![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 2%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,196 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hi @Mayur ,
Welcome to Microsoft Q&A forum and thanks for reaching out.
You can achieve this by creating a custom role on the resource level (particular ADF service) or the resource group level by excluding the below permissions from Data Factory Contributor role
actionsand include them innotActions.
"notActions": [
"Microsoft.DataFactory/datafactories/linkedServices/delete",
"Microsoft.DataFactory/datafactories/linkedServices/write"
]
You can use the below JSON while creating custom role and just replace Subscription ID and Resource Group name with yours. Below JSON is to create custom role at Resource group level. In case if you would like create a custom role at resource level then in the below JSON for assignableScopes you need to provide the scope of the resource where you want to create it.
{
"id": "/subscriptions/<Your Subscription ID>/providers/Microsoft.Authorization/roleDefinitions/e5cb08f9-7a08-4b58-9f47-0a1ea4268ef5",
"properties": {
"roleName": "ADF Remove linked service actions",
"description": "This is to provide data factory contributor role with limited access to linked services",
"assignableScopes": [
"/subscriptions/<Your SubscriptionID>/resourceGroups/<Your Resource Group Name>"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/deployments/write",
"Microsoft.DataFactory/register/action",
"Microsoft.DataFactory/unregister/action",
"Microsoft.DataFactory/datafactories/read",
"Microsoft.DataFactory/datafactories/write",
"Microsoft.DataFactory/datafactories/delete",
"Microsoft.DataFactory/datafactories/activitywindows/read",
"Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/write",
"Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.DataFactory/datafactories/datasets/read",
"Microsoft.DataFactory/datafactories/datasets/delete",
"Microsoft.DataFactory/datafactories/datasets/write",
"Microsoft.DataFactory/datafactories/datasets/activitywindows/read",
"Microsoft.DataFactory/datafactories/datasets/sliceruns/read",
"Microsoft.DataFactory/datafactories/datasets/slices/read",
"Microsoft.DataFactory/datafactories/datasets/slices/write",
"Microsoft.DataFactory/datafactories/tables/read",
"Microsoft.DataFactory/datafactories/tables/delete",
"Microsoft.DataFactory/datafactories/tables/write",
"Microsoft.DataFactory/datafactories/gateways/read",
"Microsoft.DataFactory/datafactories/gateways/write",
"Microsoft.DataFactory/datafactories/gateways/delete",
"Microsoft.DataFactory/datafactories/gateways/connectioninfo/action",
"Microsoft.DataFactory/datafactories/gateways/listauthkeys/action",
"Microsoft.DataFactory/datafactories/gateways/regenerateauthkey/action",
"Microsoft.DataFactory/datafactories/linkedServices/read",
"Microsoft.DataFactory/datafactories/datapipelines/read",
"Microsoft.DataFactory/datafactories/datapipelines/delete",
"Microsoft.DataFactory/datafactories/datapipelines/pause/action",
"Microsoft.DataFactory/datafactories/datapipelines/resume/action",
"Microsoft.DataFactory/datafactories/datapipelines/update/action",
"Microsoft.DataFactory/datafactories/datapipelines/write",
"Microsoft.DataFactory/datafactories/datapipelines/activities/activitywindows/read",
"Microsoft.DataFactory/datafactories/datapipelines/activitywindows/read",
"Microsoft.DataFactory/datafactories/runs/loginfo/read",
"Microsoft.DataFactory/factories/read",
"Microsoft.DataFactory/factories/write",
"Microsoft.DataFactory/factories/delete",
"Microsoft.DataFactory/factories/createdataflowdebugsession/action",
"Microsoft.DataFactory/factories/startdataflowdebugsession/action",
"Microsoft.DataFactory/factories/addDataFlowToDebugSession/action",
"Microsoft.DataFactory/factories/executeDataFlowDebugCommand/action",
"Microsoft.DataFactory/factories/deletedataflowdebugsession/action",
"Microsoft.DataFactory/factories/querydataflowdebugsessions/action",
"Microsoft.DataFactory/factories/cancelpipelinerun/action",
"Microsoft.DataFactory/factories/cancelSandboxPipelineRun/action",
"Microsoft.DataFactory/factories/sandboxpipelineruns/action",
"Microsoft.DataFactory/factories/querytriggers/action",
"Microsoft.DataFactory/factories/getFeatureValue/action",
"Microsoft.DataFactory/factories/queryFeaturesValue/action",
"Microsoft.DataFactory/factories/getDataPlaneAccess/action",
"Microsoft.DataFactory/factories/getGitHubAccessToken/action",
"Microsoft.DataFactory/factories/querytriggerruns/action",
"Microsoft.DataFactory/factories/querypipelineruns/action",
"Microsoft.DataFactory/factories/querydebugpipelineruns/action",
"Microsoft.DataFactory/factories/getDataPlaneAccess/read",
"Microsoft.DataFactory/factories/getFeatureValue/read",
"Microsoft.DataFactory/factories/operationResults/read",
"Microsoft.DataFactory/factories/pipelineruns/read",
"Microsoft.DataFactory/factories/pipelineruns/cancel/action",
"Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/action",
"Microsoft.DataFactory/factories/pipelineruns/activityruns/read",
"Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/read",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/write",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.DataFactory/factories/queryFeaturesValue/read",
"Microsoft.DataFactory/factories/querypipelineruns/read",
"Microsoft.DataFactory/factories/querytriggerruns/read",
"Microsoft.DataFactory/factories/triggerruns/read",
"Microsoft.DataFactory/factories/dataflows/read",
"Microsoft.DataFactory/factories/dataflows/delete",
"Microsoft.DataFactory/factories/dataflows/write",
"Microsoft.DataFactory/factories/datasets/read",
"Microsoft.DataFactory/factories/datasets/delete",
"Microsoft.DataFactory/factories/datasets/write",
"Microsoft.DataFactory/factories/debugpipelineruns/cancel/action",
"Microsoft.DataFactory/factories/sandboxpipelineruns/read",
"Microsoft.DataFactory/factories/sandboxpipelineruns/sandboxActivityRuns/read",
"Microsoft.DataFactory/factories/integrationruntimes/read",
"Microsoft.DataFactory/factories/integrationruntimes/write",
"Microsoft.DataFactory/factories/integrationruntimes/delete",
"Microsoft.DataFactory/factories/integrationruntimes/start/action",
"Microsoft.DataFactory/factories/integrationruntimes/stop/action",
"Microsoft.DataFactory/factories/integrationruntimes/getconnectioninfo/action",
"Microsoft.DataFactory/factories/integrationruntimes/listauthkeys/action",
"Microsoft.DataFactory/factories/integrationruntimes/synccredentials/action",
"Microsoft.DataFactory/factories/integrationruntimes/upgrade/action",
"Microsoft.DataFactory/factories/integrationruntimes/createexpressshirinstalllink/action",
"Microsoft.DataFactory/factories/integrationruntimes/regenerateauthkey/action",
"Microsoft.DataFactory/factories/integrationruntimes/removelinks/action",
"Microsoft.DataFactory/factories/integrationruntimes/linkedIntegrationRuntime/action",
"Microsoft.DataFactory/factories/integrationruntimes/getObjectMetadata/action",
"Microsoft.DataFactory/factories/integrationruntimes/refreshObjectMetadata/action",
"Microsoft.DataFactory/factories/integrationruntimes/enableInteractiveQuery/action",
"Microsoft.DataFactory/factories/integrationruntimes/disableInteractiveQuery/action",
"Microsoft.DataFactory/factories/integrationruntimes/getstatus/read",
"Microsoft.DataFactory/factories/integrationruntimes/monitoringdata/read",
"Microsoft.DataFactory/factories/integrationruntimes/nodes/read",
"Microsoft.DataFactory/factories/integrationruntimes/nodes/delete",
"Microsoft.DataFactory/factories/integrationruntimes/nodes/write",
"Microsoft.DataFactory/factories/integrationruntimes/nodes/ipAddress/action",
"Microsoft.DataFactory/factories/linkedServices/read",
"Microsoft.DataFactory/factories/managedVirtualNetworks/read",
"Microsoft.DataFactory/factories/managedVirtualNetworks/write",
"Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/read",
"Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/write",
"Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/delete",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/read",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/write",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/delete",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/validate/action",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationresults/read",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationstatuses/read",
"Microsoft.DataFactory/factories/privateEndpointConnections/read",
"Microsoft.DataFactory/factories/privateEndpointConnections/write",
"Microsoft.DataFactory/factories/privateEndpointConnections/delete",
"Microsoft.DataFactory/factories/privateLinkResources/read",
"Microsoft.DataFactory/factories/pipelines/read",
"Microsoft.DataFactory/factories/pipelines/delete",
"Microsoft.DataFactory/factories/pipelines/write",
"Microsoft.DataFactory/factories/pipelines/createrun/action",
"Microsoft.DataFactory/factories/pipelines/sandbox/action",
"Microsoft.DataFactory/factories/pipelines/pipelineruns/read",
"Microsoft.DataFactory/factories/pipelines/pipelineruns/activityruns/progress/read",
"Microsoft.DataFactory/factories/pipelines/sandbox/create/action",
"Microsoft.DataFactory/factories/pipelines/sandbox/run/action",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.DataFactory/factories/triggers/read",
"Microsoft.DataFactory/factories/triggers/write",
"Microsoft.DataFactory/factories/triggers/delete",
"Microsoft.DataFactory/factories/triggers/subscribetoevents/action",
"Microsoft.DataFactory/factories/triggers/geteventsubscriptionstatus/action",
"Microsoft.DataFactory/factories/triggers/unsubscribefromevents/action",
"Microsoft.DataFactory/factories/triggers/querysubscriptionevents/action",
"Microsoft.DataFactory/factories/triggers/deletequeuedsubscriptionevents/action",
"Microsoft.DataFactory/factories/triggers/start/action",
"Microsoft.DataFactory/factories/triggers/stop/action",
"Microsoft.DataFactory/factories/triggers/triggerruns/read",
"Microsoft.DataFactory/factories/triggers/triggerruns/cancel/action",
"Microsoft.DataFactory/factories/triggers/triggerruns/rerun/action",
"Microsoft.DataFactory/locations/configureFactoryRepo/action",
"Microsoft.DataFactory/locations/getFeatureValue/action",
"Microsoft.DataFactory/locations/getFeatureValue/read",
"Microsoft.DataFactory/checkazuredatafactorynameavailability/read",
"Microsoft.DataFactory/operations/read"
],
"notActions": [
"Microsoft.DataFactory/datafactories/linkedServices/delete",
"Microsoft.DataFactory/datafactories/linkedServices/write"
],
"dataActions": [],
"notDataActions": []
}
]
}
}
In case if you are using data factory associated with source control, then you will already have a control of the changes submitted by developers while reviewing the pull request before merging.
Here are few helpful resources related to this requirement:
- Create or update Azure custom roles using the Azure portal
- Resource Provider Operations - Microsoft.DataFactory
Hope this info helps. Do let us know if you have further query.
----------
Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.