Permissions for @turbot/azure-networkwatcher
Taking a look at permissions and associated grant levels for each permission for Network Watcher:
| Permission | Grant Level | Help |
|---|---|---|
| microsoft.network/networkwatchers/read | metadata | Get Network Watcher |
| microsoft.network/networkwatchers/write | admin | Admin can create or update network watcher |
| microsoft.network/networkwatchers/delete | admin | Delete Network Watcher |
| microsoft.network/networkwatchers/configureflowlog/action | admin | Admin can Configure Flow Log |
| microsoft.network/networkwatchers/ipflowverify/action | admin | Verify Ip Flow |
| microsoft.network/networkwatchers/nexthop/action | operator | For a specified target and destination IP address return the next hop type and next hope IP address. |
| microsoft.network/networkwatchers/queryflowlogstatus/action | readonly | Gets the status of flow logging on a resource. |
| microsoft.network/networkwatchers/querytroubleshootresult/action | operator | Gets the troubleshooting result from the previously run or currently running troubleshooting operation |
| microsoft.network/networkwatchers/securitygroupview/action | readonly | View the configured and effective network security group rules applied on a VM. |
| microsoft.network/networkwatchers/networkconfigurationdiagnostic/action | metadata | Network Configuration Diagnostic |
| microsoft.network/networkwatchers/queryconnectionmonitors/action | metadata | Query Connection Monitors |
| microsoft.network/networkwatchers/topology/action | readonly | Gets a network level view of resources and their relationships in a resource group. |
| microsoft.network/networkwatchers/troubleshoot/action | operator | Starts troubleshooting on a Networking resource in Azure. |
| microsoft.network/networkwatchers/connectivitycheck/action | metadata | Check Connectivity |
| microsoft.network/networkwatchers/azurereachabilityreport/action | metadata | Get Azure Reachability Report |
| microsoft.network/networkwatchers/availableproviderslist/action | metadata | Get Available Providers List |
| microsoft.network/networkwatchers/packetcaptures/querystatus/action | metadata | Gets information about properties and status of a packet capture resource. |
| microsoft.network/networkwatchers/packetcaptures/stop/action | operator | Stop Packet Capture |
| microsoft.network/networkwatchers/packetcaptures/read | metadata | Get Packet Capture |
| microsoft.network/networkwatchers/packetcaptures/write | operator | Operator can create packet capture |
| microsoft.network/networkwatchers/packetcaptures/delete | operator | Operator can delete packet capture |
| microsoft.network/networkwatchers/connectionmonitors/start/action | metadata | Start Connection Monitor |
| microsoft.network/networkwatchers/connectionmonitors/stop/action | metadata | Stop Connection Monitor |
| microsoft.network/networkwatchers/connectionmonitors/query/action | metadata | Query Connection Monitor |
| microsoft.network/networkwatchers/connectionmonitors/read | metadata | Get Connection Monitor |
| microsoft.network/networkwatchers/connectionmonitors/write | admin | Create Connection Monitor |
| microsoft.network/networkwatchers/connectionmonitors/delete | admin | Delete Connection Monitor |
| microsoft.network/networkwatchers/lenses/start/action | metadata | Start Lens |
| microsoft.network/networkwatchers/lenses/stop/action | metadata | Stop Lens |
| microsoft.network/networkwatchers/lenses/query/action | metadata | Query Lens |
| microsoft.network/networkwatchers/lenses/read | metadata | Get Lens |
| microsoft.network/networkwatchers/lenses/write | admin | Create Lens |
| microsoft.network/networkwatchers/lenses/delete | admin | Delete Lens |
| microsoft.network/networkwatchers/connectionmonitors/providers/microsoft.insights/metricdefinitions/read | metadata | Read Connection Monitor metric definitions |
| microsoft.network/networkwatchers/pingmeshes/start/action | metadata | Start PingMesh |
| microsoft.network/networkwatchers/pingmeshes/stop/action | metadata | Stop PingMesh |
| microsoft.network/networkwatchers/pingmeshes/read | metadata | Get PingMesh |
| microsoft.network/networkwatchers/pingmeshes/write | admin | Create PingMesh |
| microsoft.network/networkwatchers/pingmeshes/delete | admin | Delete PingMesh |
| microsoft.network/networkwatchers/flowlogs/delete | admin | delete flow log |
| microsoft.network/networkwatchers/flowlogs/read | metadata | get flow log |
| microsoft.network/networkwatchers/flowlogs/write | admin | create flow log |
| microsoft.resources/deployments/cancel/action | operator | Operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/delete | operator | Operator level is safe as users still need the service specific write/delete permissions to deploy resources. |
| microsoft.resources/deployments/operations/read | metadata | |
| microsoft.resources/deployments/read | metadata | |
| microsoft.resources/deployments/validate/action | operator | |
| microsoft.resources/deployments/write | operator | Operator level is safe as users still need the service specific write permissions to deploy resources. |
| microsoft.resources/subscriptions/resourcegroups/read | metadata |