If you're working with Azure and using Access Control (IAM) to manage and control your organization access to Azure resources, you probably ask yourself on how to create your own custom role that defines specific actions.

Azure RBAC Management Tool is here to allow just that. This tool will help you grant the exact permissions you need by creating your custom roles. 

Using Azure RBAC Management Tool, you can segregate duties within your team and grant only the amount of access to users that they need to perform their jobs. Instead of giving everybody unrestricted permissions in your Azure subscription that can expose your account to attackers, you can allow only certain actions.

For example, create RBAC role that will grant one employee the permission to manage virtual machines in a subscription but won’t grant him the permission to stop them.


Download available on

Azure RBAC Management Tool Walk-Through

The tool is pretty straightforward and easy to use. A quick walk-through:

Connect to AzureRM

First, you need to Login to AzureRM. This step is achieved automatically by opening this tool or manually by clicking "Login". Once connected the status bar will show "Azure Connected". 

Create Role

In order to create your custom role, you need to click on "Create Role" and define the following parameters: Name for the role, short description, the assigned subscription and relevant actions for the role and click "Save".

Remove Role

In order to delete a custom role, you need to select the relevant role and click on the right mouse button and select "Delete Role".

Note: you can only delete custom roles without assigned users or group.


  • PowerShell Version 3.0 or above.
  • Windows Azure RM PowerShell.
Note: The Azure RBAC Management Tool requires AzureRM module and Azure Admin account.