The following role definition outlines the minimum permissions required to create a
custom role for Cloudera DataFlow. The permissions are listed in the
Actions section, so that Cloudera DataFlow can access
resources and operate correctly.
When using the role defintiion, replace the following values:
- [YOUR-SUBSCRIPTION-ID]: Your subscription ID in
use.
- [YOUR-RESTRICTED-ROLE-NAME]: The custom role name which
is assigned to the application. For example: Cloudera Dataflow Azure Operator
for Single Resource Group
- [YOUR-RESOURCE-GROUP-NAME]: The original resource group
name.
{
"properties": {
"roleName": [YOUR-RESTRICTED-ROLE-NAME],
"description": "Custom restricted role for liftie",
"isCustom": true,
"assignableScopes": [
"/subscriptions/[YOUR-SUBSCRIPTION-ID]/resourceGroups/[YOUR-RESOURCE-GROUP-NAME]"
],
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/write",
"Microsoft.ContainerService/managedClusters/agentPools/read",
"Microsoft.ContainerService/managedClusters/agentPools/write",
"Microsoft.ContainerService/managedClusters/upgradeProfiles/read",
"Microsoft.ContainerService/managedClusters/agentPools/delete",
"Microsoft.ContainerService/managedClusters/delete",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
"Microsoft.ContainerService/managedClusters/agentPools/upgradeProfiles/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.Compute/virtualMachineScaleSets/write",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Insights/diagnosticSettings/write",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.DBforPostgreSQL/flexibleServers/write",
"Microsoft.DBforPostgreSQL/flexibleServers/delete",
"Microsoft.DBforPostgreSQL/flexibleServers/start/action",
"Microsoft.DBforPostgreSQL/flexibleServers/read",
"Microsoft.DBforPostgreSQL/flexibleServers/stop/action",
"Microsoft.MarketplaceOrdering/offertypes/publishers/offers/plans/agreements/write",
"Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}