Find least-privilege Azure RBAC roles and generate assignment commands and Bicep.
The material indicates a documentation/prompt-oriented Azure RBAC helper skill with no required secrets and no declared standalone remote endpoints, so overall risk is low. Its main function is to generate permission guidance and CLI/Bicep content, but outputs affecting role assignment should still be verified against least-privilege requirements.
The material explicitly states no required keys or environment variables, and there is no request for API keys, tokens, or other sensitive credentials. The main concern is downstream permission configuration from its guidance, not credential exposure.
No remote endpoints are declared, and the system flags it as prompt-only, indicating no standalone data egress logic in the provided material. The README references other Azure-related tools, but this skill itself does not show transmission of data to unknown or unrelated endpoints.
Based on the material, this is an instructional/orchestration-style prompt skill that helps find roles and generate CLI/Bicep content. There is no indication that it itself spawns local processes, executes scripts, or requests system-level execution privileges.
There is no stated ability to read local files, write to disk, or access private user data sources. Its subject matter is mainly Azure RBAC role definitions and permission guidance. Users should still ensure any suggested role assignments do not exceed business need.
The source is a Microsoft GitHub repository and is marked open-source, providing auditability; 222 stars offer some community trust signal. Although the license and maintenance status are not explicitly stated, supply-chain risk is low absent other red flags.
Copy the install command and let the AI configure it · recommended for beginners
Please install the "azure-rbac" skill from askskill: 1. Download https://raw.githubusercontent.com/microsoft/GitHub-Copilot-for-Azure/main/plugin/skills/azure-rbac/SKILL.md 2. Save it as ~/.claude/skills/azure-rbac/SKILL.md 3. Reload skills and tell me it's ready
I have an Azure managed identity that needs read-only access to blobs in a storage account. Recommend the least-privilege Azure RBAC role and generate the Azure CLI command and Bicep code to assign it.
Returns the appropriate least-privilege role, scope guidance, and ready-to-use CLI and Bicep examples.
I need an app registration to access secrets in Azure Key Vault without overgranting permissions. Determine which Azure RBAC role should be assigned and explain why it is the least-privilege choice.
Provides a role recommendation, explains the permission boundaries, and shows why it avoids overprivileging.
Built-in roles do not fit my needs. I need a custom role that can only read VM status in a resource group. Generate the Azure custom role definition and explain what permissions the grantor needs to assign it.
Outputs a custom role definition example, assignment method, and clear guidance on the permissions required by the grantor.
Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment. If user is asking about role necessary to set access, refer to Prerequisites for Granting Roles down below:
To assign RBAC roles to identities, you need a role that includes the Microsoft.Authorization/roleAssignments/write permission. The most common roles with this permission are:
Microsoft.Authorization/roleAssignments/writeSet up Entra ID app registration, OAuth, permissions, and MSAL integration.
Set up Azure Application Insights telemetry for web apps with best practices.
Troubleshoot Azure Event Hubs and Service Bus SDK connection and messaging issues.
Find, list, and inspect Azure resources across subscriptions and resource groups.
Deploy, evaluate, fine-tune, and optimize Microsoft Foundry agents and models.
Deploy prepared Azure apps with built-in recovery for common release errors.
Validate Azure deployment readiness across config, infrastructure, identities, and permissions.
Prepare Azure apps for deployment with infra, configs, and container setup.
Analyze Azure resource groups and generate Mermaid diagrams of resource relationships.
Give AI real-time Azure infrastructure access for ops checks, policy validation, and Terraform analysis.
Manage Azure infrastructure and cloud resources using natural language commands.
Analyze Azure costs, forecast spending, and identify waste-saving optimizations.