question

RakeshChandSharma-9933 avatar image
1 Vote"
RakeshChandSharma-9933 asked MarileeTurscak-MSFT edited

Custom Roles Azure

I created a custom role in azure at the management group level with following access to a particular Azure AD user

Create virtual machine, Delete virtual Machine
Create Virtual network, Delete virtual network

Now when i login to portal with the user , iam unable to see the existing VM and virtual network.

Kindly suggest if any other permission need to be provided.

azure-rbac
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

Hi @RakeshChandSharma-9933 ,

Make sure you have "read" permissions assigned. For the VM creation and deletion you need:

Microsoft.Compute/virtualMachines/read
Microsoft.Compute/virtualMachines/write
Microsoft.Compute/virtualMachines/delete

For the virtual networks you need:

Microsoft.ClassicNetwork/virtualNetworks/read
Microsoft.ClassicNetwork/virtualNetworks/write
Microsoft.ClassicNetwork/virtualNetworks/delete

Alternatively, you can assign the built-in Virtual Machine Contributor role to your user, which allows the user to create and delete virtual machines.

See: Azure Resource Provider Operations


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.