG/Sub. This should be resolved soon and PowerShell, CLI, and API are all working. I will not do any announcements yet on the availability of the feature until the portal bug is fixed. Once that is fixed we will do blog announcements and I will mark the feature complete here.
- Don't see your idea?