Vinny
Vinny

Reputation: 629

Exact Permissions\actions needed to List Azure Resources using C# rest API

I am trying to list all resources in a Subscription using Rest API Call.

https://management.azure.com/subscriptions/{SubscriptionID}/resources?api-version=2021-04-01

It works fine when I run it with Built-In RBAC Role Reader Permissions. For security reasons, I wanted to avoid having read access to entire scope of subscription. So, I need to create a Custom Role with specific permissions\actions to list all Resources in a Subscription.

I am trying with below Custom Role but not able to get any response from Rest API call.

{
"properties": {
    "roleName": "AzResourceTest",
    "description": "To test the exact ACLs needed to get Resources List from a Subscription",
    "assignableScopes": [
        "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    ],
    "permissions": [
        {
            "actions": [
                "Microsoft.Resources/resources/read"
            ],
            "notActions": [],
            "dataActions": [],
            "notDataActions": []
        }
    ]
}

}

Can someone please suggest what should I use in actions to get resources.

Upvotes: 0

Views: 626

Answers (1)

Vinny
Vinny

Reputation: 629

Got it. "Microsoft.Resources/subscriptions/resources/read" is the action for Custom Role to list resources in a subscription

Upvotes: 1

Related Questions