ReddRadar
Agent skill
azure-rbac
Query Azure RBAC role assignments and definitions (read-only)
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/azure-rbac
SKILL.md
Azure RBAC Skill (Read-Only)
Inspect role-based access control assignments and definitions.
See also: Shared Conventions | Safety Guidelines
Purpose
Query who has access to what in Azure without making changes.
Commands
az role assignment list -o json
az role assignment list --assignee <principal> -o json
az role assignment list --scope <scope> -o json
az role assignment list --resource-group <rg> -o json
az role definition list -o json
az role definition show --name <role-name> -o json
Output Format
Always use -o json for consistent, parseable output.
Workflow Examples
List All Role Assignments
az role assignment list -o json
Check User's Permissions
az role assignment list --assignee "user@example.com" -o json
Check Service Principal Access
az role assignment list --assignee <app-id-or-object-id> -o json
List Assignments at Scope
# Resource group scope
az role assignment list --resource-group my-rg -o json
# Subscription scope
az role assignment list --scope "/subscriptions/<sub-id>" -o json
# Resource scope
az role assignment list --scope "/subscriptions/.../resourceGroups/.../providers/..." -o json
Inspect Role Definition
# Built-in role
az role definition show --name "Contributor" -o json
# List all role definitions
az role definition list -o json
# Custom roles only
az role definition list --custom-role-only true -o json
Common Built-in Roles
| Role | Description |
|---|---|
| Owner | Full access including RBAC |
| Contributor | Full access except RBAC |
| Reader | Read-only access |
| User Access Administrator | Manage RBAC only |
Understanding Output
Role assignment includes:
principalId- who has accessroleDefinitionName- what rolescope- where it applies
Policies
- Read-only only - no role assignment create/delete
- Always use JSON output
- If asked to grant/revoke access: stop, explain read-only scope, show required command, require explicit confirmation
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?