azure-rbac-review

Azure RBAC Review

Purpose

Review Azure access decisions against least privilege, scope minimization, and operational safety.

Lean operating rules

• Prefer Microsoft Learn documentation through the user's configured documentation MCP, then sampled read-only Azure evidence when available, then sanitized user evidence.
• Separate confirmed facts from inference. If state was not queried or shown, say so.
• Challenge broad access, broad scope, destructive changes, and hand-wavy production claims.
• Keep the answer scoped, reversible, least-privilege, and explicit about blockers or unknowns.

References

Load these only when needed:

• Azure RBAC Review Operations — use for current service behavior, common failure modes, hard design rules, verification targets, and push-back conditions.
• Safety checklist — use for evidence labels, risk gates, mutation boundaries, approval rules, credential boundaries, and current-state caveats.
• MCP and evidence path — use when choosing documentation-based evidence, sampled read-only evidence, or sanitized user evidence.
• Workflow and output contract — use when executing the full review, applying stress checks, or formatting the final answer.
• Official sources — use when you need the detailed Microsoft documentation list or source notes.

Response minimum

Return, at minimum:

• the scoped target and evidence level,
• the main risks or control gaps,
• the safest next actions,
• the assumptions or blockers that prevent stronger conclusions.