Differences

This shows you the differences between two versions of the page.

--- cloud:azure [2024/07/22 19:36] – skipidar
+++ cloud:azure [2024/07/22 20:15] (current) – [IAM and Role Based Access Control] skipidar
@@ Line 169: / Line 169: @@
 {{https://s3.eu-central-1.amazonaws.com/alf-digital-wiki-pics/sharex/vKOYaMe0Ce.png}}
+Azure Custom Roles:
+  * https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles#custom-role-example
+IAM and Role Based Access Control
+<sxh java>
+{
+  "assignableScopes": [
+    "/"
+  ],
+  "description": "Allows for send access to Azure Service Bus resources.",
+  "id": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
+  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
+  "permissions": [
+    {
+      "actions": [
+        "Microsoft.ServiceBus/*/queues/read",
+        "Microsoft.ServiceBus/*/topics/read",
+        "Microsoft.ServiceBus/*/topics/subscriptions/read"
+      ],
+      "notActions": [],
+      "dataActions": [
+        "Microsoft.ServiceBus/*/send/action"
+      ],
+      "notDataActions": []
+    }
+  ],
+  "roleName": "Azure Service Bus Data Sender",
+  "roleType": "BuiltInRole",
+  "type": "Microsoft.Authorization/roleDefinitions"
+}
+</sxh>
+Custom role, which allows to assign roles to Azure API Managers.
+<sxh java>
+{
+  "Name": "APIM Role Assignment Manager",
+  "IsCustom": true,
+  "Description": "Allows managing role assignments for Azure API Management",
+  "Actions": [
+    "Microsoft.Authorization/*/write",
+    "Microsoft.Authorization/*/delete"
+  ],
+  "NotActions": [],
+  "DataActions": [],
+  "NotDataActions": [],
+  "AssignableScopes": [
+    "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.ApiManagement/service/<apim-service-name>"
+  ]
+}
+</sxh>