Blogginlägg

Azure Portal Dashboard Contributor

Av Peter Örneholm | Blogg | 14 januari 2019

With Azure RBAC you can delegate access on different scopes and with different allowed actions. The list of built in roles is comprehensive, but can of course not handle all available scenarios. One that I have lacked a couple of times is related to Portal Dashboards.

By default I like to lock down modification of resources for “human” accounts, and only allow service principals to create and modify but give read access to logs, Application Insights etc. But there is sometimes one exception, and that’s for the Portal Dashboards. I know you can automate the creation of them, but myself have found the syntax a bit tricky and also realized that dashboards tend to be something you want to experiment with a bit.

So, because you can create your own Role definitions I’ve put together a template that you can use to create a role called Portal Dashboard Contributor.

image

The template will give read, write and delete permissions:

  • Microsoft.Portal/dashboards/read
  • Microsoft.Portal/dashboards/write
  • Microsoft.Portal/dashboards/delete

Place it on either a Subscription to allow modification of all Dashboards within that, or preferably, on a specific resource group.

You will find the role template in this GitHub Gist:
https://gist.github.com/PeterOrneholm/356bf53bec9ce42bc3d560c7faed7e6b

Make sure to replace the scopes with whatever Subscription(s) you want to apply it to.

You will find more docs on how to create custom roles here:
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles

image
Till inlägget