From 45de67acbfe594fe9f745003ec64a31b209c5eec Mon Sep 17 00:00:00 2001 From: Jurjen Ladenius Date: Fri, 1 Jul 2022 11:45:31 +0200 Subject: [PATCH] Custom storage account roles --- Custom roles/Storage Data Contributor.json | 104 +++++++++++---------- Custom roles/Storage Data Reader.json | 52 +++++++++++ 2 files changed, 106 insertions(+), 50 deletions(-) create mode 100644 Custom roles/Storage Data Reader.json diff --git a/Custom roles/Storage Data Contributor.json b/Custom roles/Storage Data Contributor.json index 89db121..e86b465 100644 --- a/Custom roles/Storage Data Contributor.json +++ b/Custom roles/Storage Data Contributor.json @@ -1,49 +1,22 @@ { - "properties": { - "roleName": "Storage Data Contributor", - "description": "Allows for read, write and delete access to Azure Storage blob containers and data / tables and entities / queues and queue messages", - "assignableScopes": [ - "/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7", - "/subscriptions/3190b0fd-4a66-4636-a204-5b9f18be78a6", - "/subscriptions/0e4ba075-f7d9-4f31-860c-3cb8673f1f08", - "/subscriptions/2372e452-d101-4fb1-b9ed-664b8cd68e40", - "/subscriptions/86945e42-fa5a-4bbc-948f-3f5407f15d3e", - "/subscriptions/e6daa42b-c939-4ef9-b384-c0cec82b7757", - "/subscriptions/31b26889-ee10-480e-be6a-da5d8a58f19f", - "/subscriptions/8c282de4-a7df-458e-b151-e10ca7b49966", - "/subscriptions/0ecf52e9-a2b1-4938-b0b1-f7c1878de642", - "/subscriptions/70cae949-5013-4c40-b718-911dbf9b9a80", - "/subscriptions/f9ab522b-4895-492d-b8a8-ca6e1f60c2a8", - "/subscriptions/6e2b45e4-5e7b-4628-8827-ec44e23d2f6b", - "/subscriptions/2c20594a-bb4e-4103-8e3c-017f6ca01431", - "/subscriptions/54794e27-b714-4346-81bc-05eae7ccb5a5", - "/subscriptions/fced11a2-8ba7-4596-9ff4-de8b47713c48", - "/subscriptions/7feeb150-9ee0-4aea-992a-5f3a89d933e6", - "/subscriptions/4db5ca42-c8f1-4392-a9fc-96937874ef74", - "/subscriptions/5df09d5a-b1c1-48b8-b72c-ebe9b27e0e0c", - "/subscriptions/0c50e758-0cfb-4d35-9d52-b39ba918ce30", - "/subscriptions/5e1ac47a-0729-4546-b93f-469d92c5ac4a", - "/subscriptions/7cc36153-a8a4-4566-86bc-fec178ed176a", - "/subscriptions/31cb867e-4cb5-47d3-b12a-7692cf746376", - "/subscriptions/baed3117-d2f3-4289-977d-6d4429d9e983", - "/subscriptions/63cc34fe-1aea-4cef-8402-5869c9fff78b" ], - "permissions": [ - { - "actions": [ - "Microsoft.Storage/storageAccounts/blobServices/containers/delete", - "Microsoft.Storage/storageAccounts/blobServices/containers/read", - "Microsoft.Storage/storageAccounts/blobServices/containers/write", - "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action", - "Microsoft.Storage/storageAccounts/queueServices/queues/delete", - "Microsoft.Storage/storageAccounts/queueServices/queues/read", - "Microsoft.Storage/storageAccounts/queueServices/queues/write", - "Microsoft.Storage/storageAccounts/tableServices/tables/read", - "Microsoft.Storage/storageAccounts/tableServices/tables/write", - "Microsoft.Storage/storageAccounts/tableServices/tables/delete" - ], - "notActions": [], - "dataActions": [ - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", + "Id":"10a47b5b-4ee1-4c85-a108-05764d2ce4d6", + "Name":"Storage Data Contributor", + "Description":"Allows for read, write and delete access to Azure Storage blob containers and data / tables and entities / queues and queue messages.", + "Actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/delete", + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action", + "Microsoft.Storage/storageAccounts/queueServices/queues/delete", + "Microsoft.Storage/storageAccounts/queueServices/queues/read", + "Microsoft.Storage/storageAccounts/queueServices/queues/write", + "Microsoft.Storage/storageAccounts/tableServices/tables/read", + "Microsoft.Storage/storageAccounts/tableServices/tables/write", + "Microsoft.Storage/storageAccounts/tableServices/tables/delete" + ], + "NotActions": [], + "DataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete", "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write", "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action", @@ -57,9 +30,40 @@ "Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete", "Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action", "Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action" - ], - "notDataActions": [] - } - ] - } + ], + "NotDataActions": [], + "AssignableScopes": [ + "/subscriptions/3190b0fd-4a66-4636-a204-5b9f18be78a6", + "/subscriptions/30ce4e64-4299-4b93-91b8-4c953f63678e", + "/subscriptions/750d0421-da63-42fb-9f89-74aeb5dfe05b", + "/subscriptions/0e4ba075-f7d9-4f31-860c-3cb8673f1f08", + "/subscriptions/5e1ac47a-0729-4546-b93f-469d92c5ac4a", + "/subscriptions/2372e452-d101-4fb1-b9ed-664b8cd68e40", + "/subscriptions/23e654c9-ed9d-424e-b69a-6a0be116a3ce", + "/subscriptions/63cc34fe-1aea-4cef-8402-5869c9fff78b", + "/subscriptions/80eaaecd-37af-4e15-9384-d5729b096740", + "/subscriptions/14c2354d-45a9-4e0f-98ff-be58cdbcddc7", + "/subscriptions/86945e42-fa5a-4bbc-948f-3f5407f15d3e", + "/subscriptions/7cc36153-a8a4-4566-86bc-fec178ed176a", + "/subscriptions/e6daa42b-c939-4ef9-b384-c0cec82b7757", + "/subscriptions/31b26889-ee10-480e-be6a-da5d8a58f19f", + "/subscriptions/0f35097b-19f1-4baf-b548-f31bc71eccea", + "/subscriptions/8c282de4-a7df-458e-b151-e10ca7b49966", + "/subscriptions/0ecf52e9-a2b1-4938-b0b1-f7c1878de642", + "/subscriptions/31cb867e-4cb5-47d3-b12a-7692cf746376", + "/subscriptions/70cae949-5013-4c40-b718-911dbf9b9a80", + "/subscriptions/f9ab522b-4895-492d-b8a8-ca6e1f60c2a8", + "/subscriptions/6e2b45e4-5e7b-4628-8827-ec44e23d2f6b", + "/subscriptions/2c20594a-bb4e-4103-8e3c-017f6ca01431", + "/subscriptions/54794e27-b714-4346-81bc-05eae7ccb5a5", + "/subscriptions/2a07dfa7-69ee-4608-b2d5-14124fcccc31", + "/subscriptions/fced11a2-8ba7-4596-9ff4-de8b47713c48", + "/subscriptions/7feeb150-9ee0-4aea-992a-5f3a89d933e6", + "/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7", + "/subscriptions/4db5ca42-c8f1-4392-a9fc-96937874ef74", + "/subscriptions/5df09d5a-b1c1-48b8-b72c-ebe9b27e0e0c", + "/subscriptions/0c50e758-0cfb-4d35-9d52-b39ba918ce30", + "/subscriptions/baed3117-d2f3-4289-977d-6d4429d9e983", + "/subscriptions/eec75831-812e-4b06-a7a4-ec28a5126238" + ] } \ No newline at end of file diff --git a/Custom roles/Storage Data Reader.json b/Custom roles/Storage Data Reader.json new file mode 100644 index 0000000..7ba8296 --- /dev/null +++ b/Custom roles/Storage Data Reader.json @@ -0,0 +1,52 @@ +{ + "Id":"74abcecd-95bc-4d68-8de2-a14461c1b31c", + "Name":"Storage Data Reader", + "Description":"Allows for read access to Azure Storage blob containers and data / tables and entities / queues and queue messages.", + "Actions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/read", + "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action", + "Microsoft.Storage/storageAccounts/queueServices/queues/read", + "Microsoft.Storage/storageAccounts/tableServices/tables/read" + ], + "NotActions": [], + "DataActions": [ + "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read", + "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read", + "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read" + ], + "NotDataActions": [], + "AssignableScopes": [ + "/subscriptions/3190b0fd-4a66-4636-a204-5b9f18be78a6", + "/subscriptions/30ce4e64-4299-4b93-91b8-4c953f63678e", + "/subscriptions/750d0421-da63-42fb-9f89-74aeb5dfe05b", + "/subscriptions/0e4ba075-f7d9-4f31-860c-3cb8673f1f08", + "/subscriptions/5e1ac47a-0729-4546-b93f-469d92c5ac4a", + "/subscriptions/2372e452-d101-4fb1-b9ed-664b8cd68e40", + "/subscriptions/23e654c9-ed9d-424e-b69a-6a0be116a3ce", + "/subscriptions/63cc34fe-1aea-4cef-8402-5869c9fff78b", + "/subscriptions/80eaaecd-37af-4e15-9384-d5729b096740", + "/subscriptions/14c2354d-45a9-4e0f-98ff-be58cdbcddc7", + "/subscriptions/86945e42-fa5a-4bbc-948f-3f5407f15d3e", + "/subscriptions/7cc36153-a8a4-4566-86bc-fec178ed176a", + "/subscriptions/e6daa42b-c939-4ef9-b384-c0cec82b7757", + "/subscriptions/31b26889-ee10-480e-be6a-da5d8a58f19f", + "/subscriptions/0f35097b-19f1-4baf-b548-f31bc71eccea", + "/subscriptions/8c282de4-a7df-458e-b151-e10ca7b49966", + "/subscriptions/0ecf52e9-a2b1-4938-b0b1-f7c1878de642", + "/subscriptions/31cb867e-4cb5-47d3-b12a-7692cf746376", + "/subscriptions/70cae949-5013-4c40-b718-911dbf9b9a80", + "/subscriptions/f9ab522b-4895-492d-b8a8-ca6e1f60c2a8", + "/subscriptions/6e2b45e4-5e7b-4628-8827-ec44e23d2f6b", + "/subscriptions/2c20594a-bb4e-4103-8e3c-017f6ca01431", + "/subscriptions/54794e27-b714-4346-81bc-05eae7ccb5a5", + "/subscriptions/2a07dfa7-69ee-4608-b2d5-14124fcccc31", + "/subscriptions/fced11a2-8ba7-4596-9ff4-de8b47713c48", + "/subscriptions/7feeb150-9ee0-4aea-992a-5f3a89d933e6", + "/subscriptions/a134faf1-7a89-4f2c-8389-06d00bd5e2a7", + "/subscriptions/4db5ca42-c8f1-4392-a9fc-96937874ef74", + "/subscriptions/5df09d5a-b1c1-48b8-b72c-ebe9b27e0e0c", + "/subscriptions/0c50e758-0cfb-4d35-9d52-b39ba918ce30", + "/subscriptions/baed3117-d2f3-4289-977d-6d4429d9e983", + "/subscriptions/eec75831-812e-4b06-a7a4-ec28a5126238" + ] + }