Different from [[202401072001 Entra ID Roles|entra roles]]

1. Roles consist of actions that are assigned to security principal at a certain scope
2. Scope can be at [[202401101441 Azure subscriptions|subscription]] or [[202404051818 Resource Groups|resource groups]]
3. Ideally apply it to a group / can be applied to individual user also but that is cumbersome
4. Leverage [[202401121503 Entra Privileged Identity Management|pim]] for just in time

Types of Roles

1. Built-in
   1. Owner - full access to manage resources and assign roles
   2. contributor - access to manage resources
   3. reader - can see, not make any changes
   4. etc.
2. [[202401072038 Azure RBAC custom roles|custom roles]]

---

references:

Azure roles, Microsoft Entra roles, and classic subscription administrator roles Azure Built in roles reference