azure-role-selector
github/awesome-copilot
Find the least-privilege Azure role for any permission requirement and apply it.
What is azure-role-selector?
This skill helps you select the appropriate Azure role for an identity based on desired permissions, following least-privilege principles. It searches built-in roles, creates custom roles if needed, and provides CLI commands and Bicep code to assign the role.
- Search Azure built-in roles to find minimal matches for desired permissions
- Generate custom role definitions when no built-in role fits requirements
- Produce Azure CLI commands to assign roles to identities
- Generate Bicep infrastructure-as-code snippets for role assignments
- Apply least-privilege access control principles
How to install azure-role-selector
npx skills add https://github.com/github/awesome-copilot --skill azure-role-selector- Access to Azure subscription
- Azure CLI installed (for applying role assignments)
- Bicep knowledge (optional, for IaC deployment)
How to use azure-role-selector
- 1.Describe the permissions the identity needs to perform its tasks
- 2.The skill searches Azure documentation for matching built-in roles
- 3.Review the recommended role and its permissions
- 4.If no built-in role fits, the skill generates a custom role definition
- 5.Use the provided CLI command to assign the role to your identity
- 6.Optionally, use the generated Bicep code to manage the assignment as infrastructure
Use cases
- Determining which Azure role to grant a service principal for a specific workload
- Creating a custom role when built-in roles grant excessive permissions
- Automating role assignment across multiple identities using Bicep
- Auditing and documenting role assignments with generated CLI and IaC code
- Onboarding new team members with minimal required permissions
- Azure administrators
- DevOps engineers
- Security engineers
- Infrastructure-as-code practitioners
- Cloud architects
azure-role-selector FAQ
The skill will generate a custom role definition with exactly the permissions you need, following least-privilege principles.
Yes, the skill provides Bicep code snippets that can be integrated into your IaC templates for automated role assignment.
The skill prioritizes finding the smallest built-in role that covers your requirements, and only creates custom roles when necessary to avoid over-permissioning.
It uses Azure documentation, Bicep schema, CLI generation, and best practices tools to provide comprehensive role guidance and implementation options.
Full instructions (SKILL.md)
Source of truth, from github/awesome-copilot.
name: azure-role-selector description: When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. allowed-tools: ['Azure MCP/documentation', 'Azure MCP/bicepschema', 'Azure MCP/extension_cli_generate', 'Azure MCP/get_bestpractices']
Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity (If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment.
Related skills
More from github/awesome-copilot and the wider catalog.
git-commit
Execute semantic git commits with conventional message analysis and intelligent staging.
excalidraw-diagram-generator
Generate Excalidraw diagrams from natural language descriptions.
documentation-writer
Create structured technical documentation using the Diátaxis framework for tutorials, how-to guides, references, and explanations.
gh-cli
GitHub CLI comprehensive reference for repositories, issues, PRs, Actions, projects, releases, and all GitHub operations from the command line.
prd
Generate comprehensive Product Requirements Documents with executive summaries, user stories, technical specs, and risk analysis.
refactor
Surgical code refactoring to improve maintainability without changing behavior.