![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 7.000000000000001%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
@Anonymous Below are the roles which are available by default for Azure Policy and Blueprint:
- Resource Policy Contributor: Can perform most Azure Policy operations.
- Blueprint Contributor: Can manage blueprint definitions, but not assign them.
- Blueprint Operator: Can assign existing published blueprints, but can't create new blueprint definitions. Blueprint assignment only works if the assignment is done with a user-assigned managed identity.
However, if you think that these roles have more permissions than what you need, you can create a custom role as explained here: https://dori-uw-1.kuma-moon.com/en-us/azure/role-based-access-control/custom-roles
The permissions that you would need to add under "Actions" section of the custom role are provided in below links:
- https://dori-uw-1.kuma-moon.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftpolicyinsights
- https://dori-uw-1.kuma-moon.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftblueprint
You can add desired permissions that you want to assign to the users via custom role. You can also create a single role for both Azure Policy as well as for Blueprint.
-----------------------------------------------------------------------------------------------------------
Please "Accept as answer" wherever the information provided helps you to help others in the community.