azure-docs icon indicating copy to clipboard operation
azure-docs copied to clipboard

Published 20 hours ago verified publisher icon MicrosoftDocs

Custom RBAC role creation with Bicep should be partially rewritten

Open jikuja opened this issue 2 years ago • 3 comments

Current guidance on page suggest changing value of name property manually. This kind of manual steps should be avoided.

Other documentation states that properties.roleName must be unique on tenant: This display name must be unique at the scope of the Azure AD tenant. Can include letters, numbers, spaces, and special characters. Maximum number of characters is 512.

After knowing this name property can be generated with guid(roleName).

After this change template can be re-deployed after permission and assignableScopes changes without changing name input and copying resource id into template parameters.

The correct usage of guid() function with predictable inputs is currently under-documented on multiple template-related documentation.

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

jikuja avatar Dec 12 '22 15:12 jikuja

@jikuja

Thanks for your feedback! We will investigate and update as appropriate.

RamanathanChinnappan-MSFT avatar Dec 12 '22 16:12 RamanathanChinnappan-MSFT

@jikuja Thanks for bringing this to our attention. I'm going to assign this to the document author so they can take a look at it accordingly.

@rolyon Can you please check and add your comments on this doc update request as applicable.

SaibabaBalapur-MSFT avatar Dec 13 '22 12:12 SaibabaBalapur-MSFT

Role assignments with bicep documentation has a good explanation how and why use deterministic naming with guid-typed name property: https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/scenarios-rbac#name

jikuja avatar Dec 13 '22 13:12 jikuja

Hi @jikuja Thanks for taking the time to provide this feedback. This looks like a much easier way to create and update custom roles. The templates are maintained in different repo. I'll check into how to update the template. thanks

rolyon avatar Dec 31 '22 23:12 rolyon

@rolyon Any update on this case?

YashikaTyagii avatar Jun 15 '23 08:06 YashikaTyagii

Hi @jikuja Thanks for your feedback. We've incorporated your feedback into the doc. https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep Let us know if you have any additional feedback. thanks

rolyon avatar Feb 16 '24 17:02 rolyon

#please-close

rolyon avatar Feb 16 '24 17:02 rolyon