Share via

What permission or role is necessary to access Iot Devices and Query explorers in Azure Iot Hub ?

Alexandre 346 Reputation points
2020-08-27T10:25:54.627+00:00

In Azure IoT-Hub (portal), IoT devices and Query explorers are not accessible to users who do not have at least the contributor role. There does not seem to be a built-in role to access these explorers so I would like to create a custom role : basically a Reader with additional permission to see the explorers.

However I can't find wichi authorizations / permissions are needed to see the Iot Device explorer and the Query explorer. Anyone knows where I can find that ?

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,143 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AshokPeddakotla-MSFT 29,811 Reputation points
    2020-08-27T12:19:47.727+00:00

    @Alexandre

    You can set the masterreader access which allows a user to view everything but not make changes.

    Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources. It's also known as identity and access management and appears in several locations in the Azure portal.

    To grant access to an Azure resource, you add a role assignment. Follow these steps to assign a role.

    • Click on the specific resource you want to provide access.
    • Click Access control (IAM).
    • Click the Role assignments tab to add/view the role assignments at this scope.
    • Select masterreader.
    • Specify the user details to add.

    20886-image.png

    Please refer Add or remove Azure role assignments using the Azure portal for more details.

    If the Azure built-in roles don't meet the specific needs of your organization, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.

    Please see Create or update Azure custom roles using the Azure portal for more details.

    Hope that helps. Do let us know if you have further queries.

    Please accept helpful responses as 'Answer', which will be helpful to others as well.

    1 person found this answer helpful.
  2. Jai Dhandapani 6 Reputation points
    2020-11-20T01:15:00.133+00:00

    Hi
    You have not mentioned what permissions to add to this custom role, pls list the permissions to add thanks.

    1 person found this answer helpful.
    0 comments
  3. AshokPeddakotla-MSFT 29,811 Reputation points
    2020-09-09T14:06:28.453+00:00

    @Alexandre
    To receive notifications when answer is posted on the question you have asked or you follow, click on your Avatar, and then Settings. Make sure you have an email for notifications. Then, on Q&A email notifications section, select Questions in tags you follow and click on Save.

    23563-image.png

    23564-image.png

    Regarding the specific question, as mentioned earlier, this role Allows a user to view everything but not make changes.

    To add or remove role assignments, you must have:

    Microsoft.Authorization/roleAssignments/write and Microsoft.Authorization/roleAssignments/delete permissions, such as User Access Administrator or Owner

    Kindly check Add or remove Azure role assignments using the Azure portal for more details.

    Please accept helpful responses as 'Answer' and 'Up vote' which will be helpful to others as well.