Azure Classroomnotes 19/Mar/2023

Azure Custom Roles Contd…

  • Azure Custom Roles can be added via
    • Azure Portal
    • Azure CLI
    • Azure Powershell

Creating a Azure role via Portal

  • Refer Here for the steps
  • Prep: Create a user for testing access
  • The structure of json if we are creating roles from portal is different Refer Here
{
    "properties": {
        "roleName": "",
        "description": "",
        "assignableScopes": [],
        "permissions": [
            {
                "actions": [],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • As done in the class create a custom role in portal by using uo elements (Start from scratch) and then assign role to test user
    Preview
  • We have create a role with following json
{
    "properties": {
        "roleName": "portalrbacv2",
        "description": "",
        "assignableScopes": ["/"],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Compute/availabilitySets/*/read",
                    "Microsoft.Compute/locations/*/read",
                    "Microsoft.Compute/virtualMachines/*",
                    "Microsoft.Compute/virtualMachineScaleSets/*/read",
                    "Microsoft.Compute/cloudServices/*/read",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.DevTestLab/schedules/*",
                    "Microsoft.Insights/alertRules/*",
                    "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
                    "Microsoft.Network/locations/*",
                    "Microsoft.Network/networkInterfaces/*",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Resources/deployments/*",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.SerialConsole/serialPorts/connect/action",
                    "Microsoft.Storage/storageAccounts/listKeys/action",
                    "Microsoft.Storage/storageAccounts/read",
                    "Microsoft.Support/*"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Clone the storage Blob Data Reader and Create a custom role with Read permissions on Virtual machines as well.

Published
Categorized as Uncategorized Tagged

By continuous learner

devops & cloud enthusiastic learner

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off
Social Network Widget by Acurax Small Business Website Designers

Discover more from Direct DevOps from Quality Thought

Subscribe now to keep reading and get access to the full archive.

Continue reading

Visit Us On FacebookVisit Us On LinkedinVisit Us On Youtube