Reputation: 629
I am trying to list all resources in a Subscription using Rest API Call.
https://management.azure.com/subscriptions/{SubscriptionID}/resources?api-version=2021-04-01
It works fine when I run it with Built-In RBAC Role Reader Permissions. For security reasons, I wanted to avoid having read access to entire scope of subscription. So, I need to create a Custom Role with specific permissions\actions to list all Resources in a Subscription.
I am trying with below Custom Role but not able to get any response from Rest API call.
{
"properties": {
"roleName": "AzResourceTest",
"description": "To test the exact ACLs needed to get Resources List from a Subscription",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.Resources/resources/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
Can someone please suggest what should I use in actions to get resources.
Upvotes: 0
Views: 626
Reputation: 629
Got it. "Microsoft.Resources/subscriptions/resources/read" is the action for Custom Role to list resources in a subscription
Upvotes: 1