Skip to content

Include required RBAC Action(s) for each operation in documentation #4468

New issue
New issue
Open
Open
Include required RBAC Action(s) for each operation in documentation#4468
Labels
ARM - RBACService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK team
@hrboyceiii

Description

@hrboyceiii
hrboyceiii
opened on Nov 15, 2018

See Azure PowerShell Issue 6843

There are many scenarios where to perform a given operation, there isn't a least-privileged built-in RBAC role that grants the required permissions to perform the operation. Simple examples include restarting a Web App, VM, etc. Other scenarios (which are more complex beyond the rest apis themselves) include granting SQL DB Contributor on a SQL DB doesn't actually allow you to run an ARM deployment as that also requires Microsoft.Resources/deployments/* on the instance's resource group.

Please consider documenting the required RBAC actions per operation so that it is easier to discover and determine when it is appropriate for creating a custom RBAC role.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ARM - RBACService AttentionWorkflow: This issue is responsible by Azure service team.customer-reportedIssues that are reported by GitHub users external to the Azure organization.needs-team-attentionWorkflow: This issue needs attention from Azure service team or SDK team

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions