diff --git a/src/deployment/deployment-role.json b/src/deployment/deployment-role.json index 03b1bb8af3..96eef9ae97 100644 --- a/src/deployment/deployment-role.json +++ b/src/deployment/deployment-role.json @@ -1,39 +1,42 @@ { - "Name": "OneFuzz Deployment", - "Description": "Permissions required for OneFuzz deployment", - "Actions": [ - "Microsoft.Authorization/locks/*", - "Microsoft.Keyvault/vaults/*", - "Microsoft.Authorization/roleAssignments/write", - "Microsoft.EventGrid/eventSubscriptions/read", - "Microsoft.EventGrid/eventSubscriptions/write", - "Microsoft.Insights/components/read", - "Microsoft.Insights/components/write", - "Microsoft.Resources/deployments/operationStatuses/read", - "Microsoft.Resources/deployments/read", - "Microsoft.Resources/deployments/write", - "Microsoft.Resources/deployments/validate/action", - "Microsoft.Resources/subscriptions/resourceGroups/read", - "Microsoft.Resources/subscriptions/resourceGroups/write", - "Microsoft.Resources/subscriptions/resourcegroups/delete", - "Microsoft.Storage/storageAccounts/blobServices/containers/write", - "Microsoft.Storage/storageAccounts/blobServices/write", - "Microsoft.Storage/storageAccounts/listKeys/action", - "Microsoft.Storage/storageAccounts/read", - "Microsoft.Storage/storageAccounts/write", - "Microsoft.Web/serverfarms/write", - "Microsoft.Web/serverfarms/read", - "Microsoft.Web/sites/config/list/action", - "Microsoft.Web/sites/config/read", - "Microsoft.Web/sites/config/write", - "Microsoft.Web/sites/publishxml/action", - "Microsoft.Web/sites/restart/action", - "Microsoft.Web/sites/read", - "Microsoft.Web/sites/write" - ], - "DataActions": [], - "NotDataActions": [], - "AssignableScopes": [ - "/subscriptions/038d675a-9bbe-4964-9cd1-6d50071a61b5" - ] + "Name": "OneFuzz Deployment", + "Description": "Permissions required for OneFuzz deployment", + "Actions": [ + "Microsoft.Authorization/locks/*", + "Microsoft.Authorization/roleAssignments/write", + "Microsoft.EventGrid/eventSubscriptions/read", + "Microsoft.EventGrid/eventSubscriptions/write", + "Microsoft.Insights/components/read", + "Microsoft.Insights/components/write", + "Microsoft.Keyvault/vaults/*", + "Microsoft.OperationalInsights/workspaces/datasources/write", + "Microsoft.OperationalInsights/workspaces/write", + "Microsoft.OperationsManagement/solutions/write", + "Microsoft.Resources/deployments/operationStatuses/read", + "Microsoft.Resources/deployments/read", + "Microsoft.Resources/deployments/validate/action", + "Microsoft.Resources/deployments/write", + "Microsoft.Resources/subscriptions/resourceGroups/read", + "Microsoft.Resources/subscriptions/resourceGroups/write", + "Microsoft.Resources/subscriptions/resourcegroups/delete", + "Microsoft.SignalRService/SignalR/listkeys/action", + "Microsoft.SignalRService/SignalR/write", + "Microsoft.Storage/storageAccounts/blobServices/containers/write", + "Microsoft.Storage/storageAccounts/blobServices/write", + "Microsoft.Storage/storageAccounts/listAccountSas/action", + "Microsoft.Storage/storageAccounts/listKeys/action", + "Microsoft.Storage/storageAccounts/read", + "Microsoft.Storage/storageAccounts/write", + "Microsoft.Web/serverfarms/read", + "Microsoft.Web/serverfarms/write", + "Microsoft.Web/sites/*", + "Microsoft.insights/autoscalesettings/write", + "Microsoft.insights/workbooks/write", + "Microsoft.ManagedIdentity/userAssignedIdentities/write" + ], + "DataActions": [], + "NotDataActions": [], + "AssignableScopes": [ + "/subscriptions/038d675a-9bbe-4964-9cd1-6d50071a61b5" + ] }