Home > Blockchain >  How to customize Subscription contributor role for blocking Storage in Azure
How to customize Subscription contributor role for blocking Storage in Azure

Time:12-05

I have a requirement to customize the contributor role at Azure Subscription level, such that, people added to that customized contributor role can NOT view or read the data from the storage account (under that subscription).

This is how i'm doing this:

Step1 Clone Subscription contributor Basic

Step2 Permission

Step3 ( Actions shows * ) JSON

Review and Create

2 assignable scope

Note, The idea is to People need a contributor role to manage the subscription. However, they MUST NOT view the data from the storage under this particular subscription.

I think this is not the right approach. Are there any other ways to achieve this? Thanks.

CodePudding user response:

If you want to create a custom role, then you should have a look at the resource provider operations. From there, you can see all the available actions per resource provider.

You would probably be interested in the DataActions such as Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read and others depending on what you want to filter out.

CodePudding user response:

If you want to block particularly Azure Storage under Subscription Scope Level.

Kindly Exclude Azure Storage under Add Permission Section in order to block Azure Storage only while creating RBAC Role

Page link:https//www.codepudding.com/Blockchain/632302.html

Prev:Az login Fails using Personal Microsoft Account - AADSTS500200
Next:How to deploy/publish an ASP.NET Core React JS website with a particular .env file?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding