Creating custom role to use in RAZ-enabled Azure environment
Your Azure administrator can optionally create a custom role in the Azure subscription that can be used instead of Storage Blob Data Owner in a RAZ-enabled Azure environment.
The Azure administrator can optionally create a custom role with required
permissions to use instead of Storage Blob Data Owner. This role can be used to
register a RAZ-enabled Azure environment and to create Cloudera Data Hub clusters and Cloudera Operational Databases using the following policy
definition:
{
{
"properties": {
"roleName": "Cloudera CDP Storage Authorization",
"description": "Provide privileges that Cloudera CDP requires for storage access",
"assignableScopes": [
"/subscriptions/abce3e07-b32d-4b41-8c78-2bcaffe4ea27"
],
"permissions": [
{
"actions": ["Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"],
"notActions": [],
"dataActions": ["Microsoft.Storage/storageAccounts/blobServices/containers/blobs/manageOwnership/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/modifyPermissions/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action"
],
"notDataActions": []
}
]
}
}
