azure-rbac

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Azure Role-based access control Skill

Azure Role-based access control 技能

This skill provides expert guidance for Azure Role-based access control. Covers troubleshooting, best practices, decision making, limits & quotas, security, configuration, and integrations & coding patterns. It combines local quick-reference content with remote documentation fetching capabilities.

本技能为Azure Role-based access control提供专业指导，覆盖故障排查、最佳实践、决策指导、限制与配额、安全、配置、集成与编码模式。它结合了本地快速参考内容与远程文档拉取能力。

How to Use This Skill

如何使用本技能

IMPORTANT for Agent: Use the Category Index below to locate relevant sections. For categories with line ranges (e.g.,
L35-L120
), use
read_file
with the specified lines. For categories with file links (e.g.,
[security.md](security.md)
), use
read_file
on the linked reference file

IMPORTANT for Agent: If
metadata.generated_at
is more than 3 months old, suggest the user pull the latest version from the repository. If
mcp_microsoftdocs
tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

Preferred: Use

mcp_microsoftdocs:microsoft_docs_fetch

with query string

from=learn-agent-skill

. Returns Markdown.

Fallback: Use

fetch_webpage

with query string

from=learn-agent-skill&accept=text/markdown

. Returns Markdown.

Agent重要提示：使用下方的分类索引定位相关章节。对于标注了行范围的分类（例如
L35-L120
），使用
read_file
读取指定行的内容。对于带有文件链接的分类（例如
[security.md](security.md)
），使用
read_file
读取对应的参考文件

Agent重要提示：如果
metadata.generated_at
的时间超过3个月，建议用户从仓库拉取最新版本。如果
mcp_microsoftdocs
工具不可用，建议用户安装：安装指南

本技能需要网络访问来拉取文档内容：

优先方案：使用
```
mcp_microsoftdocs:microsoft_docs_fetch
```
搭配查询参数
```
from=learn-agent-skill
```
，返回Markdown格式内容。
备选方案：使用
```
fetch_webpage
```
搭配查询参数
```
from=learn-agent-skill&accept=text/markdown
```
，返回Markdown格式内容。

Category Index

分类索引

Category	Lines	Description
Troubleshooting	L35-L43	Diagnosing and fixing Azure RBAC issues: access denials, role/condition misconfigurations, role limit errors, and auditing role/condition changes via Activity Log
Best Practices	L44-L50	Security-focused guidance on designing Azure RBAC: choosing scopes, delegating access with ABAC conditions, and applying least privilege and separation-of-duties best practices.
Decision Making	L51-L58	Guidance on choosing and migrating role models: moving from classic admins to RBAC, scaling with ABAC, selecting Azure vs Entra vs classic roles, and transferring subscriptions between directories.
Limits & Quotas	L59-L64	Designing and managing Azure RBAC custom roles, including understanding role structure, permissions, and step-by-step creation using the Azure portal
Security	L65-L130	Azure RBAC roles, permissions, and conditions: built‑in role references by service, custom roles, ABAC, deny assignments, PIM, policy integration, and secure delegation of access.
Configuration	L131-L142	Configuring Azure RBAC/ABAC: prerequisites, condition syntax, role assignments, built‑in vs custom roles, and creating/inspecting custom role definitions via CLI and PowerShell
Integrations & Coding Patterns	L143-L158	How to assign, list, and query Azure RBAC role assignments using portal, CLI, PowerShell, Bicep/ARM templates, REST API, and managed identities

分类	行范围	描述
故障排查	L35-L43	诊断并修复Azure RBAC问题：访问拒绝、角色/条件配置错误、角色限制错误，以及通过活动日志审计角色/条件变更
最佳实践	L44-L50	设计Azure RBAC的安全导向指导：选择范围、通过ABAC条件委派访问、应用最小权限和职责分离最佳实践。
决策指导	L51-L58	选择和迁移角色模型的指导：从经典管理员迁移到RBAC、通过ABAC实现扩展、选择Azure vs Entra vs 经典角色、在目录之间转移订阅。
限制与配额	L59-L64	设计和管理Azure RBAC自定义角色，包括理解角色结构、权限，以及通过Azure门户分步创建角色
安全	L65-L130	Azure RBAC角色、权限和条件：按服务分类的内置角色参考、自定义角色、ABAC、拒绝分配、PIM、策略集成，以及安全的访问委派。
配置	L131-L142	配置Azure RBAC/ABAC：前置条件、条件语法、角色分配、内置vs自定义角色，以及通过CLI和PowerShell创建/查看自定义角色定义
集成与编码模式	L143-L158	如何通过门户、CLI、PowerShell、Bicep/ARM模板、REST API和托管身份分配、列出、查询Azure RBAC角色分配

Troubleshooting

故障排查

Topic	URL
Audit Azure RBAC changes using Activity Log	https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report
Resolve common issues with Azure RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq
Troubleshoot Azure RBAC role assignment conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot
Resolve Azure RBAC role and custom role limit issues	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits
Troubleshoot common Azure RBAC access issues	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting

主题	URL
通过活动日志审计Azure RBAC变更	https://learn.microsoft.com/en-us/azure/role-based-access-control/change-history-report
解决Azure RBAC条件常见问题	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-faq
排查Azure RBAC角色分配条件问题	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-troubleshoot
解决Azure RBAC角色和自定义角色限制问题	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshoot-limits
排查Azure RBAC常见访问问题	https://learn.microsoft.com/en-us/azure/role-based-access-control/troubleshooting

Best Practices

最佳实践

Topic	URL
Apply security-focused best practices for Azure RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices
Example patterns for delegating RBAC with ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples
Choose appropriate Azure RBAC scopes for access	https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview

主题	URL
应用Azure RBAC安全导向最佳实践	https://learn.microsoft.com/en-us/azure/role-based-access-control/best-practices
通过ABAC条件委派RBAC的示例模式	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-examples
为访问选择合适的Azure RBAC范围	https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview

Decision Making

决策指导

Topic	URL
Migrate from Azure classic administrators to RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators
Scale Azure RBAC assignments using ABAC and attributes	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example
Choose between Azure, Entra, and classic admin roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
Transfer Azure subscriptions between Entra directories	https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription

主题	URL
从Azure经典管理员迁移到RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/classic-administrators
使用ABAC和属性扩展Azure RBAC分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes-example
选择Azure、Entra和经典管理员角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
在Entra目录之间转移Azure订阅	https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription

Limits & Quotas

限制与配额

Topic	URL
Understand and configure Azure RBAC custom roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
Create Azure custom roles in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

主题	URL
理解并配置Azure RBAC自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
在门户中创建Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

Security

安全

Topic	URL
Reference for all Azure RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Azure RBAC AI and ML built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning
Azure RBAC analytics built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics
Understand Azure RBAC built-in compute roles and permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute
Azure RBAC containers built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers
Azure RBAC databases built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases
Azure RBAC DevOps built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops
Azure RBAC general built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general
Use hybrid and multicloud RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud
Azure RBAC identity built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity
Azure RBAC integration built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration
Azure RBAC IoT built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things
Apply management and governance RBAC built-in roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance
Use Azure RBAC built-in roles for migration tasks	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration
Assign Azure RBAC built-in roles for monitoring	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor
Azure RBAC networking built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking
Azure RBAC privileged built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged
Azure RBAC security built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security
Azure RBAC storage built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage
Azure RBAC web and mobile built-in roles reference	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile
Restrict blob read access using tags and ABAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes
Manage Azure RBAC conditions using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli
Configure Azure RBAC role assignment conditions in portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal
Manage Azure RBAC conditions using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell
Manage Azure RBAC conditions via REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest
Define Azure RBAC conditions in ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template
Define Azure custom roles using Bicep	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep
Manage Azure custom roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli
Manage Azure custom roles using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
Manage Azure custom roles via REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest
Define Azure custom roles with ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template
Delegate Azure RBAC role assignment management securely	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-overview
Delegate Azure RBAC role management with ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal
List and understand Azure RBAC deny assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments
Elevate Global Administrator access to all subscriptions	https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
Use AI and machine learning RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning
Use Analytics category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics
Use Azure Compute RBAC permissions for custom roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute
Use Containers category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers
Use Databases category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases
Use DevOps category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops
Use General category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general
Use hybrid and multicloud RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud
Use Identity category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity
Use Integration category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration
Use IoT category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things
Use management and governance RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance
Use Migration category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration
Use Monitor category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor
Use Networking category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking
Use Security category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security
Use Storage category Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage
Use Web and Mobile Azure RBAC permissions	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile
Use PIM for eligible and time-bound Azure RBAC roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration
Apply Azure RBAC built-in policy definitions	https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference
Reference Azure resource provider permission operations	https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
Alert on privileged Azure RBAC role assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert
Activate eligible Azure RBAC roles in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate
Grant Azure RBAC access to external B2B users	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users
Assign Azure RBAC roles in Azure portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Assign subscription Owner with constrained RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin
Apply Azure Policy compliance controls to Azure RBAC	https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy

主题	URL
所有Azure RBAC内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Azure RBAC AI和机器学习内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/ai-machine-learning
Azure RBAC分析内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/analytics
理解Azure RBAC内置计算角色和权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/compute
Azure RBAC容器内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/containers
Azure RBAC数据库内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/databases
Azure RBAC DevOps内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/devops
Azure RBAC通用内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/general
使用混合和多云RBAC内置角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/hybrid-multicloud
Azure RBAC身份内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/identity
Azure RBAC集成内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/integration
Azure RBAC IoT内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/internet-of-things
应用管理和治理RBAC内置角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/management-and-governance
使用Azure RBAC内置角色完成迁移任务	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/migration
为监控分配Azure RBAC内置角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/monitor
Azure RBAC网络内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/networking
Azure RBAC特权内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged
Azure RBAC安全内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/security
Azure RBAC存储内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/storage
Azure RBAC网页和移动内置角色参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/web-and-mobile
使用标签和ABAC限制Blob读取访问	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-custom-security-attributes
通过Azure CLI管理Azure RBAC条件	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-cli
在门户中配置Azure RBAC角色分配条件	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-portal
通过PowerShell管理Azure RBAC条件	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-powershell
通过REST API管理Azure RBAC条件	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-rest
在ARM模板中定义Azure RBAC条件	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-role-assignments-template
使用Bicep定义Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-bicep
通过Azure CLI管理Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-cli
通过PowerShell管理Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-powershell
通过REST API管理Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-rest
使用ARM模板定义Azure自定义角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-template
安全地委派Azure RBAC角色分配管理权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-overview
通过ABAC条件委派Azure RBAC角色管理	https://learn.microsoft.com/en-us/azure/role-based-access-control/delegate-role-assignments-portal
列出并理解Azure RBAC拒绝分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments
提升全局管理员对所有订阅的访问权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
使用AI和机器学习RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/ai-machine-learning
使用分析分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics
为自定义角色使用Azure计算RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/compute
使用容器分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/containers
使用数据库分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/databases
使用DevOps分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/devops
使用通用分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/general
使用混合和多云RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/hybrid-multicloud
使用身份分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/identity
使用集成分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/integration
使用IoT分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/internet-of-things
使用管理和治理RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/management-and-governance
使用迁移分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/migration
使用监控分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/monitor
使用网络分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/networking
使用安全分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/security
使用存储分类的Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/storage
使用网页和移动Azure RBAC权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/web-and-mobile
将PIM用于可申领和有时限的Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/pim-integration
应用Azure RBAC内置策略定义	https://learn.microsoft.com/en-us/azure/role-based-access-control/policy-reference
Azure资源提供程序权限操作参考	https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations
针对特权Azure RBAC角色分配设置告警	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert
在门户中激活可申领的Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-eligible-activate
为外部B2B用户授予Azure RBAC访问权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-external-users
在Azure门户中分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
分配受RBAC条件限制的订阅所有者权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-subscription-admin
为Azure RBAC应用Azure Policy合规控制	https://learn.microsoft.com/en-us/azure/role-based-access-control/security-controls-policy

Configuration

配置

Topic	URL
Use actions and attributes in Azure ABAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes
Author Azure RBAC condition expressions and syntax	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format
Meet prerequisites to use Azure RBAC conditions	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites
Configure and interpret Azure RBAC role assignments	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments
Understand and configure Azure RBAC role definitions	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions
List and inspect Azure built-in and custom RBAC roles	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list
Create Azure custom RBAC roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli
Define Azure custom RBAC roles with PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

主题	URL
在Azure ABAC条件中使用操作和属性	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-authorization-actions-attributes
编写Azure RBAC条件表达式和语法	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-format
满足使用Azure RBAC条件的前置要求	https://learn.microsoft.com/en-us/azure/role-based-access-control/conditions-prerequisites
配置和解读Azure RBAC角色分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments
理解并配置Azure RBAC角色定义	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions
列出并查看Azure内置和自定义RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list
使用Azure CLI创建Azure自定义RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-cli
使用PowerShell定义Azure自定义RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-custom-role-powershell

Integrations & Coding Patterns

集成与编码模式

Topic	URL
Assign Azure RBAC roles using Bicep templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep
Assign Azure RBAC roles with ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template
Assign Azure RBAC roles using Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli
List Azure RBAC role assignments via Azure CLI	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli
View Azure RBAC role assignments in the portal	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal
List Azure RBAC role assignments using PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell
Query Azure RBAC role assignments using REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest
Assign Azure RBAC roles starting from a managed identity	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity
Assign Azure RBAC roles via PowerShell for all principals	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
Assign Azure RBAC roles through the REST API	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest
Assign Azure RBAC roles using ARM templates	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template
Grant group-based Azure RBAC access via PowerShell	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell
Grant Azure RBAC access using PowerShell commands	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell

主题	URL
使用Bicep模板分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-bicep
使用ARM模板分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/quickstart-role-assignments-template
使用Azure CLI分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-cli
通过Azure CLI列出Azure RBAC角色分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-cli
在门户中查看Azure RBAC角色分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-portal
使用PowerShell列出Azure RBAC角色分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-powershell
使用REST API查询Azure RBAC角色分配	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest
从托管身份开始分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal-managed-identity
通过PowerShell为所有主体分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-powershell
通过REST API分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-rest
使用ARM模板分配Azure RBAC角色	https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template
通过PowerShell授予基于组的Azure RBAC访问权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-group-powershell
使用PowerShell命令授予Azure RBAC访问权限	https://learn.microsoft.com/en-us/azure/role-based-access-control/tutorial-role-assignments-user-powershell