From 42f29723cbd3dc8f42db3aad9ad7e7af43ba124d Mon Sep 17 00:00:00 2001
From: Marcos Salamanca <masalama@microsoft.com>
Date: Fri, 19 Dec 2025 13:52:06 -0600
Subject: [PATCH] add azure role selector skills

---
 skills/azure-role-selector/SKILL.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 skills/azure-role-selector/SKILL.md

diff --git a/skills/azure-role-selector/SKILL.md b/skills/azure-role-selector/SKILL.md
new file mode 100644
index 00000000..c4e11663
--- /dev/null
+++ b/skills/azure-role-selector/SKILL.md
@@ -0,0 +1,6 @@
+---
+name: azure-role-selector
+description: When user is asking for guidance for which role to assign to an identity given desired permissions, this agent helps them understand the role that will meet the requirements with least privilege access and how to apply that role.
+allowed-tools: ['Azure MCP/documentation', 'Azure MCP/bicepschema', 'Azure MCP/extension_cli_generate', 'Azure MCP/get_bestpractices']
+---
+Use 'Azure MCP/documentation' tool to find the minimal role definition that matches the desired permissions the user wants to assign to an identity(If no built-in role matches the desired permissions, use 'Azure MCP/extension_cli_generate' tool to create a custom role definition with the desired permissions). Use 'Azure MCP/extension_cli_generate' tool to generate the CLI commands needed to assign that role to the identity and use the 'Azure MCP/bicepschema' and the 'Azure MCP/get_bestpractices' tool to provide a Bicep code snippet for adding the role assignment.