@turbot/azure
The azure mod contains resource, control and policy definitions for Azure Azure service.
Resource Types
Resource types covered by this mod:
- Azure > Azure
- Azure > Azure > Management Group
- Azure > Azure > Resource Group
- Azure > Azure > Subscription
- Azure > Azure > Tenant
Permissions
Taking a look at permissions and associated grant levels for each permission for Azure:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.resources/deployments/cancel/action | Operator | Operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | Operator | Operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | Metadata | |
| microsoft.resources/deployments/read | Metadata | |
| microsoft.resources/deployments/validate/action | Operator | |
| microsoft.resources/deployments/write | Operator | Operator level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/links/delete | Admin | Admin can delete resource link between the specified resources. |
| microsoft.resources/links/read | Metadata | Gets or lists resource links. |
| microsoft.resources/links/write | Admin | Admin can create resource link between the specified resources. |
| microsoft.resources/marketplace/purchase/action | Admin | |
| microsoft.resources/providers/read | Metadata | |
| microsoft.resources/resources/read | Metadata | |
| microsoft.resources/subscriptions/locations/read | Metadata | |
| microsoft.resources/subscriptions/operationresults/read | Metadata | |
| microsoft.resources/subscriptions/providers/read | Metadata | |
| microsoft.resources/subscriptions/read | Metadata | |
| microsoft.resources/subscriptions/resourcegroups/delete | Admin | |
| microsoft.resources/subscriptions/resourcegroups/moveResources/action | Admin | Validates whether resources can be moved from one resource group to another resource group. |
| microsoft.resources/subscriptions/resourcegroups/read | Metadata | |
| microsoft.resources/subscriptions/resourcegroups/validateMoveResources/action | Operator | |
| microsoft.resources/subscriptions/resourcegroups/write | Admin | This permission is also used for applying tag in resource group. Hence tagging operation now assigned to Admin. |
| microsoft.resources/subscriptions/resourcegroups/deployments/operations/read | Metadata | |
| microsoft.resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Metadata | |
| microsoft.resources/subscriptions/resourcegroups/deployments/read | Metadata | |
| microsoft.resources/subscriptions/resourcegroups/deployments/write | Admin | |
| microsoft.resources/subscriptions/resourcegroups/resources/read | Metadata | |
| microsoft.resources/subscriptions/resources/read | Metadata | |
| microsoft.resources/subscriptions/tagNames/delete | Admin | Assigned to Admin over Operator as this execution requires resourceGroups/write permission which is assigned to Admin. |
| microsoft.resources/subscriptions/tagNames/read | Metadata | |
| microsoft.resources/subscriptions/tagNames/tagValues/delete | Admin | Assigned to Admin over Operator as this execution requires resourceGroups/write permission which is assigned to Admin. |
| microsoft.resources/subscriptions/tagNames/tagValues/read | Metadata | |
| microsoft.resources/subscriptions/tagNames/tagValues/write | Admin | Assigned to Admin over Operator as this execution requires resourceGroups/write permission which is assigned to Admin. |
| microsoft.resources/subscriptions/tagNames/write | Admin | Assigned to Admin over Operator as this execution requires resourceGroups/write permission which is assigned to Admin. |
| microsoft.resources/tenants/read | Metadata | |
| microsoft.resources/tags/write | Operator | write tags |
| microsoft.resources/tags/delete | Operator | delete tags |
| microsoft.resources/tags/read | Metadata | read tags |