add additional privilages required to deployment role (#808)

microsoft · Apr 16, 2021 · 6b634ff · 6b634ff
1 parent 404c123
commit 6b634ff
Showing 1 changed file with 40 additions and 37 deletions.
diff --git a/src/deployment/deployment-role.json b/src/deployment/deployment-role.json
@@ -1,39 +1,42 @@
 {
-    "Name": "OneFuzz Deployment",
-    "Description": "Permissions required for OneFuzz deployment",
-    "Actions": [
-        "Microsoft.Authorization/locks/*",
-        "Microsoft.Keyvault/vaults/*",
-        "Microsoft.Authorization/roleAssignments/write",
-        "Microsoft.EventGrid/eventSubscriptions/read",
-        "Microsoft.EventGrid/eventSubscriptions/write",
-        "Microsoft.Insights/components/read",
-        "Microsoft.Insights/components/write",
-        "Microsoft.Resources/deployments/operationStatuses/read",
-        "Microsoft.Resources/deployments/read",
-        "Microsoft.Resources/deployments/write",
-        "Microsoft.Resources/deployments/validate/action",
-        "Microsoft.Resources/subscriptions/resourceGroups/read",
-        "Microsoft.Resources/subscriptions/resourceGroups/write",
-        "Microsoft.Resources/subscriptions/resourcegroups/delete",
-        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
-        "Microsoft.Storage/storageAccounts/blobServices/write",
-        "Microsoft.Storage/storageAccounts/listKeys/action",
-        "Microsoft.Storage/storageAccounts/read",
-        "Microsoft.Storage/storageAccounts/write",
-        "Microsoft.Web/serverfarms/write",
-        "Microsoft.Web/serverfarms/read",
-        "Microsoft.Web/sites/config/list/action",
-        "Microsoft.Web/sites/config/read",
-        "Microsoft.Web/sites/config/write",
-        "Microsoft.Web/sites/publishxml/action",
-        "Microsoft.Web/sites/restart/action",
-        "Microsoft.Web/sites/read",
-        "Microsoft.Web/sites/write"
-    ],
-    "DataActions": [],
-    "NotDataActions": [],
-    "AssignableScopes": [
-        "/subscriptions/038d675a-9bbe-4964-9cd1-6d50071a61b5"
-    ]
+  "Name": "OneFuzz Deployment",
+  "Description": "Permissions required for OneFuzz deployment",
+  "Actions": [
+    "Microsoft.Authorization/locks/*",
+    "Microsoft.Authorization/roleAssignments/write",
+    "Microsoft.EventGrid/eventSubscriptions/read",
+    "Microsoft.EventGrid/eventSubscriptions/write",
+    "Microsoft.Insights/components/read",
+    "Microsoft.Insights/components/write",
+    "Microsoft.Keyvault/vaults/*",
+    "Microsoft.OperationalInsights/workspaces/datasources/write",
+    "Microsoft.OperationalInsights/workspaces/write",
+    "Microsoft.OperationsManagement/solutions/write",
+    "Microsoft.Resources/deployments/operationStatuses/read",
+    "Microsoft.Resources/deployments/read",
+    "Microsoft.Resources/deployments/validate/action",
+    "Microsoft.Resources/deployments/write",
+    "Microsoft.Resources/subscriptions/resourceGroups/read",
+    "Microsoft.Resources/subscriptions/resourceGroups/write",
+    "Microsoft.Resources/subscriptions/resourcegroups/delete",
+    "Microsoft.SignalRService/SignalR/listkeys/action",
+    "Microsoft.SignalRService/SignalR/write",
+    "Microsoft.Storage/storageAccounts/blobServices/containers/write",
+    "Microsoft.Storage/storageAccounts/blobServices/write",
+    "Microsoft.Storage/storageAccounts/listAccountSas/action",
+    "Microsoft.Storage/storageAccounts/listKeys/action",
+    "Microsoft.Storage/storageAccounts/read",
+    "Microsoft.Storage/storageAccounts/write",
+    "Microsoft.Web/serverfarms/read",
+    "Microsoft.Web/serverfarms/write",
+    "Microsoft.Web/sites/*",
+    "Microsoft.insights/autoscalesettings/write",
+    "Microsoft.insights/workbooks/write",
+    "Microsoft.ManagedIdentity/userAssignedIdentities/write"
+  ],
+  "DataActions": [],
+  "NotDataActions": [],
+  "AssignableScopes": [
+    "/subscriptions/038d675a-9bbe-4964-9cd1-6d50071a61b5"
+  ]
 }