jurjen.ladenius/Cloud-20Engineering
1
0
Fork 0
mirror of https://dev.azure.com/effectory/Survey%20Software/_git/Cloud%20Engineering synced 2026-02-27 18:52:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
snyk-fix-5dd9c7476612a6a0277f5be6d58104a8
Cloud-20Engineering/Powershell/Tools/Azure Custom Roles.ps1
Jurjen Ladenius bc24e238d6 New Snyk overview
2023-09-01 15:11:49 +02:00

46 lines
2.5 KiB
PowerShell
Raw Permalink Blame History

#Get-AzRoleDefinition 'Storage Data Contributor' | ConvertTo-Json
$fileName = "c:\temp\subscriptions.csv"
Get-AzSubscription | Export-Csv -Path $fileName -NoTypeInformation
Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Contributor.json'
Set-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Storage Data Reader.json'
New-AzRoleDefinition -InputFile 'C:\Repository\Cloud Engineering\Custom roles\Resource Lock Administrator.json'
#https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#built-in-role-definitions
set-azcontext -SubscriptionId 2161debe-6042-4633-b10e-de77c06cabc6
$resourceGroupName = "phasedrelease"
$accountName = "phasedrelease"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Reader" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/read', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/executeQuery', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/readChangeFeed') `
-AssignableScope "/"
New-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName -Type CustomRole -RoleName "Cosmos Data Contributor" `
-DataAction @( `
'Microsoft.DocumentDB/databaseAccounts/readMetadata',
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*', `
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*') `
-AssignableScope "/"
Get-AzCosmosDBSqlRoleDefinition -AccountName $accountName -ResourceGroupName $resourceGroupName
$principalId = "99dbd99f-9165-46a3-94d7-d8467121f0d1" # jimmy.van.den.berg@effectory.com
New-AzCosmosDBSqlRoleAssignment -AccountName $accountName -PrincipalId $principalId -ResourceGroupName $resourceGroupName -RoleDefinitionName "Cosmos Data Contributor" -Scope "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease"
Get-AzCosmosDBSqlRoleAssignment -AccountName $accountName -ResourceGroupName $resourceGroupName
Remove-AzCosmosDBSqlRoleAssignment -AccountName $accountName -Id "/subscriptions/2161debe-6042-4633-b10e-de77c06cabc6/resourceGroups/phasedrelease/providers/Microsoft.DocumentDB/databaseAccounts/phasedrelease/sqlRoleAssignments/cbc3170d-f815-4164-9044-eb9913eb909a" -ResourceGroupName $resourceGroupName
Reference in New Issue View Git Blame Copy Permalink