Created
January 14, 2022 10:37
-
-
Save Beelzenef/8c07905b222a879ed9be79ddde153d0d to your computer and use it in GitHub Desktop.
Script to create a custom role in Azure to access Monitor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Write-Host $("Creating a custom role...") | |
# Tomando un rol ya existente como base | |
$role = Get-AzRoleDefinition -Name "Monitoring Reader" | |
# Al ser nuevo rol, necesitamos que su ID sea null | |
$role.Id = $null | |
$role.Name = "Monitor viewer" | |
$role.Description = "Monitoring apps!" | |
$role.IsCustom = $true | |
# Eliminamos todas las actions, data actions y notdataactions del rol en el que nos hemos basdo | |
Write-Host $("Adding actions...") | |
$role.Actions.Clear() | |
$role.Actions.Add("Microsoft.Web/sites/config/list/action") | |
Write-Host $("Clearing data...") | |
$role.NotDataActions.Clear() | |
$role.DataActions.Clear() | |
# ¿Sobre qué scope opera? | |
Write-Host $("Adding scopes...") | |
$subId = Get-AzSubscription.Id | |
$role.AssignableScopes.Clear() | |
$role.AssignableScopes.Add("/subscriptions/" + $subId) | |
# Creación de un rol | |
Write-Host $("Creating a custom role...") | |
New-AzRoleDefinition -Role $role | |
# Confirmando que se ha creado el rol | |
$createdRole = Get-AzRoleDefinition -Name "Monitor viewer" | |
Write-Host $("Created a custom role: " + $createdRole.Name + " (" + $createdRole.Id + ")") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment