Role assignments in Bicep have always meant tedious GUID hunting: trawling AzAdvertizer or maintaining a shared import file for common RBAC GUIDs. A bit clunky.
Back in September I wrote about using the shared variable file pattern to simplify Azure roles in Bicep as a workaround and in that post I flagged:
“Soon, this feature will be built-in to Bicep as a function… I will update this post when it’s live!”
Bicep v0.42.1 ships roleDefinitions() as a built-in function bringing a nice QoL addition to community. 💪
Before
The old way meant hardcoded GUIDs. You may have done something like:
var contributorRoleId = 'b24988ac-6180-42a0-ab88-20f7382dd24c'
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(resourceGroup().id, identity.principalId, contributorRoleId)
properties: {
roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', contributorRoleId)
principalId: identity.principalId
principalType: 'ServicePrincipal'
}
}
After
Now you can reference roles by name directly:
resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
name: guid(resourceGroup().id, identity.principalId, roleDefinitions('Contributor').id)
properties: {
roleDefinitionId: roleDefinitions('Contributor').id
principalId: identity.principalId
principalType: 'ServicePrincipal'
}
}
No GUIDs. The intent is right there in the template: clear, clean, and readable without the overhead.
Why it matters
The shared variable file pattern was a neat workaround, it centralised common roles and gave you VS Code IntelliSense. But it was overhead to maintain.
roleDefinitions() removes all of that:
- Self-documenting templates – the role name is inline
- No GUID lookups or external file dependencies
- Less copy/paste across templates
- Full IntelliSense support in VS Code
This has been a long-awaited QoL Bicep feature. A small change that makes a big difference day-to-day.
Full release notes: Bicep v0.42.1