question

PaceJamesMTIIGF-8431 avatar image
0 Votes"
PaceJamesMTIIGF-8431 asked TravisCragg-MSFT answered

What Azure Role or Permission is required to Modify IP configurations on Network Adapters

When using the Network Contributor role in Azure, I am unable to modify/edit an existing IP configuration on a Network Interface. When using Contributor, it works fine. Network Contributor is assigned on the resource group and is being inherited on the Network Interface.

132732-image.png

What I am trying to achieve: With least privileges possible, I want to allow a user to switch the Private IP address setting between Dynamic or Static.

I am trying to avoid having to give Contributor access to the entire resource group. I am happy to create a Custom Role, but am unable to determine which Permissions to add to allow this capability. Does anyone know?


Error when attempting to Edit an existing configuration:

132763-image.png


Incidentally, when attempting to Add a configuration, I am also unable to with Network Contributor, and receive this error message:

Error when attempting to Add:
132756-image.png

azure-rbacazure-virtual-machines-networking
image.png (35.6 KiB)
image.png (22.8 KiB)
image.png (19.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TravisCragg-MSFT avatar image
0 Votes"
TravisCragg-MSFT answered

This was a fun one!

although the documentation states that just contributor permissions are needed on the NIC to make changes, to change the private IP address between dynamic and static, you will also need contributor permissions on the VNET as well. I tested this with read permissions on the VNET but got a permissions error (like this should have given).

giving contributor permissions to a VNET to those who should not have it is not a great situation, why do you want users to have permissions to change the private ip allocation type?


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.