Custom RBAC for Web App

Question

Hello,

I'm creating a custom role so that my DevTestLab users can configure the Deployment Source of their application. I have added the types below to the built-in DevTest Lab User role, but it doesn't work.

                    "microsoft.web/sites/deployments/delete",
                    "microsoft.web/sites/deployments/read",
                    "microsoft.web/sites/deployments/write",
                    "microsoft.web/sites/config/*",
                    "Microsoft.Web/sites/slots/Write",
                    "microsoft.web/sites/slots/deployments/delete",
                    "microsoft.web/sites/slots/deployments/read",
                    "microsoft.web/sites/slots/deployments/write",
                    "Microsoft.Web/sites/slots/publish/Action"

Can you please help me find out what I'm missing? I would also appreciate it if you have any tips on how in the future, I can find the correct permission for the role.

Thank you!

Answer 1

Hi @Mas023 we are sorry to hear you're facing this issue while trying to create custom roles. It looks like you have the right configurations. Is the application you are trying to configure the Deployment Source for is only for an Azure Web App? have you checked the Azure AD logs to see if there are any errors or permission issues being logged? can you please share the Azure doc you followed to set up Azure RBAC permissions? -Grace