Permissions for @turbot/azure-aks
Taking a look at permissions and associated grant levels for each permission for AKS:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.containerservice/containerservices/read | metadata | Get Container Service |
| microsoft.containerservice/containerservices/write | admin | Create or Update Container Service |
| microsoft.containerservice/containerservices/delete | admin | Delete Container Service |
| microsoft.containerservice/managedclusters/read | metadata | Get Managed Cluster |
| microsoft.containerservice/managedclusters/write | admin | Create or Update Managed Cluster |
| microsoft.containerservice/managedclusters/delete | admin | Delete Managed Cluster |
| microsoft.containerservice/managedclusters/listclusteradmincredential/action | admin | List clusterAdmin credential |
| microsoft.containerservice/managedclusters/listclusterusercredential/action | admin | List clusterUser credential |
| microsoft.containerservice/managedclusters/resetserviceprincipalprofile/action | admin | Reset service principal profile |
| microsoft.containerservice/managedclusters/resetaadprofile/action | admin | Reset AAD profile |
| microsoft.containerservice/managedclusters/privateendpointconnectionsapproval/action | admin | Approve Private Endpoint Connections |
| microsoft.containerservice/managedclusters/providers/microsoft.insights/diagnosticsettings/read | metadata | Read Diagnostic Setting |
| microsoft.containerservice/managedclusters/providers/microsoft.insights/diagnosticsettings/write | admin | Write Diagnostic Setting |
| microsoft.containerservice/managedclusters/providers/microsoft.insights/metricdefinitions/read | metadata | Read Managed Cluster metric definitions |
| microsoft.containerservice/managedclusters/accessprofiles/read | metadata | Get Managed Cluster AccessProfile |
| microsoft.containerservice/managedclusters/accessprofiles/listcredential/action | admin | Get Managed Cluster AccessProfile by List Credential |
| microsoft.containerservice/managedclusters/providers/microsoft.insights/logdefinitions/read | metadata | Read Managed Cluster log definitions |
| microsoft.containerservice/locations/operations/read | metadata | Get Operation |
| microsoft.containerservice/locations/orchestrators/read | metadata | List Orchestrators |
| microsoft.containerservice/managedclusters/upgradeprofiles/read | metadata | Get UpgradeProfile |
| microsoft.containerservice/operations/read | metadata | List Available Container Service Operations |
| microsoft.containerservice/locations/operationresults/read | metadata | Get Operation Result |
| microsoft.containerservice/openshiftmanagedclusters/read | metadata | Get Open Shift Managed Cluster |
| microsoft.containerservice/openshiftmanagedclusters/write | admin | Create or Update Open Shift Managed Cluster |
| microsoft.containerservice/openshiftmanagedclusters/delete | admin | Delete Open Shift Managed Cluster |
| microsoft.containerservice/openshiftclusters/read | metadata | Get Open Shift Cluster |
| microsoft.containerservice/openshiftclusters/write | admin | Create or Update Open Shift Cluster |
| microsoft.containerservice/openshiftclusters/delete | admin | Delete Open Shift Cluster |
| microsoft.containerservice/managedclusters/agentpools/read | metadata | Get Agent Pool |
| microsoft.containerservice/managedclusters/agentpools/write | admin | Create or Update Agent Pool |
| microsoft.containerservice/managedclusters/agentpools/delete | admin | Delete Agent Pool |
| microsoft.containerservice/managedclusters/detectors/read | metadata | Get Managed Cluster Detector |
| microsoft.containerservice/managedclusters/agentpools/upgradeProfiles/read | metadata | Get Agent Pool UpgradeProfile |
| microsoft.containerservice/managedclusters/listclustermonitoringusercredential/action | admin | list clustermonitoringuser credential |
| microsoft.containerservice/managedclusters/rotateclustercertificates/action | admin | rotate certificates of the cluster |
| microsoft.containerservice/managedclusters/diagnosticsstate/read | metadata | get diagnostics state |
| microsoft.containerservice/managedclusters/availableagentpoolversions/read | metadata | get available agent pool versions |
| microsoft.containerservice/register/action | admin | register subscription for container service |
| microsoft.containerservice/unregister/action | admin | unregister subscription for container service |
| microsoft.resources/deployments/cancel/action | admin | admin level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | admin | admin level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | metadata | |
| microsoft.resources/deployments/read | metadata | |
| microsoft.resources/deployments/validate/action | admin | |
| microsoft.resources/deployments/write | admin | admin level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/subscriptions/resourcegroups/read | metadata |