| Info |
|---|
The Azure built-in Role "Reader" has no default access to the Storage Account keys which are required for collecting data about VHDs, therefore another custom role should be created. |
Create a Custom Role
Keep in mind that you need permissions to create custom roles, such as Owner or User Access Administrator
1. In the Azure portal, open a subscription or resource group where you want the custom role to be assignable.
2. Open Access control (IAM). Click Add and then click Add custom role.
3. Name the new role - CloudAware Custom Policy. This role will use List Keys action that grant read access:"
4. Click Permissions → Add permissions. Copy and paste Microsoft.Storage/storageAccounts/listKeys/action" in the search bar to select Microsoft Storage. Check the box near the permission in question. Click Add.
| Tip |
|---|
If you are going to set up |
add |
|
5. Select 'Start from JSON'. Use the JSON template below. Fill your subscription id in the subscription-Id field.
...
| Note |
|---|
By performing this action, you confirm access to your virtual machines to be granted to the appropriate user for potential data modification. |
...
Update an Existing Cloudaware Custom Policy
Cloudaware may regularly introduce new capabilities which require addition of new actions and permissions. In cases a Cloudaware custom role already exists, you can update this role without updating it for every subscription. If updating an existing Cloudaware Custom Policy role is required, your Technical Account manager will provide you with instructions on how to perform this action.
...