Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity (If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment.
azure-role-selector
When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role.
Select a file to preview
Overall Score
35/100
Grade
D
Below Average
Safety
70
Quality
28
Clarity
35
Completeness
18
Summary
This skill guides an agent to help users select the least-privilege Azure role for a given identity based on desired permissions. It uses Azure MCP tools to find built-in roles, create custom roles if needed, generate CLI commands, and provide Bicep infrastructure-as-code snippets for role assignment.
Detected Capabilities
Trigger Keywords
Phrases that MCP clients use to match this skill to user intent.
Use Cases
- Determine which Azure built-in role meets specific permission requirements
- Create a custom role definition when no built-in role matches desired permissions
- Generate Azure CLI commands to assign a role to an identity
- Provide Bicep code snippets for infrastructure-as-code role assignments
- Apply least-privilege access principle when configuring identity permissions
Quality Notes
- Skill is extremely brief and lacks substantive guidance — the entire instruction is a single sentence
- No step-by-step workflow provided to guide the agent through the role selection process
- No examples of role definitions, CLI commands, or Bicep snippets shown
- No error handling guidance (e.g., what if no suitable role exists, permission conflicts, etc.)
- No documentation of scope or limitations — unclear what 'identity' types are supported (users, service principals, managed identities, etc.)
- No guidance on least-privilege evaluation criteria or decision-making process
- Tool names are provided but no context on when to use each tool or how to chain them
- No handling of edge cases (custom role quotas, permission delegation constraints, etc.)
Reviews
Add this skill to your library to leave a review.
No reviews yet
Be the first to share your experience.
Use github/azure-role-selector in your dev environment — a Developer account adds skills to your library and syncs them via the SkillRepo CLI.