| Info |
|---|
The Azure built-in role "Reader" may not have required permissions for Cloudaware, for example, it has no default access to the Storage Account keys which are required for collecting data about VHDs, therefore a custom role should be created. |
...
5. Open the tab 'Review + Create'. Check the role details and click Create.
Custom Role For Tagging
| Anchor | ||||
|---|---|---|---|---|
|
Another use case for creating a custom role is a necessity to provide Cloudaware with minimum permissions for tagging Azure resources.
| Code Block |
|---|
"properties": {
"roleName": "{your-Role-name}",
"description": "{your-Role-description}",
"assignableScopes": [
"/subscriptions/{subscription-id}",
],
"permissions": [
{
"actions": [
"Microsoft.Resources/subscriptions/tagNames/read",
"Microsoft.Resources/subscriptions/tagNames/write",
"Microsoft.Resources/subscriptions/tagNames/delete",
"Microsoft.Resources/subscriptions/tagNames/tagValues/read",
"Microsoft.Resources/subscriptions/tagNames/tagValues/write",
"Microsoft.Resources/subscriptions/tagNames/tagValues/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/tags/write",
"Microsoft.Resources/tags/delete",
"Microsoft.Resources/tags/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
} |
ReplaceĀ {your-Role-name}, {your-Role-description} and {subscription-id} with corresponding values from your Azure environment.
Update an Existing Cloudaware Custom Policy
...