Creating an Azure Custom role

In Azure, a Role Definition is a collection of permissions that you can use to grant access to Azure Resources. It lists the actions that can be performed, such as read, write, and delete. A Role Definition is typically just called a role, and it can be high-level, like owner, or specific, like virtual machine reader. Please check Azure RBAC Overview for further details.

The Automated Cloud Mode (Azure) of Solution Manager uses the Azure Java API to perform actions in your Azure account on your behalf. For example, create virtual machines that will run the Denodo components, create the necessary load balancers, etc.

To do this, before using the Automated Cloud Mode, you have to define a Custom role that allows the App registration associated with the Solution Manager to invoke all the necessary operations of the API. Once the Custom role is created, it has to be assigned to the App registration. Please check the Azure documentation for further details.

Follow these steps to do create the Custom role:

  1. Log into the Azure portal.

  2. Go to the Subscription detail page.

  3. Go to Access control (IAM)

  4. Click on Add custom role

  5. Download this file to your computer: Denodo_Solution_Manager_8_0_Azure_Permissions.json

    This JSON file defines the needed permissions. The Solution Manager requires all these privileges to be able to perform all the actions that users can do using the Solution Manager.

    We recommend using this file. If you want to restrict the actions the Solution Manager can do in Azure on your behalf, read the sections below, where all the required Azure permissions are listed.

  6. Select to Start from JSON and use the file you just downloaded. The custom role name is automatically changed to denodo_80_solution_manager (you can use another name if you prefer).

  7. Select the subscription or resource group to add as an assignable scope for the custom role, it depends on your needs. You can only choose from the scopes that you have access to.

  8. Click on Review + create, if there are no warnings or validation errors, click on Create to create the custom role.

Main Features

We recommend creating the role using the file we provide. If you want to restrict the actions the Solution Manager can do, take this into consideration:

  • You cannot remove the permissions that in the table below are marked with Required = Yes. If you remove any of them, you will not be able to use the Automated Cloud Mode (Azure) of the Solution Manager because all the operations will fail.

  • You can remove the permissions with the column Required = No but take into account that the feature associated to that permission will not work. If you try to perform that action, you will get an error.

Permissions required by the main features of the Solution Manager

Permission

Required

Usage

Microsoft.Compute/availabilitySets/read

Yes

Get the properties of an availability set. Required to manage Availability Sets

Microsoft.Compute/availabilitySets/write

Yes

Creates a new availability set or updates an existing one. Required to manage Availability Sets

Microsoft.Compute/availabilitySets/delete

Yes

Deletes the availability set. Required to manage Availability Sets

Microsoft.Compute/availabilitySets/vmSizes/read

Yes

List available sizes for creating or updating a virtual machine in the availability set. Required to manage Availability Sets

Microsoft.Compute/disks/delete

Yes

Get the properties of a Disk. Required to manage Disks

Microsoft.Compute/disks/write

Yes

Creates a new Disk or updates an existing one. Required to manage Disks

Microsoft.Compute/disks/delete

Yes

Deletes the Disk. Required to manage Disks

Microsoft.Compute/disks/beginGetAccess/action

Yes

Get the SAS URI of the Disk for blob access. Required to manage Disks

Microsoft.Compute/disks/endGetAccess/action

Yes

Revoke the SAS URI of the Disk. Required to manage Disks

Microsoft.Compute/images/read

Yes

Get the properties of the Image. Required to manage Images

Microsoft.Compute/images/write

Yes

Creates a new Image or updates an existing one. Required to manage Images

Microsoft.Compute/images/delete

Yes

Deletes the image. Required to manage Images

Microsoft.Compute/locations/publishers/read

Yes

Get the properties of a Publisher. Required to manage Images

Microsoft.Compute/locations/publishers/artifacttypes/offers/read

Yes

Get the properties of a Platform Image Offer. Required to manage Images

Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/read

Yes

Get the properties of a Platform Image Sku. Required to manage Images

Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/versions/read

Yes

Get the properties of a Platform Image Version. Required to manage Images

Microsoft.Compute/locations/publishers/artifacttypes/types/read

Yes

Get the properties of a VMExtension Type. Required to manage Images

Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read

Yes

Get the properties of a VMExtension Version. Required to manage Images

Microsoft.Compute/locations/runCommands/read

Yes

Lists available run commands in location. Required to manage Images

Microsoft.Compute/locations/usages/read

Yes

Gets service limits and current usage quantities for the subscription’s compute resources in a location. Required to manage Images

Microsoft.Compute/locations/vmSizes/read

Yes

Lists available virtual machine sizes in a location. Required to manage Images

Microsoft.Compute/skus/read

Yes

Gets the list of Microsoft.Compute SKUs available for your Subscription. Required to manage Images

Microsoft.Compute/snapshots/read

Yes

Get the properties of a Snapshot. Required to manage Images

Microsoft.Compute/snapshots/write

Yes

Create a new Snapshot or update an existing one. Required to manage Images

Microsoft.Compute/snapshots/delete

Yes

Delete a Snapshot. Required to manage Images

Microsoft.Compute/snapshots/beginGetAccess/action

Yes

Get the SAS URI of the Snapshot for blob access. Required to manage Images

Microsoft.Compute/snapshots/endGetAccess/action

Yes

Revoke the SAS URI of the Snapshot. Required to manage Images

Microsoft.Compute/virtualMachines/assessPatches/action

Yes

Assesses the virtual machine and finds list of available OS update patches for it. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/cancelPatchInstallation/action

Yes

Cancels the ongoing install OS update patch operation on the virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/capture/action

Yes

Captures the virtual machine by copying virtual hard disks and generates a template that can be used to create similar virtual machines. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/convertToManagedDisks/action

Yes

Converts the blob based disks of the virtual machine to managed disks. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/deallocate/action

Yes

Powers off the virtual machine and releases the compute resources. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/delete

Yes

Deletes the virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/extensions/delete

Yes

Deletes the virtual machine extension. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/extensions/read

Yes

Get the properties of a virtual machine extension. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/extensions/write

Yes

Creates a new virtual machine extension or updates an existing one. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/generalize/action

Yes

Sets the virtual machine state to Generalized and prepares the virtual machine for capture. Required to manage Virtual Machines and Images

Microsoft.Compute/virtualMachines/installPatches/action

Yes

Installs available OS update patches on the virtual machine based on parameters provided by user. Assessment results containing list of available patches will also get refreshed as part of this. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/instanceView/read

Yes

Gets the detailed runtime status of the virtual machine and its resources. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read

Yes

Retrieves the summary of the latest patch assessment operation. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read

Yes

Retrieves list of patches assessed during the last patch assessment operation. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/patchInstallationResults/read

Yes

Retrieves the summary of the latest patch installation operation. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read

Yes

Retrieves list of patches attempted to be installed during the last patch installation operation. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/performMaintenance/action

Yes

Performs Maintenance Operation on the VM. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/powerOff/action

Yes

Powers off the virtual machine. Note that the virtual machine will continue to be billed. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read

No

Gets the diagnostic setting for the Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write

No

Creates or updates the diagnostic setting for the Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read

No

Gets the available logs for Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read

No

Reads Virtual Machine Metric Definitions. Required to manage Virtual Machines. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachines/read

Yes

Get the properties of a virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/reapply/action

Yes

Reapplies a virtual machine’s current model. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/redeploy/action

Yes

Redeploys virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/reimage/action

Yes

Reimages virtual machine which is using differencing disk. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/restart/action

Yes

Restarts the virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/retrieveBootDiagnosticsData/action

Yes

Retrieves boot diagnostic logs blob URIs. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/runCommand/action

Yes

Executes a predefined script on the virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/runCommands/delete

Yes

Deletes the virtual machine run command. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/runCommands/read

Yes

Get the properties of a virtual machine run command. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/runCommands/write

Yes

Creates a new virtual machine run command or updates an existing one. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/simulateEviction/action

Yes

Simulates the eviction of spot Virtual Machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/start/action

Yes

Starts the virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/vmSizes/read

Yes

Lists available sizes the virtual machine can be updated to. Required to manage Virtual Machines

Microsoft.Compute/virtualMachines/write

Yes

Creates a new virtual machine or updates an existing virtual machine. Required to manage Virtual Machines

Microsoft.Compute/virtualMachineScaleSets/deallocate/action

No

Powers off and releases the compute resources for the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/delete

No

Deletes the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/delete/action

No

Deletes the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/extensions/delete

No

Deletes the Virtual Machine Scale Set Extension. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/extensions/read

No

Gets the properties of a Virtual Machine Scale Set Extension. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read

No

Gets the properties of a Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/extensions/roles/write

No

Updates the properties of an existing Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/extensions/write

No

Creates a new Virtual Machine Scale Set Extension or updates an existing one. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/forceRecoveryServiceFabricPlatformUpdateDomainWalk/action

No

Manually walk the platform update domains of a service fabric Virtual Machine Scale Set to finish a pending update that is stuck. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/instanceView/read

No

Gets the instance view of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action

No

Manually updates instances to latest model of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read

No

Get properties of all network interfaces of a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/osRollingUpgrade/action

No

Starts a rolling upgrade to move all Virtual Machine Scale Set instances to the latest available Platform Image OS version. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read

No

Gets the history of OS upgrades for a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/performMaintenance/action

No

Performs planned maintenance on the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/powerOff/action

No

Powers off the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read

No

Gets the diagnostic setting for the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write

No

Creates or updates the diagnostic setting for the Virtual Machine Scale set. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read

No

Gets the available logs for Virtual Machine Scale Sets. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read

No

Reads Virtual Machine Scalet Set Metric Definitions. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option

Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read

No

Get properties of all public IP addresses of a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/read

No

Get the properties of a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/redeploy/action

No

Redeploy the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/reimage/action

No

Reimages the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/reimageAll/action

No

Reimages all disks (OS Disk and Data Disks) for the instances of a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/restart/action

No

Restarts the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to restart the virtual machines in a scale set

Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/action

No

Cancels the rolling upgrade of a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read

No

Get latest Rolling Upgrade status for a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/scale/action

No

Verify if an existing Virtual Machine Scale Set can Scale In/Scale Out to specified instance count. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/setOrchestrationServiceState/action

No

Sets the state of an orchestration service based on the action provided in operation input. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/skus/read

No

Lists the valid SKUs for an existing Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/start/action

No

Starts the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action

No

Powers off and releases the compute resources for a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete

No

Delete a specific Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete

No

Deletes the extension for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read

No

Get the properties of an extension for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write

No

Creates a new extension for Virtual Machine in Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read

No

Retrieves the instance view of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read

No

Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP). Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read

No

Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read

No

Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action

No

Performs planned maintenance on a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action

No

Powers Off a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read

No

Reads Virtual Machine in Scale Set Metric Definitions. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read

No

Retrieves the properties of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/redeploy/action

No

Redeploys a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimage/action

No

Reimages a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action

No

Reimages all disks (OS Disk and Data Disks) for Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action

No

Restarts a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/retrieveBootDiagnosticsData/action

No

Retrieves boot diagnostic logs blob URIs of Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action

No

Executes a predefined script on a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete

No

Deletes the run command for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read

No

Get the properties of a run command for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write

No

Creates a new run command for Virtual Machine in Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action

No

Simulates the eviction of spot Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action

No

Starts a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write

No

Updates the properties of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/vmSizes/read

No

List available sizes for creating or updating a virtual machine in the Virtual Machine Scale Set. Required by the Auto Scale management feature

Microsoft.Compute/virtualMachineScaleSets/write

No

Creates a new Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature

Microsoft.Insights/AutoscaleSettings/Read

No

Read an autoscale setting. Required by the Auto Scale management feature

Microsoft.Insights/AutoscaleSettings/Write

No

Create or update an autoscale setting. Required by the Auto Scale management feature

Microsoft.Insights/AutoscaleSettings/Delete

No

Delete an autoscale setting. Required by the Auto Scale management feature

Microsoft.Network/connections/providers/Microsoft.Insights/diagnosticSettings/read

Yes

Gets diagnostic settings for Connections. Required to manage Load Balancers

Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read

Yes

Lists the backend addresses of the Load Balancer backend address pool. Required to manage Load Balancers

Microsoft.Network/loadBalancers/backendAddressPools/delete

Yes

Deletes a load balancer backend address pool. Required to manage Load Balancers

Microsoft.Network/loadBalancers/backendAddressPools/join/action

Yes

Joins a load balancer backend address pool. Not Alertable. Required to manage Load Balancers

Microsoft.Network/loadBalancers/backendAddressPools/read

Yes

Gets a load balancer backend address pool definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/backendAddressPools/write

Yes

Creates a load balancer backend address pool or updates an existing load balancer backend address pool. Required to manage Load Balancers

Microsoft.Network/loadBalancers/delete

Yes

Deletes a load balancer. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action

Yes

Joins a Load Balancer Frontend IP Configuration. Not alertable. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/delete

Yes

Deletes a load balancer frontend IP address backend pool. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/join/action

Yes

Joins a load balancer frontend IP address backend pool. Not alertable. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read

Yes

Gets a load balancer frontend IP address backend pool definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/write

Yes

Creates a load balancer frontend IP address backend pool or updates an existing public IP Address load balancer backend pool. Required to manage Load Balancers

Microsoft.Network/loadBalancers/frontendIPConfigurations/read

Yes

Gets a load balancer frontend IP configuration definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/inboundNatPools/read

Yes

Gets a load balancer inbound nat pool definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/inboundNatRules/read

Yes

Gets a load balancer inbound nat rule definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/loadBalancingRules/read

Yes

Gets a load balancer load balancing rule definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/networkInterfaces/read

Yes

Gets references to all the network interfaces under a load balancer. Required to manage Load Balancers

Microsoft.Network/loadBalancers/outboundRules/read

Yes

Gets a load balancer outbound rule definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/probes/join/action

Yes

Allows using probes of a load balancer. For example, with this permission healthProbe property of VM scale set can reference the probe. Not alertable. Required to manage Load Balancers

Microsoft.Network/loadBalancers/probes/read

Yes

Gets a load balancer probe. Required to manage Load Balancers

Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read

No

Gets the Load Balancer Diagnostic Settings. Required to manage Load Balancers. Required to use the “minimizing downtime” option

Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read

No

Gets the available metrics for Load Balancer. Required to manage Load Balancers. Required to use the “minimizing downtime” option

Microsoft.Network/loadBalancers/read

Yes

Gets a load balancer definition. Required to manage Load Balancers

Microsoft.Network/loadBalancers/virtualMachines/read

Yes

Gets references to all the virtual machines under a load balancer. Required to manage Load Balancers

Microsoft.Network/loadBalancers/write

Yes

Creates a load balancer or updates an existing load balancer. Required to manage Load Balancers

Microsoft.Network/networkInterfaces/delete

Yes

Deletes a network interface. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action

Yes

Get Network Security Groups configured On Network Interface Of The Vm. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/effectiveRouteTable/action

Yes

Get Route Table configured On Network Interface Of The Vm. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/ipconfigurations/join/action

Yes

Joins a Network Interface IP Configuration. Not alertable. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/ipconfigurations/read

Yes

Gets a network interface IP configuration definition. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/join/action

Yes

Joins a Virtual Machine to a network interface. Not Alertable. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/loadBalancers/read

Yes

Gets all the load balancers that the network interface is part of. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read

No

Gets available metrics for the Network Interface. Required to manage Network Interfaces. Required to use the “minimizing downtime” option

Microsoft.Network/networkInterfaces/read

Yes

Gets a network interface definition. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/UpdateParentNicAttachmentOnElasticNic/action

Yes

Updates the parent NIC associated to the elastic NIC. Required to manage Network Interfaces

Microsoft.Network/networkInterfaces/write

Yes

Creates a network interface or updates an existing network interface. Required to manage Network Interfaces

Microsoft.Network/networkProfiles/read

Yes

Gets a Network Profile. Required to manage Network Interfaces

Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read

Yes

Gets a default security rule definition. Required to manage Network Security Groups

Microsoft.Network/networkSecurityGroups/delete

Yes

Deletes a network security group. Required to manage Network Security Groups

Microsoft.Network/networkSecurityGroups/join/action

Yes

Joins a network security group. Not Alertable. Required to manage Network Security Groups

Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read

No

Gets the Network Security Groups Diagnostic Settings. Required to use the “minimizing downtime” option. Required to manage Network Security Groups

Microsoft.Network/networkSecurityGroups/read

Yes

Gets a network security group definition. Required to manage Network Security Groups

Microsoft.Network/networkSecurityGroups/securityRules/read

Yes

Gets a security rule definition. Required to manage Network Security Groups

Microsoft.Network/networkSecurityGroups/write

No

Creates a network security group or updates an existing network security group. Required to manage Network Security Groups

Microsoft.Network/publicIPAddresses/delete

No

Deletes a public IP address. Required to manage Public IP Addresses

Microsoft.Network/publicIPAddresses/dnsAliases/read

No

Gets a Public IP Address Dns Alias resource. Required to manage Public IP Addresses

Microsoft.Network/publicIPAddresses/join/action

No

Joins a public IP address. Not Alertable. Required to manage Public IP Addresses

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read

No

Get the diagnostic settings of Public IP Address. Required to manage Public IP Addresses. Required to use the “minimizing downtime” option

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read

No

Get the metrics definitions of Public IP Address. Required to manage Public IP Addresses. Required to use the “minimizing downtime” option

Microsoft.Network/publicIPAddresses/read

No

Gets a public IP address definition. Required to manage Public IP Addresses

Microsoft.Network/publicIPAddresses/write

No

Creates a public IP address or updates an existing public IP address. Required to manage Public IP Addresses

Microsoft.Network/publicIPPrefixes/delete

No

Deletes A Public IP Prefix. Required to manage Public IP Addresses

Microsoft.Network/publicIPPrefixes/join/action

No

Joins a PublicIPPrefix. Not alertable. Required to manage Public IP Addresses

Microsoft.Network/publicIPPrefixes/read

No

Gets a Public IP Prefix Definition. Required to manage Public IP Addresses

Microsoft.Network/publicIPPrefixes/write

No

Creates A Public IP Prefix Or Updates An Existing Public IP Prefix. Required to manage Public IP Addresses

Microsoft.Network/operations/read

Yes

Get Available Operations. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read

Yes

Check if IP Address is available at the specified virtual network. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/customViews/read

Yes

Get definition of a custom view of Virtual Network. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/join/action

Yes

Joins a virtual network. Not Alertable. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/joinLoadBalancer/action

Yes

Joins a load balancer to virtual networks. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read

No

Get the diagnostic settings of Virtual Network. Permission required to manage Virtual Networks. Required to use the “minimizing downtime” option

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read

No

Gets available metrics for the PingMesh. Permission required to manage Virtual Networks. Required to use the “minimizing downtime” option

Microsoft.Network/virtualNetworks/read

Yes

Get the virtual network definition. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read

Yes

Gets Contextual Service Endpoint Policies. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/delete

Yes

Deletes a virtual network subnet. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/join/action

Yes

Joins a virtual network. Not Alertable. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action

Yes

Joins a load balancer to virtual network subnets. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action

Yes

Joins resource such as storage account or SQL database to a subnet. Not alertable. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action

Yes

Prepares a subnet by applying necessary Network Policies. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/read

Yes

Gets a virtual network subnet definition. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read

Yes

Get the Resource Navigation Link definition. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read

Yes

Gets a Service Association Link Detail Definition. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read

Yes

Gets a Service Association Link definition. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action

Yes

Unprepare a subnet by removing the applied Network Policies. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/virtualMachines/read

Yes

Gets references to all the virtual machines in a virtual network subnet. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/subnets/write

No

Creates a virtual network subnet or updates an existing virtual network subnet. Permission required to manage Subnets

Microsoft.Network/virtualNetworks/virtualMachines/read

Yes

Gets references to all the virtual machines in a virtual network. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/write

No

Creates a virtual network or updates an existing virtual network. Permission required to manage Virtual Networks

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write

No

Required to create a peering from virtual network A to virtual network B. Virtual network A must be a virtual network (Resource Manager). Permission required to manage Virtual Network Peerings

Microsoft.Network/virtualNetworks/peer/action

No

Required to create a peering from virtual network B (Resource Manager) to virtual network A. Permission required to manage Virtual Network Peerings

Microsoft.ClassicNetwork/virtualNetworks/peer/action

No

Required to create a peering from virtual network B (classic) to virtual network A. Permission required to manage Virtual Network Peerings

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read

No

Read a virtual network peering. Permission required to manage Virtual Network Peerings

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete

No

Delete a virtual network peering. Permission required to manage Virtual Network Peerings

Microsoft.Resources/subscriptions/resourceGroups/read

Yes

Gets or lists resource groups. Required to manage Resource Groups

Microsoft.Resources/subscriptions/resourceGroups/write

No

Creates or updates a resource group. Required to manage Resource Groups

Microsoft.Authorization/roleAssignments/write

No

Create a role assignment at the specified scope. Permission required to manage Role Assignments

Microsoft.Authorization/roleAssignments/delete

No

Delete a role assignment at the specified scope. Permission required to manage Role Assignments

Microsoft.Storage/storageAccounts/read

No

Returns the list of storage accounts or gets the properties for the specified storage account

Microsoft.Subscription/aliases/read

Yes

Get subscription alias. Required to validate Azure credentias into subscription

Microsoft.Insights/MetricDefinitions/Read

No

Read metric definitions. Required to use the “minimizing downtime” option

Microsoft.Insights/Components/Query/Read

No

Run queries against Application Insights logs. Required to use the “minimizing downtime” option

Microsoft.Insights/Components/MetricDefinitions/Read

No

Reading Application Insights component metric definitions. Required to use the “minimizing downtime” option

Microsoft.Insights/Components/Metrics/Read

No

Reading Application Insights component metrics. Required to use the “minimizing downtime” option

Microsoft.Insights/MetricDefinitions/Microsoft.Insights/Read

No

Read metric definitions. Required to use the “minimizing downtime” option

Microsoft.Insights/MetricDefinitions/providers/Microsoft.Insights/Read

No

Read metric definitions. Required to use the “minimizing downtime” option

Microsoft.Insights/Metricnamespaces/Read

No

Read metric namespaces. Required to use the “minimizing downtime” option

Microsoft.Insights/Metrics/Read

No

Read metrics. Required to use the “minimizing downtime” option

Microsoft.Insights/Metrics/Microsoft.Insights/Read

No

Read metrics. Required to use the “minimizing downtime” option

Microsoft.Insights/Metrics/providers/Metrics/Read

No

Read metrics. Required to use the “minimizing downtime” option

Automated Resource Group Management

When you create an Automated Cloud Mode (Azure) environment, you can create a new Resource Group or use an existing one.

If you do not want to allow the Solution Manager to create new Resource Groups, you can remove the write permission.

Permissions required to manage Resource Groups

Permission

Microsoft.Resources/subscriptions/resourceGroups/read

Gets or lists resource groups

Microsoft.Resources/subscriptions/resourceGroups/write

Creates or updates a resource group

Automated Virtual Network Management

When you create an Automated Cloud Mode (Azure) environment, you can choose if you want the Solution Manager to create a new Virtual Network for the Virtual Machines or use an existing one.

If you do not want to allow the Solution Manager to create new Virtual Networks, you can remove the write permission.

Permissions required to manage Virtual Networks, their peerings and public IP addresses

Permission

Microsoft.Network/operations/read

Get Available Operations

Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read

Check if IP Address is available at the specified virtual network

Microsoft.Network/virtualNetworks/customViews/read

Get definition of a custom view of Virtual Network

Microsoft.Network/virtualNetworks/join/action

Joins a virtual network. Not Alertable

Microsoft.Network/virtualNetworks/joinLoadBalancer/action

Joins a load balancer to virtual networks

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read

Get the diagnostic settings of Virtual Network

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read

Gets available metrics for the PingMesh

Microsoft.Network/virtualNetworks/read

Get the virtual network definition

Microsoft.Network/virtualNetworks/virtualMachines/read

Gets references to all the virtual machines in a virtual network

Microsoft.Network/virtualNetworks/write

Creates a virtual network or updates an existing virtual network

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write

Required to create a peering from virtual network A to virtual network B. Virtual network A must be a virtual network (Resource Manager)

Microsoft.Network/virtualNetworks/peer/action

Required to create a peering from virtual network B (Resource Manager) to virtual network A

Microsoft.ClassicNetwork/virtualNetworks/peer/action

Required to create a peering from virtual network B (classic) to virtual network A

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read

Read a virtual network peering

Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete

Delete a virtual network peering

Microsoft.Network/publicIPAddresses/delete

Deletes a public IP address

Microsoft.Network/publicIPAddresses/dnsAliases/read

Gets a Public IP Address Dns Alias resource

Microsoft.Network/publicIPAddresses/join/action

Joins a public IP address. Not Alertable

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read

Get the diagnostic settings of Public IP Address

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read

Get the metrics definitions of Public IP Address

Microsoft.Network/publicIPAddresses/read

Gets a public IP address definition

Microsoft.Network/publicIPAddresses/write

Creates a public IP address or updates an existing public IP address

Microsoft.Network/publicIPPrefixes/delete

Deletes A Public IP Prefix

Microsoft.Network/publicIPPrefixes/join/action

Joins a PublicIPPrefix. Not alertable

Microsoft.Network/publicIPPrefixes/read

Gets a Public IP Prefix Definition

Microsoft.Network/publicIPPrefixes/write

Creates A Public IP Prefix Or Updates An Existing Public IP Prefix

Automated Subnet Management

When you create an Automated Cloud Mode (Azure) cluster, you can choose if you want the Solution Manager to create a new Subnet for the new components or use an existing one.

If you do not want to allow the Solution Manager to create new Subnets, you can remove the write permission.

Permission required to manage Subnets

Permission

Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read

Gets Contextual Service Endpoint Policies

Microsoft.Network/virtualNetworks/subnets/delete

Deletes a virtual network subnet

Microsoft.Network/virtualNetworks/subnets/join/action

Joins a virtual network. Not Alertable

Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action

Joins a load balancer to virtual network subnets

Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action

Joins resource such as storage account or SQL database to a subnet. Not alertable

Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action

Prepares a subnet by applying necessary Network Policies

Microsoft.Network/virtualNetworks/subnets/read

Gets a virtual network subnet definition

Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read

Get the Resource Navigation Link definition

Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read

Gets a Service Association Link Detail Definition

Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read

Gets a Service Association Link definition

Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action

Unprepare a subnet by removing the applied Network Policies

Microsoft.Network/virtualNetworks/subnets/virtualMachines/read

Gets references to all the virtual machines in a virtual network subnet

Microsoft.Network/virtualNetworks/subnets/write

Creates a virtual network subnet or updates an existing virtual network subnet

Automated Network Security Group Management

When you create an Automated Cloud Mode (Azure) cluster, you can choose if you want the Solution Manager to create a new Network Security Group for the new components or use an existing one.

If you do not want to allow the Solution Manager to create new Network Security Groups, you can remove the write permission.

Permissions required to manage Network Security Groups

Permission

Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read

Gets a default security rule definition

Microsoft.Network/networkSecurityGroups/delete

Deletes a network security group

Microsoft.Network/networkSecurityGroups/join/action

Joins a network security group. Not Alertable

Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read

Gets the Network Security Groups Diagnostic Settings.

Microsoft.Network/networkSecurityGroups/read

Gets a network security group definition

Microsoft.Network/networkSecurityGroups/securityRules/read

Gets a security rule definition

Microsoft.Network/networkSecurityGroups/write

Creates a network security group or updates an existing network security group

Minimizing downtime option

When installing a Denodo Update or recreating an Automated Cloud Mode (Azure) cluster, the option minimizing downtime can be selected.

If you do not want to allow the Solution Manager to perform these tasks with the minimizing downtime option, you can remove the following permissions.

Permissions required to use the minimizing downtime option

Permission

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read

Gets the diagnostic setting for the Virtual Machine

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write

Creates or updates the diagnostic setting for the Virtual Machine

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read

Gets the available logs for Virtual Machine

Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read

Reads Virtual Machine Metric Definitions

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read

Gets the diagnostic setting for the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write

Creates or updates the diagnostic setting for the Virtual Machine Scale set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read

Gets the available logs for Virtual Machine Scale Sets

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read

Reads Virtual Machine Scalet Set Metric Definitions

Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read

Gets the Load Balancer Diagnostic Settings

Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read

Gets the available metrics for Load Balancer

Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read

Gets available metrics for the Network Interface

Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read

Gets the Network Security Groups Diagnostic Settings

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read

Get the diagnostic settings of Public IP Address

Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read

Get the metrics definitions of Public IP Address

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read

Get the diagnostic settings of Virtual Network

Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read

Gets available metrics for the PingMesh

Microsoft.Insights/MetricDefinitions/Read

Read metric definitions

Microsoft.Insights/Components/Query/Read

Run queries against Application Insights logs

Microsoft.Insights/Components/MetricDefinitions/Read

Reading Application Insights component metric definitions

Microsoft.Insights/Components/Metrics/Read

Reading Application Insights component metrics

Microsoft.Insights/MetricDefinitions/Microsoft.Insights/Read

Read metric definitions

Microsoft.Insights/MetricDefinitions/providers/Microsoft.Insights/Read

Read metric definitions

Microsoft.Insights/Metricnamespaces/Read

Read metric namespaces

Microsoft.Insights/Metrics/Read

Read metrics

Microsoft.Insights/Metrics/Microsoft.Insights/Read

Read metrics

Microsoft.Insights/Metrics/providers/Metrics/Read

Read metrics

Automated Auto Scale Set Management

When you create an Automated Cluster Mode (Azure) cluster, you can choose if you want the Solution Manager to launch the Virtual Machines in a Scale Set.

If you do not want to allow the Solution Manager to create and manage Scale Sets, you can remove the following permissions.

Permissions required by the Auto Scale management feature

Permission

Microsoft.Compute/virtualMachineScaleSets/deallocate/action

Powers off and releases the compute resources for the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/delete

Deletes the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/delete/action

Deletes the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/extensions/delete

Deletes the Virtual Machine Scale Set Extension

Microsoft.Compute/virtualMachineScaleSets/extensions/read

Gets the properties of a Virtual Machine Scale Set Extension

Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read

Gets the properties of a Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension

Microsoft.Compute/virtualMachineScaleSets/extensions/roles/write

Updates the properties of an existing Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension

Microsoft.Compute/virtualMachineScaleSets/extensions/write

Creates a new Virtual Machine Scale Set Extension or updates an existing one

Microsoft.Compute/virtualMachineScaleSets/forceRecoveryServiceFabricPlatformUpdateDomainWalk/action

Manually walk the platform update domains of a service fabric Virtual Machine Scale Set to finish a pending update that is stuck

Microsoft.Compute/virtualMachineScaleSets/instanceView/read

Gets the instance view of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action

Manually updates instances to latest model of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read

Get properties of all network interfaces of a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/osRollingUpgrade/action

Starts a rolling upgrade to move all Virtual Machine Scale Set instances to the latest available Platform Image OS version

Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read

Gets the history of OS upgrades for a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/performMaintenance/action

Performs planned maintenance on the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/powerOff/action

Powers off the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read

Gets the diagnostic setting for the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write

Creates or updates the diagnostic setting for the Virtual Machine Scale set

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read

Gets the available logs for Virtual Machine Scale Sets

Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read

Reads Virtual Machine Scalet Set Metric Definitions

Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read

Get properties of all public IP addresses of a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/read

Get the properties of a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/redeploy/action

Redeploy the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/reimage/action

Reimages the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/reimageAll/action

Reimages all disks (OS Disk and Data Disks) for the instances of a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/restart/action

Restarts the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/action

Cancels the rolling upgrade of a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read

Get latest Rolling Upgrade status for a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/scale/action

Verify if an existing Virtual Machine Scale Set can Scale In/Scale Out to specified instance count

Microsoft.Compute/virtualMachineScaleSets/setOrchestrationServiceState/action

Sets the state of an orchestration service based on the action provided in operation input

Microsoft.Compute/virtualMachineScaleSets/skus/read

Lists the valid SKUs for an existing Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/start/action

Starts the instances of the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action

Powers off and releases the compute resources for a Virtual Machine in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete

Delete a specific Virtual Machine in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete

Deletes the extension for Virtual Machine in Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read

Get the properties of an extension for Virtual Machine in Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write

Creates a new extension for Virtual Machine in Virtual Machine Scale Set or updates an existing one

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read

Retrieves the instance view of a Virtual Machine in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read

Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP)

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read

Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read

Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action

Performs planned maintenance on a Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action

Powers Off a Virtual Machine instance in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read

Reads Virtual Machine in Scale Set Metric Definitions

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read

Retrieves the properties of a Virtual Machine in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/redeploy/action

Redeploys a Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimage/action

Reimages a Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action

Reimages all disks (OS Disk and Data Disks) for Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action

Restarts a Virtual Machine instance in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/retrieveBootDiagnosticsData/action

Retrieves boot diagnostic logs blob URIs of Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action

Executes a predefined script on a Virtual Machine instance in a Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete

Deletes the run command for Virtual Machine in Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read

Get the properties of a run command for Virtual Machine in Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write

Creates a new run command for Virtual Machine in Virtual Machine Scale Set or updates an existing one

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action

Simulates the eviction of spot Virtual Machine in Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action

Starts a Virtual Machine instance in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write

Updates the properties of a Virtual Machine in a VM Scale Set

Microsoft.Compute/virtualMachineScaleSets/vmSizes/read

List available sizes for creating or updating a virtual machine in the Virtual Machine Scale Set

Microsoft.Compute/virtualMachineScaleSets/write

Creates a new Virtual Machine Scale Set or updates an existing one

Microsoft.Insights/AutoscaleSettings/Read

Read an autoscale setting

Microsoft.Insights/AutoscaleSettings/Write

Create or update an autoscale setting

Microsoft.Insights/AutoscaleSettings/Delete

Delete an autoscale setting