Creating an Azure Custom Role¶
In Azure, a Role Definition is a collection of permissions that you can use to grant access to Azure Resources. It lists the actions that can be performed, such as read, write, and delete. A Role Definition is typically just called a role, and it can be high-level, like owner, or specific, like virtual machine reader. Please check Azure RBAC Overview for further details.
The Automated Cloud Mode (Azure) of Solution Manager uses the Azure Java API to perform actions in your Azure account on your behalf. For example, create virtual machines that will run the Denodo components, create the necessary load balancers, etc.
To do this, before using the Automated Cloud Mode, you have to define a Custom role that allows the App registration associated with the Solution Manager to invoke all the necessary operations of the API. Once the Custom role is created, it has to be assigned to the App registration. Please check the Azure documentation for further details.
Follow these steps to do create the Custom role:
Log in to the Azure portal.
Go to the Subscription detail page.
Go to Access control (IAM)
Click on Add custom role
Download this file to your computer:
Denodo_Solution_Manager_9_Azure_Permissions.json
This JSON file defines the needed permissions. The Solution Manager requires all these privileges to be able to perform all the actions that users can do using the Solution Manager.
We recommend using this file. If you want to restrict the actions the Solution Manager can do in Azure on your behalf, read the sections below, where all the required Azure permissions are listed.
Select to Start from JSON and use the file you just downloaded. The custom role name is automatically changed to denodo_90_solution_manager (you can use another name if you prefer).
Select the subscription or resource group to add as an assignable scope for the custom role, it depends on your needs. You can only choose from the scopes that you have access to.
Click on Review + create, if there are no warnings or validation errors, click on Create to create the custom role.
Main Features¶
We recommend creating the role using the file we provide. If you want to restrict the actions the Solution Manager can do, take this into consideration:
You cannot remove the permissions that in the table below are marked with Required = Yes. If you remove any of them, you will not be able to use the Automated Cloud Mode (Azure) of the Solution Manager because all the operations will fail.
You can remove the permissions with the column Required = No but take into account that the feature associated to that permission will not work. If you try to perform that action, you will get an error.
Permission |
Required |
Usage |
---|---|---|
Microsoft.Compute/availabilitySets/read |
Yes |
Get the properties of an availability set. Required to manage Availability Sets |
Microsoft.Compute/availabilitySets/write |
Yes |
Creates a new availability set or updates an existing one. Required to manage Availability Sets |
Microsoft.Compute/availabilitySets/delete |
Yes |
Deletes the availability set. Required to manage Availability Sets |
Microsoft.Compute/availabilitySets/vmSizes/read |
Yes |
List available sizes for creating or updating a virtual machine in the availability set. Required to manage Availability Sets |
Microsoft.Compute/disks/delete |
Yes |
Get the properties of a Disk. Required to manage Disks |
Microsoft.Compute/disks/write |
Yes |
Creates a new Disk or updates an existing one. Required to manage Disks |
Microsoft.Compute/disks/delete |
Yes |
Deletes the Disk. Required to manage Disks |
Microsoft.Compute/disks/beginGetAccess/action |
Yes |
Get the SAS URI of the Disk for blob access. Required to manage Disks |
Microsoft.Compute/disks/endGetAccess/action |
Yes |
Revoke the SAS URI of the Disk. Required to manage Disks |
Microsoft.Compute/images/read |
Yes |
Get the properties of the Image. Required to manage Images |
Microsoft.Compute/images/write |
Yes |
Creates a new Image or updates an existing one. Required to manage Images |
Microsoft.Compute/images/delete |
Yes |
Deletes the image. Required to manage Images |
Microsoft.Compute/locations/publishers/read |
Yes |
Get the properties of a Publisher. Required to manage Images |
Microsoft.Compute/locations/publishers/artifacttypes/offers/read |
Yes |
Get the properties of a Platform Image Offer. Required to manage Images |
Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/read |
Yes |
Get the properties of a Platform Image Sku. Required to manage Images |
Microsoft.Compute/locations/publishers/artifacttypes/offers/skus/versions/read |
Yes |
Get the properties of a Platform Image Version. Required to manage Images |
Microsoft.Compute/locations/publishers/artifacttypes/types/read |
Yes |
Get the properties of a VMExtension Type. Required to manage Images |
Microsoft.Compute/locations/publishers/artifacttypes/types/versions/read |
Yes |
Get the properties of a VMExtension Version. Required to manage Images |
Microsoft.Compute/locations/runCommands/read |
Yes |
Lists available run commands in location. Required to manage Images |
Microsoft.Compute/locations/usages/read |
Yes |
Gets service limits and current usage quantities for the subscription’s compute resources in a location. Required to manage Images |
Microsoft.Compute/locations/vmSizes/read |
Yes |
Lists available virtual machine sizes in a location. Required to manage Images |
Microsoft.Compute/skus/read |
Yes |
Gets the list of Microsoft.Compute SKUs available for your Subscription. Required to manage Images |
Microsoft.Compute/snapshots/read |
Yes |
Get the properties of a Snapshot. Required to manage Images |
Microsoft.Compute/snapshots/write |
Yes |
Create a new Snapshot or update an existing one. Required to manage Images |
Microsoft.Compute/snapshots/delete |
Yes |
Delete a Snapshot. Required to manage Images |
Microsoft.Compute/snapshots/beginGetAccess/action |
Yes |
Get the SAS URI of the Snapshot for blob access. Required to manage Images |
Microsoft.Compute/snapshots/endGetAccess/action |
Yes |
Revoke the SAS URI of the Snapshot. Required to manage Images |
Microsoft.Compute/virtualMachines/assessPatches/action |
Yes |
Assesses the virtual machine and finds list of available OS update patches for it. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/cancelPatchInstallation/action |
Yes |
Cancels the ongoing install OS update patch operation on the virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/capture/action |
Yes |
Captures the virtual machine by copying virtual hard disks and generates a template that can be used to create similar virtual machines. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/convertToManagedDisks/action |
Yes |
Converts the blob based disks of the virtual machine to managed disks. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/deallocate/action |
Yes |
Powers off the virtual machine and releases the compute resources. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/delete |
Yes |
Deletes the virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/extensions/delete |
Yes |
Deletes the virtual machine extension. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/extensions/read |
Yes |
Get the properties of a virtual machine extension. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/extensions/write |
Yes |
Creates a new virtual machine extension or updates an existing one. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/generalize/action |
Yes |
Sets the virtual machine state to Generalized and prepares the virtual machine for capture. Required to manage Virtual Machines and Images |
Microsoft.Compute/virtualMachines/installPatches/action |
Yes |
Installs available OS update patches on the virtual machine based on parameters provided by user. Assessment results containing list of available patches will also get refreshed as part of this. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/instanceView/read |
Yes |
Gets the detailed runtime status of the virtual machine and its resources. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/read |
Yes |
Retrieves the summary of the latest patch assessment operation. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/patchAssessmentResults/latest/softwarePatches/read |
Yes |
Retrieves list of patches assessed during the last patch assessment operation. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/patchInstallationResults/read |
Yes |
Retrieves the summary of the latest patch installation operation. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/patchInstallationResults/softwarePatches/read |
Yes |
Retrieves list of patches attempted to be installed during the last patch installation operation. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/performMaintenance/action |
Yes |
Performs Maintenance Operation on the VM. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/powerOff/action |
Yes |
Powers off the virtual machine. Note that the virtual machine will continue to be billed. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Gets the diagnostic setting for the Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write |
No |
Creates or updates the diagnostic setting for the Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read |
No |
Gets the available logs for Virtual Machine. Required to manage Virtual Machines. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read |
No |
Reads Virtual Machine Metric Definitions. Required to manage Virtual Machines. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachines/read |
Yes |
Get the properties of a virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/reapply/action |
Yes |
Reapplies a virtual machine’s current model. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/redeploy/action |
Yes |
Redeploys virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/reimage/action |
Yes |
Reimages virtual machine which is using differencing disk. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/restart/action |
Yes |
Restarts the virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/retrieveBootDiagnosticsData/action |
Yes |
Retrieves boot diagnostic logs blob URIs. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/runCommand/action |
Yes |
Executes a predefined script on the virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/runCommands/delete |
Yes |
Deletes the virtual machine run command. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/runCommands/read |
Yes |
Get the properties of a virtual machine run command. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/runCommands/write |
Yes |
Creates a new virtual machine run command or updates an existing one. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/simulateEviction/action |
Yes |
Simulates the eviction of spot Virtual Machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/start/action |
Yes |
Starts the virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/vmSizes/read |
Yes |
Lists available sizes the virtual machine can be updated to. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachines/write |
Yes |
Creates a new virtual machine or updates an existing virtual machine. Required to manage Virtual Machines |
Microsoft.Compute/virtualMachineScaleSets/deallocate/action |
No |
Powers off and releases the compute resources for the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/delete |
No |
Deletes the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/delete/action |
No |
Deletes the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/extensions/delete |
No |
Deletes the Virtual Machine Scale Set Extension. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/extensions/read |
No |
Gets the properties of a Virtual Machine Scale Set Extension. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read |
No |
Gets the properties of a Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/extensions/roles/write |
No |
Updates the properties of an existing Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/extensions/write |
No |
Creates a new Virtual Machine Scale Set Extension or updates an existing one. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/forceRecoveryServiceFabricPlatformUpdateDomainWalk/action |
No |
Manually walk the platform update domains of a service fabric Virtual Machine Scale Set to finish a pending update that is stuck. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/instanceView/read |
No |
Gets the instance view of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action |
No |
Manually updates instances to latest model of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read |
No |
Get properties of all network interfaces of a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/osRollingUpgrade/action |
No |
Starts a rolling upgrade to move all Virtual Machine Scale Set instances to the latest available Platform Image OS version. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read |
No |
Gets the history of OS upgrades for a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/performMaintenance/action |
No |
Performs planned maintenance on the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/powerOff/action |
No |
Powers off the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Gets the diagnostic setting for the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write |
No |
Creates or updates the diagnostic setting for the Virtual Machine Scale set. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read |
No |
Gets the available logs for Virtual Machine Scale Sets. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read |
No |
Reads Virtual Machine Scalet Set Metric Definitions. Required by the Auto Scale management feature. Required to use the “minimizing downtime” option |
Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read |
No |
Get properties of all public IP addresses of a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/read |
No |
Get the properties of a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/redeploy/action |
No |
Redeploy the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/reimage/action |
No |
Reimages the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/reimageAll/action |
No |
Reimages all disks (OS Disk and Data Disks) for the instances of a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/restart/action |
No |
Restarts the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature. Required to restart the virtual machines in a scale set |
Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/action |
No |
Cancels the rolling upgrade of a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read |
No |
Get latest Rolling Upgrade status for a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/scale/action |
No |
Verify if an existing Virtual Machine Scale Set can Scale In/Scale Out to specified instance count. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/setOrchestrationServiceState/action |
No |
Sets the state of an orchestration service based on the action provided in operation input. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/skus/read |
No |
Lists the valid SKUs for an existing Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/start/action |
No |
Starts the instances of the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action |
No |
Powers off and releases the compute resources for a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete |
No |
Delete a specific Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete |
No |
Deletes the extension for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read |
No |
Get the properties of an extension for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write |
No |
Creates a new extension for Virtual Machine in Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read |
No |
Retrieves the instance view of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read |
No |
Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP). Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read |
No |
Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read |
No |
Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action |
No |
Performs planned maintenance on a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action |
No |
Powers Off a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature. Required to stop the virtual machines in a scale set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read |
No |
Reads Virtual Machine in Scale Set Metric Definitions. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read |
No |
Retrieves the properties of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/redeploy/action |
No |
Redeploys a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimage/action |
No |
Reimages a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action |
No |
Reimages all disks (OS Disk and Data Disks) for Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action |
No |
Restarts a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/retrieveBootDiagnosticsData/action |
No |
Retrieves boot diagnostic logs blob URIs of Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action |
No |
Executes a predefined script on a Virtual Machine instance in a Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete |
No |
Deletes the run command for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read |
No |
Get the properties of a run command for Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write |
No |
Creates a new run command for Virtual Machine in Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action |
No |
Simulates the eviction of spot Virtual Machine in Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action |
No |
Starts a Virtual Machine instance in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write |
No |
Updates the properties of a Virtual Machine in a VM Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/vmSizes/read |
No |
List available sizes for creating or updating a virtual machine in the Virtual Machine Scale Set. Required by the Auto Scale management feature |
Microsoft.Compute/virtualMachineScaleSets/write |
No |
Creates a new Virtual Machine Scale Set or updates an existing one. Required by the Auto Scale management feature |
Microsoft.Insights/AutoscaleSettings/Read |
No |
Read an autoscale setting. Required by the Auto Scale management feature |
Microsoft.Insights/AutoscaleSettings/Write |
No |
Create or update an autoscale setting. Required by the Auto Scale management feature |
Microsoft.Insights/AutoscaleSettings/Delete |
No |
Delete an autoscale setting. Required by the Auto Scale management feature |
Microsoft.Network/connections/providers/Microsoft.Insights/diagnosticSettings/read |
Yes |
Gets diagnostic settings for Connections. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/backendAddressPools/backendPoolAddresses/read |
Yes |
Lists the backend addresses of the Load Balancer backend address pool. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/backendAddressPools/delete |
Yes |
Deletes a load balancer backend address pool. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/backendAddressPools/join/action |
Yes |
Joins a load balancer backend address pool. Not Alertable. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/backendAddressPools/read |
Yes |
Gets a load balancer backend address pool definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/backendAddressPools/write |
Yes |
Creates a load balancer backend address pool or updates an existing load balancer backend address pool. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/delete |
Yes |
Deletes a load balancer. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/join/action |
Yes |
Joins a Load Balancer Frontend IP Configuration. Not alertable. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/delete |
Yes |
Deletes a load balancer frontend IP address backend pool. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/join/action |
Yes |
Joins a load balancer frontend IP address backend pool. Not alertable. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/read |
Yes |
Gets a load balancer frontend IP address backend pool definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/loadBalancerPools/write |
Yes |
Creates a load balancer frontend IP address backend pool or updates an existing public IP Address load balancer backend pool. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/frontendIPConfigurations/read |
Yes |
Gets a load balancer frontend IP configuration definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/inboundNatPools/read |
Yes |
Gets a load balancer inbound nat pool definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/inboundNatRules/read |
Yes |
Gets a load balancer inbound nat rule definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/loadBalancingRules/read |
Yes |
Gets a load balancer load balancing rule definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/networkInterfaces/read |
Yes |
Gets references to all the network interfaces under a load balancer. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/outboundRules/read |
Yes |
Gets a load balancer outbound rule definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/probes/join/action |
Yes |
Allows using probes of a load balancer. For example, with this permission healthProbe property of VM scale set can reference the probe. Not alertable. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/probes/read |
Yes |
Gets a load balancer probe. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Gets the Load Balancer Diagnostic Settings. Required to manage Load Balancers. Required to use the “minimizing downtime” option |
Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read |
No |
Gets the available metrics for Load Balancer. Required to manage Load Balancers. Required to use the “minimizing downtime” option |
Microsoft.Network/loadBalancers/read |
Yes |
Gets a load balancer definition. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/virtualMachines/read |
Yes |
Gets references to all the virtual machines under a load balancer. Required to manage Load Balancers |
Microsoft.Network/loadBalancers/write |
Yes |
Creates a load balancer or updates an existing load balancer. Required to manage Load Balancers |
Microsoft.Network/networkInterfaces/delete |
Yes |
Deletes a network interface. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action |
Yes |
Get Network Security Groups configured On Network Interface Of The Vm. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/effectiveRouteTable/action |
Yes |
Get Route Table configured On Network Interface Of The Vm. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/ipconfigurations/join/action |
Yes |
Joins a Network Interface IP Configuration. Not alertable. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/ipconfigurations/read |
Yes |
Gets a network interface IP configuration definition. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/join/action |
Yes |
Joins a Virtual Machine to a network interface. Not Alertable. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/loadBalancers/read |
Yes |
Gets all the load balancers that the network interface is part of. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read |
No |
Gets available metrics for the Network Interface. Required to manage Network Interfaces. Required to use the “minimizing downtime” option |
Microsoft.Network/networkInterfaces/read |
Yes |
Gets a network interface definition. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/UpdateParentNicAttachmentOnElasticNic/action |
Yes |
Updates the parent NIC associated to the elastic NIC. Required to manage Network Interfaces |
Microsoft.Network/networkInterfaces/write |
Yes |
Creates a network interface or updates an existing network interface. Required to manage Network Interfaces |
Microsoft.Network/networkProfiles/read |
Yes |
Gets a Network Profile. Required to manage Network Interfaces |
Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read |
Yes |
Gets a default security rule definition. Required to manage Network Security Groups |
Microsoft.Network/networkSecurityGroups/delete |
Yes |
Deletes a network security group. Required to manage Network Security Groups |
Microsoft.Network/networkSecurityGroups/join/action |
Yes |
Joins a network security group. Not Alertable. Required to manage Network Security Groups |
Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Gets the Network Security Groups Diagnostic Settings. Required to use the “minimizing downtime” option. Required to manage Network Security Groups |
Microsoft.Network/networkSecurityGroups/read |
Yes |
Gets a network security group definition. Required to manage Network Security Groups |
Microsoft.Network/networkSecurityGroups/securityRules/read |
Yes |
Gets a security rule definition. Required to manage Network Security Groups |
Microsoft.Network/networkSecurityGroups/write |
No |
Creates a network security group or updates an existing network security group. Required to manage Network Security Groups |
Microsoft.Network/publicIPAddresses/delete |
No |
Deletes a public IP address. Required to manage Public IP Addresses |
Microsoft.Network/publicIPAddresses/dnsAliases/read |
No |
Gets a Public IP Address Dns Alias resource. Required to manage Public IP Addresses |
Microsoft.Network/publicIPAddresses/join/action |
No |
Joins a public IP address. Not Alertable. Required to manage Public IP Addresses |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Get the diagnostic settings of Public IP Address. Required to manage Public IP Addresses. Required to use the “minimizing downtime” option |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read |
No |
Get the metrics definitions of Public IP Address. Required to manage Public IP Addresses. Required to use the “minimizing downtime” option |
Microsoft.Network/publicIPAddresses/read |
No |
Gets a public IP address definition. Required to manage Public IP Addresses |
Microsoft.Network/publicIPAddresses/write |
No |
Creates a public IP address or updates an existing public IP address. Required to manage Public IP Addresses |
Microsoft.Network/publicIPPrefixes/delete |
No |
Deletes A Public IP Prefix. Required to manage Public IP Addresses |
Microsoft.Network/publicIPPrefixes/join/action |
No |
Joins a PublicIPPrefix. Not alertable. Required to manage Public IP Addresses |
Microsoft.Network/publicIPPrefixes/read |
No |
Gets a Public IP Prefix Definition. Required to manage Public IP Addresses |
Microsoft.Network/publicIPPrefixes/write |
No |
Creates A Public IP Prefix Or Updates An Existing Public IP Prefix. Required to manage Public IP Addresses |
Microsoft.Network/operations/read |
Yes |
Get Available Operations. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read |
Yes |
Check if IP Address is available at the specified virtual network. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/customViews/read |
Yes |
Get definition of a custom view of Virtual Network. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/join/action |
Yes |
Joins a virtual network. Not Alertable. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/joinLoadBalancer/action |
Yes |
Joins a load balancer to virtual networks. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read |
No |
Get the diagnostic settings of Virtual Network. Permission required to manage Virtual Networks. Required to use the “minimizing downtime” option |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read |
No |
Gets available metrics for the PingMesh. Permission required to manage Virtual Networks. Required to use the “minimizing downtime” option |
Microsoft.Network/virtualNetworks/read |
Yes |
Get the virtual network definition. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read |
Yes |
Gets Contextual Service Endpoint Policies. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/delete |
Yes |
Deletes a virtual network subnet. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/join/action |
Yes |
Joins a virtual network. Not Alertable. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action |
Yes |
Joins a load balancer to virtual network subnets. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action |
Yes |
Joins resource such as storage account or SQL database to a subnet. Not alertable. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action |
Yes |
Prepares a subnet by applying necessary Network Policies. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/read |
Yes |
Gets a virtual network subnet definition. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read |
Yes |
Get the Resource Navigation Link definition. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read |
Yes |
Gets a Service Association Link Detail Definition. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read |
Yes |
Gets a Service Association Link definition. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action |
Yes |
Unprepare a subnet by removing the applied Network Policies. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/virtualMachines/read |
Yes |
Gets references to all the virtual machines in a virtual network subnet. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/subnets/write |
No |
Creates a virtual network subnet or updates an existing virtual network subnet. Permission required to manage Subnets |
Microsoft.Network/virtualNetworks/virtualMachines/read |
Yes |
Gets references to all the virtual machines in a virtual network. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/write |
No |
Creates a virtual network or updates an existing virtual network. Permission required to manage Virtual Networks |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write |
No |
Required to create a peering from virtual network A to virtual network B. Virtual network A must be a virtual network (Resource Manager). Permission required to manage Virtual Network Peerings |
Microsoft.Network/virtualNetworks/peer/action |
No |
Required to create a peering from virtual network B (Resource Manager) to virtual network A. Permission required to manage Virtual Network Peerings |
Microsoft.ClassicNetwork/virtualNetworks/peer/action |
No |
Required to create a peering from virtual network B (classic) to virtual network A. Permission required to manage Virtual Network Peerings |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read |
No |
Read a virtual network peering. Permission required to manage Virtual Network Peerings |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete |
No |
Delete a virtual network peering. Permission required to manage Virtual Network Peerings |
Microsoft.Resources/subscriptions/resourceGroups/read |
Yes |
Gets or lists resource groups. Required to manage Resource Groups |
Microsoft.Resources/subscriptions/resourceGroups/write |
No |
Creates or updates a resource group. Required to manage Resource Groups |
Microsoft.Authorization/roleAssignments/write |
No |
Create a role assignment at the specified scope. Permission required to manage Role Assignments |
Microsoft.Authorization/roleAssignments/delete |
No |
Delete a role assignment at the specified scope. Permission required to manage Role Assignments |
Microsoft.Storage/storageAccounts/read |
No |
Returns the list of storage accounts or gets the properties for the specified storage account |
Microsoft.Subscription/aliases/read |
Yes |
Get subscription alias. Required to validate Azure credentials into subscription |
Microsoft.Insights/MetricDefinitions/Read |
No |
Read metric definitions. Required to use the “minimizing downtime” option |
Microsoft.Insights/Components/Query/Read |
No |
Run queries against Application Insights logs. Required to use the “minimizing downtime” option |
Microsoft.Insights/Components/MetricDefinitions/Read |
No |
Reading Application Insights component metric definitions. Required to use the “minimizing downtime” option |
Microsoft.Insights/Components/Metrics/Read |
No |
Reading Application Insights component metrics. Required to use the “minimizing downtime” option |
Microsoft.Insights/MetricDefinitions/Microsoft.Insights/Read |
No |
Read metric definitions. Required to use the “minimizing downtime” option |
Microsoft.Insights/MetricDefinitions/providers/Microsoft.Insights/Read |
No |
Read metric definitions. Required to use the “minimizing downtime” option |
Microsoft.Insights/Metricnamespaces/Read |
No |
Read metric namespaces. Required to use the “minimizing downtime” option |
Microsoft.Insights/Metrics/Read |
No |
Read metrics. Required to use the “minimizing downtime” option |
Microsoft.Insights/Metrics/Microsoft.Insights/Read |
No |
Read metrics. Required to use the “minimizing downtime” option |
Microsoft.Insights/Metrics/providers/Metrics/Read |
No |
Read metrics. Required to use the “minimizing downtime” option |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/read |
No |
Get an agreement for a given marketplace virtual machine item Required to check if the legal terms were accepted when using an image provided by Denodo. |
Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write |
No |
Sign or Cancel an agreement for a given marketplace virtual machine item Required to automatically accept the legal terms when using an image provided by Denodo. |
Automated Resource Group Management¶
When you create an Automated Cloud Mode (Azure) environment, you can create a new Resource Group or use an existing one.
If you do not want to allow the Solution Manager to create new Resource Groups, you can remove the write permission.
Permission |
|
---|---|
Microsoft.Resources/subscriptions/resourceGroups/read |
Gets or lists resource groups |
Microsoft.Resources/subscriptions/resourceGroups/write |
Creates or updates a resource group |
Automated Virtual Network Management¶
When you create an Automated Cloud Mode (Azure) environment, you can choose if you want the Solution Manager to create a new Virtual Network for the Virtual Machines or use an existing one.
If you do not want to allow the Solution Manager to create new Virtual Networks, you can remove the write permission.
Permission |
|
---|---|
Microsoft.Network/operations/read |
Get Available Operations |
Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read |
Check if IP Address is available at the specified virtual network |
Microsoft.Network/virtualNetworks/customViews/read |
Get definition of a custom view of Virtual Network |
Microsoft.Network/virtualNetworks/join/action |
Joins a virtual network. Not Alertable |
Microsoft.Network/virtualNetworks/joinLoadBalancer/action |
Joins a load balancer to virtual networks |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read |
Get the diagnostic settings of Virtual Network |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read |
Gets available metrics for the PingMesh |
Microsoft.Network/virtualNetworks/read |
Get the virtual network definition |
Microsoft.Network/virtualNetworks/virtualMachines/read |
Gets references to all the virtual machines in a virtual network |
Microsoft.Network/virtualNetworks/write |
Creates a virtual network or updates an existing virtual network |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write |
Required to create a peering from virtual network A to virtual network B. Virtual network A must be a virtual network (Resource Manager) |
Microsoft.Network/virtualNetworks/peer/action |
Required to create a peering from virtual network B (Resource Manager) to virtual network A |
Microsoft.ClassicNetwork/virtualNetworks/peer/action |
Required to create a peering from virtual network B (classic) to virtual network A |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read |
Read a virtual network peering |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete |
Delete a virtual network peering |
Microsoft.Network/publicIPAddresses/delete |
Deletes a public IP address |
Microsoft.Network/publicIPAddresses/dnsAliases/read |
Gets a Public IP Address Dns Alias resource |
Microsoft.Network/publicIPAddresses/join/action |
Joins a public IP address. Not Alertable |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read |
Get the diagnostic settings of Public IP Address |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read |
Get the metrics definitions of Public IP Address |
Microsoft.Network/publicIPAddresses/read |
Gets a public IP address definition |
Microsoft.Network/publicIPAddresses/write |
Creates a public IP address or updates an existing public IP address |
Microsoft.Network/publicIPPrefixes/delete |
Deletes A Public IP Prefix |
Microsoft.Network/publicIPPrefixes/join/action |
Joins a PublicIPPrefix. Not alertable |
Microsoft.Network/publicIPPrefixes/read |
Gets a Public IP Prefix Definition |
Microsoft.Network/publicIPPrefixes/write |
Creates A Public IP Prefix Or Updates An Existing Public IP Prefix |
Automated Subnet Management¶
When you create an Automated Cloud Mode (Azure) cluster, you can choose if you want the Solution Manager to create a new Subnet for the new components or use an existing one.
If you do not want to allow the Solution Manager to create new Subnets, you can remove the write permission.
Permission |
|
---|---|
Microsoft.Network/virtualNetworks/subnets/contextualServiceEndpointPolicies/read |
Gets Contextual Service Endpoint Policies |
Microsoft.Network/virtualNetworks/subnets/delete |
Deletes a virtual network subnet |
Microsoft.Network/virtualNetworks/subnets/join/action |
Joins a virtual network. Not Alertable |
Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action |
Joins a load balancer to virtual network subnets |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action |
Joins resource such as storage account or SQL database to a subnet. Not alertable |
Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action |
Prepares a subnet by applying necessary Network Policies |
Microsoft.Network/virtualNetworks/subnets/read |
Gets a virtual network subnet definition |
Microsoft.Network/virtualNetworks/subnets/resourceNavigationLinks/read |
Get the Resource Navigation Link definition |
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/details/read |
Gets a Service Association Link Detail Definition |
Microsoft.Network/virtualNetworks/subnets/serviceAssociationLinks/read |
Gets a Service Association Link definition |
Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action |
Unprepare a subnet by removing the applied Network Policies |
Microsoft.Network/virtualNetworks/subnets/virtualMachines/read |
Gets references to all the virtual machines in a virtual network subnet |
Microsoft.Network/virtualNetworks/subnets/write |
Creates a virtual network subnet or updates an existing virtual network subnet |
Automated Network Security Group Management¶
When you create an Automated Cloud Mode (Azure) cluster, you can choose if you want the Solution Manager to create a new Network Security Group for the new components or use an existing one.
If you do not want to allow the Solution Manager to create new Network Security Groups, you can remove the write permission.
Permission |
|
---|---|
Microsoft.Network/networkSecurityGroups/defaultSecurityRules/read |
Gets a default security rule definition |
Microsoft.Network/networkSecurityGroups/delete |
Deletes a network security group |
Microsoft.Network/networkSecurityGroups/join/action |
Joins a network security group. Not Alertable |
Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the Network Security Groups Diagnostic Settings. |
Microsoft.Network/networkSecurityGroups/read |
Gets a network security group definition |
Microsoft.Network/networkSecurityGroups/securityRules/read |
Gets a security rule definition |
Microsoft.Network/networkSecurityGroups/write |
Creates a network security group or updates an existing network security group |
Minimizing Downtime Option¶
When installing a Denodo Update or recreating an Automated Cloud Mode (Azure) cluster, the option minimizing downtime can be selected.
If you do not want to allow the Solution Manager to perform these tasks with the minimizing downtime option, you can remove the following permissions.
Permission |
|
---|---|
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the diagnostic setting for the Virtual Machine |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/diagnosticSettings/write |
Creates or updates the diagnostic setting for the Virtual Machine |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/logDefinitions/read |
Gets the available logs for Virtual Machine |
Microsoft.Compute/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read |
Reads Virtual Machine Metric Definitions |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the diagnostic setting for the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write |
Creates or updates the diagnostic setting for the Virtual Machine Scale set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read |
Gets the available logs for Virtual Machine Scale Sets |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read |
Reads Virtual Machine Scalet Set Metric Definitions |
Microsoft.Network/loadBalancers/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the Load Balancer Diagnostic Settings |
Microsoft.Network/loadBalancers/providers/Microsoft.Insights/metricDefinitions/read |
Gets the available metrics for Load Balancer |
Microsoft.Network/networkInterfaces/providers/Microsoft.Insights/metricDefinitions/read |
Gets available metrics for the Network Interface |
Microsoft.Network/networksecuritygroups/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the Network Security Groups Diagnostic Settings |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/diagnosticSettings/read |
Get the diagnostic settings of Public IP Address |
Microsoft.Network/publicIPAddresses/providers/Microsoft.Insights/metricDefinitions/read |
Get the metrics definitions of Public IP Address |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/diagnosticSettings/read |
Get the diagnostic settings of Virtual Network |
Microsoft.Network/virtualNetworks/providers/Microsoft.Insights/metricDefinitions/read |
Gets available metrics for the PingMesh |
Microsoft.Insights/MetricDefinitions/Read |
Read metric definitions |
Microsoft.Insights/Components/Query/Read |
Run queries against Application Insights logs |
Microsoft.Insights/Components/MetricDefinitions/Read |
Reading Application Insights component metric definitions |
Microsoft.Insights/Components/Metrics/Read |
Reading Application Insights component metrics |
Microsoft.Insights/MetricDefinitions/Microsoft.Insights/Read |
Read metric definitions |
Microsoft.Insights/MetricDefinitions/providers/Microsoft.Insights/Read |
Read metric definitions |
Microsoft.Insights/Metricnamespaces/Read |
Read metric namespaces |
Microsoft.Insights/Metrics/Read |
Read metrics |
Microsoft.Insights/Metrics/Microsoft.Insights/Read |
Read metrics |
Microsoft.Insights/Metrics/providers/Metrics/Read |
Read metrics |
Automated Auto Scale Set Management¶
When you create an Automated Cluster Mode (Azure) cluster, you can choose if you want the Solution Manager to launch the Virtual Machines in a Scale Set.
If you do not want to allow the Solution Manager to create and manage Scale Sets, you can remove the following permissions.
Permission |
|
---|---|
Microsoft.Compute/virtualMachineScaleSets/deallocate/action |
Powers off and releases the compute resources for the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/delete |
Deletes the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/delete/action |
Deletes the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/extensions/delete |
Deletes the Virtual Machine Scale Set Extension |
Microsoft.Compute/virtualMachineScaleSets/extensions/read |
Gets the properties of a Virtual Machine Scale Set Extension |
Microsoft.Compute/virtualMachineScaleSets/extensions/roles/read |
Gets the properties of a Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension |
Microsoft.Compute/virtualMachineScaleSets/extensions/roles/write |
Updates the properties of an existing Role in a Virtual Machine Scale Set with the Virtual Machine Runtime Service Extension |
Microsoft.Compute/virtualMachineScaleSets/extensions/write |
Creates a new Virtual Machine Scale Set Extension or updates an existing one |
Microsoft.Compute/virtualMachineScaleSets/forceRecoveryServiceFabricPlatformUpdateDomainWalk/action |
Manually walk the platform update domains of a service fabric Virtual Machine Scale Set to finish a pending update that is stuck |
Microsoft.Compute/virtualMachineScaleSets/instanceView/read |
Gets the instance view of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/manualUpgrade/action |
Manually updates instances to latest model of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/networkInterfaces/read |
Get properties of all network interfaces of a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/osRollingUpgrade/action |
Starts a rolling upgrade to move all Virtual Machine Scale Set instances to the latest available Platform Image OS version |
Microsoft.Compute/virtualMachineScaleSets/osUpgradeHistory/read |
Gets the history of OS upgrades for a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/performMaintenance/action |
Performs planned maintenance on the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/powerOff/action |
Powers off the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/read |
Gets the diagnostic setting for the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/diagnosticSettings/write |
Creates or updates the diagnostic setting for the Virtual Machine Scale set |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/logDefinitions/read |
Gets the available logs for Virtual Machine Scale Sets |
Microsoft.Compute/virtualMachineScaleSets/providers/Microsoft.Insights/metricDefinitions/read |
Reads Virtual Machine Scalet Set Metric Definitions |
Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses/read |
Get properties of all public IP addresses of a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/read |
Get the properties of a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/redeploy/action |
Redeploy the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/reimage/action |
Reimages the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/reimageAll/action |
Reimages all disks (OS Disk and Data Disks) for the instances of a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/restart/action |
Restarts the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/action |
Cancels the rolling upgrade of a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/rollingUpgrades/read |
Get latest Rolling Upgrade status for a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/scale/action |
Verify if an existing Virtual Machine Scale Set can Scale In/Scale Out to specified instance count |
Microsoft.Compute/virtualMachineScaleSets/setOrchestrationServiceState/action |
Sets the state of an orchestration service based on the action provided in operation input |
Microsoft.Compute/virtualMachineScaleSets/skus/read |
Lists the valid SKUs for an existing Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/start/action |
Starts the instances of the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/deallocate/action |
Powers off and releases the compute resources for a Virtual Machine in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/delete |
Delete a specific Virtual Machine in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/delete |
Deletes the extension for Virtual Machine in Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/read |
Get the properties of an extension for Virtual Machine in Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions/write |
Creates a new extension for Virtual Machine in Virtual Machine Scale Set or updates an existing one |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read |
Retrieves the instance view of a Virtual Machine in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/publicIPAddresses/read |
Get properties of public IP address created using Virtual Machine Scale Set. Virtual Machine Scale Set can create at most one public IP per ipconfiguration (private IP) |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/ipConfigurations/read |
Get properties of one or all IP configurations of a network interface created using Virtual Machine Scale Set. IP configurations represent private IPs |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces/read |
Get properties of one or all network interfaces of a virtual machine created using Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/performMaintenance/action |
Performs planned maintenance on a Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/powerOff/action |
Powers Off a Virtual Machine instance in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/providers/Microsoft.Insights/metricDefinitions/read |
Reads Virtual Machine in Scale Set Metric Definitions |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read |
Retrieves the properties of a Virtual Machine in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/redeploy/action |
Redeploys a Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimage/action |
Reimages a Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/reimageAll/action |
Reimages all disks (OS Disk and Data Disks) for Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/restart/action |
Restarts a Virtual Machine instance in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/retrieveBootDiagnosticsData/action |
Retrieves boot diagnostic logs blob URIs of Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommand/action |
Executes a predefined script on a Virtual Machine instance in a Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/delete |
Deletes the run command for Virtual Machine in Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/read |
Get the properties of a run command for Virtual Machine in Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/runCommands/write |
Creates a new run command for Virtual Machine in Virtual Machine Scale Set or updates an existing one |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/simulateEviction/action |
Simulates the eviction of spot Virtual Machine in Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/start/action |
Starts a Virtual Machine instance in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write |
Updates the properties of a Virtual Machine in a VM Scale Set |
Microsoft.Compute/virtualMachineScaleSets/vmSizes/read |
List available sizes for creating or updating a virtual machine in the Virtual Machine Scale Set |
Microsoft.Compute/virtualMachineScaleSets/write |
Creates a new Virtual Machine Scale Set or updates an existing one |
Microsoft.Insights/AutoscaleSettings/Read |
Read an autoscale setting |
Microsoft.Insights/AutoscaleSettings/Write |
Create or update an autoscale setting |
Microsoft.Insights/AutoscaleSettings/Delete |
Delete an autoscale setting |