PluginBench
Skill
Official
Review
Audit score 70

azure-role-selector

github/awesome-copilot

Find the least-privilege Azure role for any permission requirement and apply it.

What is azure-role-selector?

This skill helps you select the appropriate Azure role for an identity based on desired permissions, following least-privilege principles. It searches built-in roles, creates custom roles if needed, and provides CLI commands and Bicep code to assign the role.

  • Search Azure built-in roles to find minimal matches for desired permissions
  • Generate custom role definitions when no built-in role fits requirements
  • Produce Azure CLI commands to assign roles to identities
  • Generate Bicep infrastructure-as-code snippets for role assignments
  • Apply least-privilege access control principles

How to install azure-role-selector

npx skills add https://github.com/github/awesome-copilot --skill azure-role-selector
Prerequisites
  • Access to Azure subscription
  • Azure CLI installed (for applying role assignments)
  • Bicep knowledge (optional, for IaC deployment)
Claude Code
Cursor
Windsurf
Cline

How to use azure-role-selector

  1. 1.Describe the permissions the identity needs to perform its tasks
  2. 2.The skill searches Azure documentation for matching built-in roles
  3. 3.Review the recommended role and its permissions
  4. 4.If no built-in role fits, the skill generates a custom role definition
  5. 5.Use the provided CLI command to assign the role to your identity
  6. 6.Optionally, use the generated Bicep code to manage the assignment as infrastructure

Use cases

Good for
  • Determining which Azure role to grant a service principal for a specific workload
  • Creating a custom role when built-in roles grant excessive permissions
  • Automating role assignment across multiple identities using Bicep
  • Auditing and documenting role assignments with generated CLI and IaC code
  • Onboarding new team members with minimal required permissions
Who it's for
  • Azure administrators
  • DevOps engineers
  • Security engineers
  • Infrastructure-as-code practitioners
  • Cloud architects

azure-role-selector FAQ

What if no built-in Azure role matches my requirements?

The skill will generate a custom role definition with exactly the permissions you need, following least-privilege principles.

Can I use the output in my infrastructure-as-code pipeline?

Yes, the skill provides Bicep code snippets that can be integrated into your IaC templates for automated role assignment.

How does this ensure least-privilege access?

The skill prioritizes finding the smallest built-in role that covers your requirements, and only creates custom roles when necessary to avoid over-permissioning.

What Azure tools does this skill use?

It uses Azure documentation, Bicep schema, CLI generation, and best practices tools to provide comprehensive role guidance and implementation options.

Full instructions (SKILL.md)

Source of truth, from github/awesome-copilot.


name: azure-role-selector description: When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role. allowed-tools: ['Azure MCP/documentation', 'Azure MCP/bicepschema', 'Azure MCP/extension_cli_generate', 'Azure MCP/get_bestpractices']

Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity (If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment.