Creating custom role to use in RAZ-enabled Azure environment

Your Azure administrator can optionally create a custom role in the Azure subscription that can be used instead of Storage Blob Data Owner in a RAZ-enabled Azure environment.

The Azure administrator can optionally create a custom role with required permissions to use instead of Storage Blob Data Owner. This role can be used to register a RAZ-enabled Azure environment and to create Cloudera Data Hub clusters and Cloudera Operational Databases using the following policy definition:
{
   {
        "properties": {    
            "roleName": "Cloudera CDP Storage Authorization",
            "description": "Provide privileges that Cloudera CDP requires for storage access",
            "assignableScopes": [
            "/subscriptions/abce3e07-b32d-4b41-8c78-2bcaffe4ea27"
            ],
            "permissions": [
                {
                    "actions": ["Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"],
                    "notActions": [],
                    "dataActions": ["Microsoft.Storage/storageAccounts/blobServices/containers/blobs/manageOwnership/action",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/action",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
                    "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action"
                            ],
                    "notDataActions": []
                }
            ]
        }
    }