Azure Classroomnotes 19/Mar/2023

Azure Custom Roles Contd…

  • Azure Custom Roles can be added via
    • Azure Portal
    • Azure CLI
    • Azure Powershell

Creating a Azure role via Portal

  • Refer Here for the steps
  • Prep: Create a user for testing access
  • The structure of json if we are creating roles from portal is different Refer Here
{
    "properties": {
        "roleName": "",
        "description": "",
        "assignableScopes": [],
        "permissions": [
            {
                "actions": [],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • As done in the class create a custom role in portal by using uo elements (Start from scratch) and then assign role to test user
    Preview
  • We have create a role with following json
{
    "properties": {
        "roleName": "portalrbacv2",
        "description": "",
        "assignableScopes": ["/"],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Compute/availabilitySets/*/read",
                    "Microsoft.Compute/locations/*/read",
                    "Microsoft.Compute/virtualMachines/*",
                    "Microsoft.Compute/virtualMachineScaleSets/*/read",
                    "Microsoft.Compute/cloudServices/*/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.DevTestLab/schedules/*",
                    "Microsoft.Insights/alertRules/*",
                    "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
                    "Microsoft.Network/locations/*",
                    "Microsoft.Network/networkInterfaces/*",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Resources/deployments/*",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.SerialConsole/serialPorts/connect/action",
                    "Microsoft.Storage/storageAccounts/listKeys/action",
                    "Microsoft.Storage/storageAccounts/read",
                    "Microsoft.Support/*"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Clone the storage Blob Data Reader and Create a custom role with Read permissions on Virtual machines as well.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner