Azure Cluster Permissions

Each cluster type has different permission requirements. For instructions on how to create a custom role in Azure, click here:

azurerm_basic_cluster

{
    "properties": {
        "roleName": "Genvid - Basic Cluster",
        "description": "Can create and manager Genvid basic cluster",
        "assignableScopes": [
            "/subscriptions/{subscriptionId}"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Authorization/roleAssignments/delete",
                    "Microsoft.Authorization/roleAssignments/read",
                    "Microsoft.Authorization/roleAssignments/write",
                    "Microsoft.Compute/disks/delete",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/galleries/images/versions/read",
                    "Microsoft.Compute/virtualMachines/delete",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Network/applicationSecurityGroups/delete",
                    "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action",
                    "Microsoft.Network/applicationSecurityGroups/read",
                    "Microsoft.Network/applicationSecurityGroups/write",
                    "Microsoft.Network/networkInterfaces/delete",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/networkSecurityGroups/delete",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/delete",
                    "Microsoft.Network/networkSecurityGroups/securityRules/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/write",
                    "Microsoft.Network/networkSecurityGroups/write",
                    "Microsoft.Network/publicIPAddresses/delete",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/write",
                    "Microsoft.Network/virtualNetworks/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/delete",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/virtualNetworks/subnets/write",
                    "Microsoft.Network/virtualNetworks/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/delete",
                    "Microsoft.Resources/subscriptions/resourcegroups/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/write"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

azurerm_basic_cluster_alb_ssl

{
    "properties": {
        "roleName": "Genvid - Basic Cluster Alb Ssl",
        "description": "Can create and manger a Genvid basic cluster with alb and ssl",
        "assignableScopes": [
            "/subscriptions/{subscriptionId}"
        ],
        "permissions":[
            {
                "actions": [
                    "Microsoft.Authorization/roleAssignments/delete",
                    "Microsoft.Authorization/roleAssignments/read",
                    "Microsoft.Authorization/roleAssignments/write",
                    "Microsoft.Compute/disks/delete",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/galleries/images/versions/read",
                    "Microsoft.Compute/virtualMachines/delete",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
                    "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
                    "Microsoft.ManagedIdentity/userAssignedIdentities/read",
                    "Microsoft.ManagedIdentity/userAssignedIdentities/write",
                    "Microsoft.Network/applicationGateways/delete",
                    "Microsoft.Network/applicationGateways/read",
                    "Microsoft.Network/applicationGateways/write",
                    "Microsoft.Network/applicationSecurityGroups/delete",
                    "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action",
                    "Microsoft.Network/applicationSecurityGroups/read",
                    "Microsoft.Network/applicationSecurityGroups/write",
                    "Microsoft.Network/dnsZones/A/delete",
                    "Microsoft.Network/dnsZones/A/read",
                    "Microsoft.Network/dnsZones/A/write",
                    "Microsoft.Network/networkInterfaces/delete",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/networkSecurityGroups/delete",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/delete",
                    "Microsoft.Network/networkSecurityGroups/securityRules/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/write",
                    "Microsoft.Network/networkSecurityGroups/write",
                    "Microsoft.Network/publicIPAddresses/delete",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/write",
                    "Microsoft.Network/virtualNetworks/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/delete",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/virtualNetworks/subnets/write",
                    "Microsoft.Network/virtualNetworks/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/delete",
                    "Microsoft.Resources/subscriptions/resourcegroups/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/write"
                ],
                "notActions":[],
                "dataActions":[],
                "notDataActions":[],
            }
        ]
    }
}

azurerm_setup_image

{
"properties": {
    "roleName": "Genvid - Setup Image",
    "description": "Can setup a Genvid image",
    "assignableScopes": [
        "/subscriptions/{subscriptionId}"
    ],
    "permissions":[
        {
            "actions": [
                "Microsoft.Compute/disks/delete",
                "Microsoft.Compute/disks/read",
                "Microsoft.Compute/galleries/images/versions/read",
                "Microsoft.Compute/virtualMachines/delete",
                "Microsoft.Compute/virtualMachines/powerOff/action",
                "Microsoft.Compute/virtualMachines/read",
                "Microsoft.Compute/virtualMachines/write",
                "Microsoft.Network/applicationSecurityGroups/delete",
                "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action",
                "Microsoft.Network/applicationSecurityGroups/read",
                "Microsoft.Network/applicationSecurityGroups/write",
                "Microsoft.Network/networkInterfaces/delete",
                "Microsoft.Network/networkInterfaces/join/action",
                "Microsoft.Network/networkInterfaces/read",
                "Microsoft.Network/networkInterfaces/write",
                "Microsoft.Network/networkSecurityGroups/delete",
                "Microsoft.Network/networkSecurityGroups/join/action",
                "Microsoft.Network/networkSecurityGroups/read",
                "Microsoft.Network/networkSecurityGroups/securityRules/delete",
                "Microsoft.Network/networkSecurityGroups/securityRules/read",
                "Microsoft.Network/networkSecurityGroups/securityRules/write",
                "Microsoft.Network/networkSecurityGroups/write",
                "Microsoft.Network/publicIPAddresses/delete",
                "Microsoft.Network/publicIPAddresses/join/action",
                "Microsoft.Network/publicIPAddresses/read",
                "Microsoft.Network/publicIPAddresses/write",
                "Microsoft.Network/virtualNetworks/delete",
                "Microsoft.Network/virtualNetworks/read",
                "Microsoft.Network/virtualNetworks/subnets/delete",
                "Microsoft.Network/virtualNetworks/subnets/join/action",
                "Microsoft.Network/virtualNetworks/subnets/read",
                "Microsoft.Network/virtualNetworks/subnets/write",
                "Microsoft.Network/virtualNetworks/write",
                "Microsoft.Resources/subscriptions/resourcegroups/delete",
                "Microsoft.Resources/subscriptions/resourcegroups/read",
                "Microsoft.Resources/subscriptions/resourcegroups/write"
            ],
            "notActions":[],
            "dataActions":[],
            "notDataActions":[],
        }
    ]
}

azurerm_save_image

{
    "properties": {
        "roleName": "Genvid - Save Image",
        "description": "Can save a Genvid image",
        "assignableScopes": [
            "/subscriptions/{subscriptionId}"
        ],
        "permissions":[
            {
                "actions": [
                    "Microsoft.Compute/disks/delete",
                    "Microsoft.Compute/disks/read",
                    "Microsoft.Compute/galleries/images/versions/read",
                    "Microsoft.Compute/virtualMachines/delete",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Network/applicationSecurityGroups/delete",
                    "Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action",
                    "Microsoft.Network/applicationSecurityGroups/read",
                    "Microsoft.Network/applicationSecurityGroups/write",
                    "Microsoft.Network/networkInterfaces/delete",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/networkSecurityGroups/delete",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/delete",
                    "Microsoft.Network/networkSecurityGroups/securityRules/read",
                    "Microsoft.Network/networkSecurityGroups/securityRules/write",
                    "Microsoft.Network/networkSecurityGroups/write",
                    "Microsoft.Network/publicIPAddresses/delete",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/write",
                    "Microsoft.Network/virtualNetworks/delete",
                    "Microsoft.Network/virtualNetworks/read",
                    "Microsoft.Network/virtualNetworks/subnets/delete",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Network/virtualNetworks/subnets/read",
                    "Microsoft.Network/virtualNetworks/subnets/write",
                    "Microsoft.Network/virtualNetworks/write",
                    "Microsoft.Resources/subscriptions/resourcegroups/delete",
                    "Microsoft.Resources/subscriptions/resourcegroups/read",
                    "Microsoft.Resources/subscriptions/resourcegroups/write"
                ],
                "notActions":[],
                "dataActions":[],
                "notDataActions":[]
                }
            ]
        }
    }

azurerm_shared_image

{
    "properties": {
        "roleName": "Genvid - Shared Images",
        "description": "Can manage Genvid shared images",
        "assignableScopes": [
            "/subscriptions/{subscriptionId}"
        ],
        "permissions":[
            {
                "actions": [
                    "Microsoft.Compute/galleries/images/read",
                    "Microsoft.Compute/galleries/images/versions/delete",
                    "Microsoft.Compute/galleries/images/versions/read",
                    "Microsoft.Compute/galleries/images/versions/write",
                    "Microsoft.Compute/images/delete",
                    "Microsoft.Compute/images/read",
                    "Microsoft.Compute/images/write",
                    "Microsoft.Storage/storageAccounts/listKeys/action"
                    "Microsoft.Storage/storageAccounts/read",
                ],
                "notActions":[],
                "dataActions":[],
                "notDataActions":[],
            }
        ]
    }
}