Azure Classroomnotes 14/Apr/2022

Activity 5: Create a custom role for the following scenario

  • Create a policy where user can perform
    • any storage account action But not delete the storage account.
    • any action on virtual machine but not delete the virtual machine
  • The policy created is as shown below
    "properties": {
        "roleName": "activity",
        "description": "Learning activity",
        "assignableScopes": [
        "permissions": [
                "actions": [
                "notActions": [
                "dataActions": [],
                "notDataActions": []
  • Refer Here for the above policy.
  • Can you expand this policy to include actions w.r.t any operation on Virtual machine and not giving access to delete virtual machine. Refer Here for the changes done.
  • Data Actions: These permissions specifes action that role allows to be performed to your data within that object.
  • Not Data Action: Subtracting the permission to role deny the particular data action.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner