Identity & Access
Azure RBAC Calculator & Role Generator
Find the least privileged Azure RBAC roles for your required permissions. Enter Azure resource provider actions and discover which built-in roles grant those permissions without excessive access.
Important Information
This tool helps you find built-in roles in Azure that provide the least privilege for a specific set of actions. It searches through Azure's built-in role definitions and ranks them by relevance to your required permissions.
Please note:
- Only built-in roles are searched. Some services may require custom roles for specific permission combinations.
- Role ranking is based on namespace relevance and permission scope, not on risk assessment or privilege level beyond basic categorization.
- Some permissions may not be available in any built-in role. In such cases, you'll need to create a custom role.
- Always review the full list of permissions granted by a role before assignment to ensure it meets your security requirements.
- ⚠️ Important: Always verify the results and test role assignments in a non-production environment before deploying to production. You are using this tool at your own risk.
Looking for directory roles? Need to manage directory objects like users, groups, or applications? Try the Entra ID Roles Calculator
Example Scenarios
Click an example to load common permission scenarios for Azure RBAC.