Permissions for @turbot/azure-dns
Taking a look at permissions and associated grant levels for each permission for DNS:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.network/dnszones/read | metadata | get dns zone |
| microsoft.network/dnszones/write | admin | create or update dns zone |
| microsoft.network/dnszones/delete | admin | delete dns zone |
| microsoft.network/dnszones/providers/microsoft.insights/metricdefinitions/read | metadata | get dns zone metric definitions |
| microsoft.network/dnszones/providers/microsoft.insights/diagnosticsettings/read | metadata | get dns zone diagnostic settings |
| microsoft.network/dnszones/providers/microsoft.insights/diagnosticsettings/write | admin | create or update dns zone diagnostic settings |
| microsoft.network/dnsoperationresults/read | metadata | gets results of a dns operation |
| microsoft.network/dnsoperationstatuses/read | metadata | gets status of a dns operation |
| microsoft.network/dnszones/all/read | metadata | gets dns record sets across types |
| microsoft.network/dnszones/recordsets/read | metadata | gets dns record sets across types |
| microsoft.network/dnszones/a/read | metadata | get record set of type a |
| microsoft.network/dnszones/a/write | admin | create or update record set of type a |
| microsoft.network/dnszones/a/delete | admin | delete record set of type a |
| microsoft.network/dnszones/aaaa/read | metadata | get record set of type aaaa |
| microsoft.network/dnszones/aaaa/write | admin | create or update record set of type aaaa |
| microsoft.network/dnszones/aaaa/delete | admin | delete record set of type aaaa |
| microsoft.network/dnszones/ptr/read | metadata | get record set of type ptr |
| microsoft.network/dnszones/ptr/write | admin | create or update record set of type ptr |
| microsoft.network/dnszones/ptr/delete | admin | delete record set of type ptr |
| microsoft.network/dnszones/mx/read | metadata | get record set of type mx |
| microsoft.network/dnszones/mx/write | admin | create or update record set of type mx |
| microsoft.network/dnszones/mx/delete | admin | delete record set of type mx |
| microsoft.network/dnszones/txt/read | metadata | get record set of type txt |
| microsoft.network/dnszones/txt/write | admin | create or update record set of type txt |
| microsoft.network/dnszones/txt/delete | admin | delete record set of type txt |
| microsoft.network/dnszones/srv/read | metadata | get record set of type srv |
| microsoft.network/dnszones/srv/write | admin | create or update a record set of type ‘srv’ within a dns zone. the records specified will replace the current records in the record set. |
| microsoft.network/dnszones/srv/delete | admin | delete record set of type srv |
| microsoft.network/dnszones/cname/read | metadata | get record set of type cname |
| microsoft.network/dnszones/cname/write | admin | create or update record set of type cname |
| microsoft.network/dnszones/cname/delete | admin | delete record set of type cname |
| microsoft.network/dnszones/ns/read | metadata | gets dns record set of type ns |
| microsoft.network/dnszones/ns/write | admin | creates or updates dns record set of type ns |
| microsoft.network/dnszones/ns/delete | admin | deletes the dns record set of type ns |
| microsoft.network/dnszones/soa/read | metadata | gets dns record set of type soa |
| microsoft.network/dnszones/soa/write | admin | creates or updates dns record set of type soa |
| microsoft.network/dnszones/caa/read | metadata | get record set of type caa |
| microsoft.network/dnszones/caa/write | admin | create or update record set of type caa |
| microsoft.network/dnszones/caa/delete | admin | delete record set of type caa |
| microsoft.network/privatednszones/read | metadata | get private dns zone |
| microsoft.network/privatednszones/write | admin | create or update private dns zone |
| microsoft.network/privatednszones/delete | admin | delete private dns zone |
| microsoft.network/privatednszones/virtualnetworklinks/read | metadata | get private dns zone link to virtual network |
| microsoft.network/privatednszones/virtualnetworklinks/write | admin | create or update private dns zone link to virtual network |
| microsoft.network/privatednszones/virtualnetworklinks/delete | admin | delete private dns zone link to virtual network |
| microsoft.network/privatednszones/a/read | metadata | get record set of type a |
| microsoft.network/privatednszones/a/write | admin | create or update record set of type a |
| microsoft.network/privatednszones/a/delete | admin | delete record set of type a |
| microsoft.network/privatednszones/aaaa/read | metadata | get record set of type aaaa |
| microsoft.network/privatednszones/aaaa/write | admin | create or update record set of type aaaa |
| microsoft.network/privatednszones/aaaa/delete | admin | delete record set of type aaaa |
| microsoft.network/privatednszones/cname/read | metadata | get record set of type cname |
| microsoft.network/privatednszones/cname/write | admin | create or update record set of type cname |
| microsoft.network/privatednszones/cname/delete | admin | delete record set of type cname |
| microsoft.network/privatednszones/mx/read | metadata | get record set of type mx |
| microsoft.network/privatednszones/mx/write | admin | create or update record set of type mx |
| microsoft.network/privatednszones/mx/delete | admin | delete record set of type mx |
| microsoft.network/privatednszones/ptr/read | metadata | get record set of type ptr |
| microsoft.network/privatednszones/ptr/write | admin | create or update record set of type ptr |
| microsoft.network/privatednszones/ptr/delete | admin | delete record set of type ptr |
| microsoft.network/privatednszones/soa/read | metadata | get record set of type soa |
| microsoft.network/privatednszones/soa/write | admin | update record set of type soa |
| microsoft.network/privatednszones/srv/read | metadata | get record set of type srv |
| microsoft.network/privatednszones/srv/write | admin | create or update record set of type srv |
| microsoft.network/privatednszones/srv/delete | admin | delete record set of type srv |
| microsoft.network/privatednszones/txt/read | metadata | get record set of type txt |
| microsoft.network/privatednszones/txt/write | admin | create or update record set of type txt |
| microsoft.network/privatednszones/txt/delete | admin | delete record set of type txt |
| microsoft.network/privatednszones/all/read | metadata | gets private dns record sets across types |
| microsoft.network/privatednszones/recordsets/read | metadata | gets private dns record sets across types |
| microsoft.network/privatednszones/join/action | admin | join private dns zone |
| microsoft.network/privatednszones/providers/microsoft.insights/diagnosticsettings/read | metadata | get private dns zone diagnostic settings |
| microsoft.network/privatednszones/providers/microsoft.insights/diagnosticsettings/write | admin | create or update private dns zone diagnostic settings |
| microsoft.network/privatednszones/providers/microsoft.insights/metricdefinitions/read | metadata | get private dns zone metric definitions |
| microsoft.network/privatednszonesinternal/action | admin | executes private dns zones internal apis |
| microsoft.resources/deployments/cancel/action | admin | admin level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | admin | admin level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | metadata | |
| microsoft.resources/deployments/read | metadata | |
| microsoft.resources/deployments/validate/action | admin | |
| microsoft.resources/deployments/write | admin | admin level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/subscriptions/resourcegroups/read | metadata |