Permissions for @turbot/azure-applicationgateway
Taking a look at permissions and associated grant levels for each permission for Application Gateway Service:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.network/applicationgateways/read | metadata | get application gateway. |
| microsoft.network/applicationgateways/write | admin | create or update application gateway. this action will be whitelisted when azure explicit deny is released. |
| microsoft.network/applicationgateways/delete | admin | delete application gateway. this action will be whitelisted when azure explicit deny is released. |
| microsoft.network/applicationgateways/backendhealth/action | readonly | get an application gateway backend health |
| microsoft.network/applicationgateways/getbackendhealthondemand/action | metadata | get an application gateway backend health on demand |
| microsoft.network/applicationgateways/start/action | operator | start an application gateway |
| microsoft.network/applicationgateways/stop/action | operator | stop an application gateway |
| microsoft.network/applicationgateways/setsecuritycenterconfiguration/action | admin | set application gateway securitycenter configuration |
| microsoft.network/applicationgateways/effectivenetworksecuritygroups/action | metadata | get effective security groups of an application gateway |
| microsoft.network/applicationgateways/effectiveroutetable/action | metadata | get effective route table of an application gateway |
| microsoft.network/applicationgateways/backendaddresspools/join/action | admin | join application gateway backend address pool |
| microsoft.network/applicationgateways/providers/microsoft.insights/logdefinitions/read | readonly | gets the logs for application gateway |
| microsoft.network/applicationgateways/providers/microsoft.insights/metricdefinitions/read | metadata | read application gateway metric definitions |
| microsoft.resources/deployments/cancel/action | operator | operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | operator | operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | metadata | |
| microsoft.resources/deployments/read | metadata | |
| microsoft.resources/deployments/validate/action | operator | |
| microsoft.resources/deployments/write | operator | operator level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/subscriptions/resourcegroups/read | metadata |