RBAC for creating Azure vm from custom image

Wool Sock 261 Reputation points
2023-04-04T09:33:14.3933333+00:00

We have given one of our teams virtual machine contributor to create vms in Azure. We have create few custom images but seems that team can't create vms from custom images because virtual machine contributor do not show those custom images. Are there any build in role (not owner / contributor) that would give access to create vms from custom images? If not what are needed permissions so I can considered custom rbac.

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
9,036 questions
0 comments No comments
{count} votes

Accepted answer
  1. vipullag-MSFT 26,487 Reputation points Moderator
    2023-04-04T10:55:11.8+00:00

    Hello Wool Sock

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    To create VMs from custom images, the user needs to have the Microsoft.Compute/images/read permission on the custom image. The Virtual Machine Contributor role does not have this permission by default. You can create a custom role with the required permissions and assign it to the user.

    Here are the steps to create a custom role:

    1. Create a JSON file with the following content:
    {
      "Name": "Custom VM Image Reader",
      "IsCustom": true,
      "Description": "Read access to custom VM images",
      "Actions": [
        "Microsoft.Compute/images/read"
      ],
      "NotActions": [],
      "DataActions": [],
      "NotDataActions": [],
      "AssignableScopes": [
        "/subscriptions/{subscriptionId}"
      ]
    }
    

    2.Replace {subscriptionId} with your subscription ID. 3.Use the following Azure CLI command to create the custom role:

       `az role definition create --role-definition /path/to/json/file.json`
    

    4.After the user is assigned the custom role, they should be able to create VMs from custom images. Hope this helps. If the suggested response helped you resolve your issue, please 'Accept as answer', so that it can help others in the community looking for help on similar topics.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.