jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

New Snyk overview

Browse Source
This commit is contained in:
Jurjen Ladenius
2023-09-01 15:11:49 +02:00
parent 1d2a40ba50
commit bc24e238d6
4 changed files with 106 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Powershell/Tools/Azure Custom Roles.ps1
View File

@@ -8,4 +8,39 @@ Get-AzSubscription | Export-Csv -Path $fileName -NoTypeInformation
Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Contributor.json'
Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Reader.json'
New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'
New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'
#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions
set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6
$resourceGroupName = "phasedrelease"
$accountName = "phasedrelease"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') `
-AssignableScope "/"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') `
-AssignableScope "/"
Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName
$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease"
Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName
Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName