What role is required to be enabled at Subscription scope to enable Traffic Analytics for an Azure subscription.

Shridhar Srinivasan 220 Reputation points
2023-07-14T13:12:00.38+00:00

If your account has Reader role at Subscription scope, does that allow to enable Traffic Analytics.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
862 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Ernest King Arthur 0 Reputation points
    2023-07-14T14:26:42.96+00:00

    One of the following Azure built-in roles needs to be assigned to your account:
    1.Owner

    2.Contributor

    3.Network Contributor

    If none of the preceding built-in roles are assigned to your account, assign a custom role to your account. The custom role should support the following actions at the subscription level:

    • Microsoft.Network/applicationGateways/read
    • Microsoft.Network/connections/read
    • Microsoft.Network/loadBalancers/read
    • Microsoft.Network/localNetworkGateways/read
    • Microsoft.Network/networkInterfaces/read
    • Microsoft.Network/networkSecurityGroups/read
    • Microsoft.Network/publicIPAddresses/read"
    • Microsoft.Network/routeTables/read
    • Microsoft.Network/virtualNetworkGateways/read
    • Microsoft.Network/virtualNetworks/read
    • Microsoft.Network/expressRouteCircuits/read
      Hope this helps.

  2. Sandeep G-MSFT 20,376 Reputation points Microsoft Employee
    2023-07-17T08:48:23.4966667+00:00

    @Shridhar Srinivasan

    With Reader role assigned on subscription scope, this means you can read all the resources of all types, except secrets.

    Enabling Traffic Analytics is an "Write" operation. Write operations cannot be performed under "Reader" role.

    As eKINGARTHUR mentioned you need any of the below roles assigned to account in order to Enable or disable traffic Analytics.

    Let us know if you have any further questions.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.