Hi guys!
My client has created an automation account and I should manage automatic updates through scheduling.
He assigned me the role of Automation Operator but I can't see the Schedule update deployement entry in the Update management tab .
I tried with the role of Automation Job Operator but nothing.
What role is needed to be able to create a schedule for updates? Do I have to have a role for subscription?
Thanks!
It looks like the following permissions are needed as far as I can see.
You may want to use a custom RBAC role in this case for the exact permissions required.
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles
For those two permissions, I seem to understand that only the Contributor role has it, right?
The Log Analytics Contributor role has only this permission: Microsoft.OperationalInsights/workspaces/analytics/query/action
Maybe, it is better to create a custom RBAC role for more specific permissions for this automation account.
Thanks for your help @AlanKinane !
My client created a custom RBAC role and entered the two permissions:
Microsoft.compute/virtualMachines/write
Microsoft.OperationalInsights/workspaces/analytics/query/action
I can't see the Schedule update deployment entry in the Update management tab . Why??? I have these permissions:
This automation account is linked to the subscription and I I don't have a role on this subscription, could this be the reason?
@pluc7-4565 In order to create schedules within update management, you need access to the update management as well as the resources for which schedule is being created. As suggested by AlanKinane, the permissions required for it has been documented here.
In the above table, the Scope column mentions the location where permissions are required and Role column provides the information of what type of role is needed.
10 people are following this question.
