Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment.
azure-role-selector
帮助用户为身份选择合适的 Azure RBAC 角色,赋予其最低权限访问权限,随后生成 CLI 命令与 Bicep 代码以完成角色分配。 适用场景: “我应该分配什么角色?”、“最低权限角色”、“RBAC 角色用于……”、“用于读取 Blob 的角色”、“用于托管身份的角色”、“自定义角色定义”、“为身份分配角色”。 切勿用于:创建托管身份(使用 Azure Security)、通用安全加固(使用 Azure Security Hardening)、网络权限配置(使用 Azure Networking)。
SKILL.md
--- frontmattername: azure-role-selector description: | Helps users find the right Azure RBAC role for an identity with least privilege access, then generate CLI commands and Bicep code to assign it. USE FOR: "what role should I assign", "least privilege role", "RBAC role for", "role to read blobs", "role for managed identity", "custom role definition", "assign role to identity". DO NOT USE FOR: creating managed identities (use azure-security), general security hardening (use azure-security-hardening), networking permissions (use azure-networking).