Azure Roles and Permissions

This topic describes the AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. applications and roles that CloudGuard uses to manage your accounts.

The applications, and the roles granted, give CloudGuard permission to manage specific entities (such as Security Groups, Instances, etc) in your Azure account.

Roles

The roles depend on if the account is managed as Read-Only or Manage.

You must create a new Web App/API application (and name it CloudGuard-Connect, for example)

  • Read-Only

    You must add this Access Control role to the Web App/API application, in your subscription: Reader.

  • Manage

    You must add these Access Control roles to the Web App/API application, in your subscription:

    • Reader

    • Network Contributor

Permissions

An administrator consent is necessary to add the API application permissions below:

  • Directory.Read.All

  • Reports.Read.All

  • Policy.Read.All

  • AccessReview.Read.All