-1

I am trying to enhance my custom RBAC role by allowing users to reset their Linux VM

I couldn't able to find any exact role associated with the option for resetting the password for my Linux VM (see screenshot below)

enter image description here

Doing my own testing I found resetting password from Azure portal triggers the below API:

/subscriptions/xxxxxx/resourceGroups/xxxx/providers/Microsoft.Resources/deployments/VMAccessLinuxPasswordReset-20220824203332?api-version=2020-06-01

That means I have to provide Microsoft.Resources/deployments role to reset the password ? I was hesitant to give this access which can indirectly gives access to deploy any resources on RG level.

halfer
  • 19,824
  • 17
  • 99
  • 186
Jayendran
  • 9,638
  • 8
  • 60
  • 103

1 Answers1

0

So there is no such role exiting to achieve my desired results. As i mentioned earlier the current design (role) needs "Microsoft.Resources/deployments/*" to allow the VM Password Reset.

I submitted a feedback for this to azure https://feedback.azure.com/d365community/idea/75d7f38c-d934-ed11-a81b-000d3a04ded5 If you feel this could be something benefit for you, feel free to Upvote

Jayendran
  • 9,638
  • 8
  • 60
  • 103