Custom Roles Azure

Rakesh Chand Sharma 1 Reputation point
2021-09-07T07:48:30.637+00:00

I created a custom role in azure at the management group level with following access to a particular Azure AD user

Create virtual machine, Delete virtual Machine
Create Virtual network, Delete virtual network

Now when i login to portal with the user , iam unable to see the existing VM and virtual network.

Kindly suggest if any other permission need to be provided.

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
795 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 36,841 Reputation points Microsoft Employee
    2021-09-10T18:30:40.837+00:00

    Hi @Rakesh Chand Sharma ,

    Make sure you have "read" permissions assigned. For the VM creation and deletion you need:

    Microsoft.Compute/virtualMachines/read
    Microsoft.Compute/virtualMachines/write
    Microsoft.Compute/virtualMachines/delete

    For the virtual networks you need:

    Microsoft.ClassicNetwork/virtualNetworks/read
    Microsoft.ClassicNetwork/virtualNetworks/write
    Microsoft.ClassicNetwork/virtualNetworks/delete

    Alternatively, you can assign the built-in Virtual Machine Contributor role to your user, which allows the user to create and delete virtual machines.

    See: Azure Resource Provider Operations

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.