Create a custome role in Azure
Start a CloudShell session by using Windows PowerShell. If prompted to create storage, select Show advanced settings. Then choose the existing resource group "Resourcegroup1, and specify a new storage account storageaccount1 and a new file share fileshare1. Use East US for the location.
Use the following command to identify the operations associated with virtual machines:
Get-AzProviderOperation "Microsoft.Compute/virtualmachines/*" | FT Operation, Description -AutoSize
Use the following command to retrieve the built-in role definition for Virtual Machine Contributor:
Get-AzRoleDefinition -Name "Virtual Machine Contributor" | ConvertTo-Json | Out-File $home\clouddrive\VMOperatorRole.jsonOpen the VMOperatorRole.json file in the code editor by using the following commands:
cd $home\clouddrivecode VMOperatorRole.jsonIn the code editor, update the following:
- Change the Name property value to:
Virtual Machine Operator - Delete the line with the Id property
- Change the IsCustom property value to:
true - Change the Description property value to:
Lets you view, start and stop virtual machines. - Change the list of actions so that it contains only 3 actions (with no comma on end of the last one):
"Microsoft.Compute/*/read","Microsoft.Compute/virtualMachines/start/action","Microsoft.Compute/virtualMachines/deallocate/action"
- Change the Name property value to:
Save the file by selecting the ellipsis and choosing Save. Close the code editor.
Attempt to create the new custom role by executing the following statement:
New-AzRoleDefinition -InputFile "VMOperatorRole.json"
No comments:
Post a Comment