When a user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role.
View on GitHubmicrosoft/GitHub-Copilot-for-Azure
azure
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/microsoft/GitHub-Copilot-for-Azure/blob/main/plugin/skills/azure-role-selector/SKILL.md -a claude-code --skill azure-role-selectorInstallation paths:
.claude/skills/azure-role-selector/Use the 'azure__documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity. If no built-in role matches the desired permissions, use the 'azure__extension_cli_generate' tool to create a custom role definition with the desired permissions. Then use the 'azure__extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity. Finally, use the 'azure__bicepschema' and 'azure__get_azure_bestpractices' tools to provide a Bicep code snippet for adding the role assignment.