Azure Roles and Permissions
This topic describes the Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. applications and roles that CloudGuard uses to manage your accounts.
The applications, and the roles granted, give CloudGuard permission to manage specific entities (such as Security Groups, Instances, etc) in your Azure account.
Roles
The roles depend on if the account is managed as Read-Only or Manage.
You must create a new Web App/API application (and name it CloudGuard-Connect, for example)
-
Read-Only
You must add this Access Control role to the Web App/API application, in your subscription: Reader.
-
Manage
You must add these Access Control roles to the Web App/API application, in your subscription:
-
Reader
-
Network Contributor
-
Permissions
An administrator consent is necessary to add the API application permissions below:
-
Directory.Read.All
-
Reports.Read.All
-
Policy.Read.All
-
AccessReview.Read.All