Automation-Pipeline-Examples/azlocal-update-management-custom-role.json
|
{
"Name": "Azure Stack HCI Update Operator (custom)", "IsCustom": true, "Description": "Customer-managed custom role - reference by roleDefinitionId (GUID) in automation rather than by name to remain stable if Microsoft later ships a built-in role with a similar display name. Can read and apply Azure Local cluster updates, manage UpdateRing tags, and read the fleet-connectivity inventory (Arc-enabled machines, edge-device NICs, Azure Resource Bridges) needed to assess pre-update connectivity.", "Actions": [ "Microsoft.AzureStackHCI/clusters/read", "Microsoft.AzureStackHCI/clusters/updateSummaries/read", "Microsoft.AzureStackHCI/clusters/updates/read", "Microsoft.AzureStackHCI/clusters/updates/apply/action", "Microsoft.AzureStackHCI/clusters/updates/updateRuns/read", "Microsoft.AzureStackHCI/edgeDevices/read", "Microsoft.HybridCompute/machines/read", "Microsoft.HybridCompute/machines/extensions/read", "Microsoft.ResourceConnector/appliances/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.ResourceGraph/resources/read", "Microsoft.Resources/tags/read", "Microsoft.Resources/tags/write" ], "NotActions": [], "DataActions": [], "NotDataActions": [], "AssignableScopes": [ "/providers/Microsoft.Management/managementGroups/<your-mg-id>" ] } |