Identity & Access
Azure RBAC Calculator & Role Generator
Find the least privileged Azure RBAC roles for your required permissions. Enter Azure resource provider actions and discover which built-in roles grant those permissions without excessive access.
Important Information
This tool helps you find built-in roles in Azure that provide the least privilege for a specific set of actions. It searches through Azure's built-in role definitions and ranks them by relevance to your required permissions.
⚠️ Important: Always verify the results and test role assignments in a non-production environment before deploying to production. You are using this tool at your own risk.
Show full guidance
- Only built-in roles are searched. Some services may require custom roles for specific permission combinations.
- Role ranking is based on namespace relevance and permission scope, not on risk assessment or privilege level beyond basic categorization.
- Some permissions may not be available in any built-in role. In such cases, you'll need to create a custom role.
- Always review the full list of permissions granted by a role before assignment to ensure it meets your security requirements.
Example Scenarios
Click an example to load common permission scenarios for Azure RBAC.