How a service administrator get enough permission to create azure custom roles -


i'm trying create custom role in azure (rbac). when execute powershell command new-azurermroledefinition here message saying i'm not authorized create it.

> new-azurermroledefinition .\developer_access_rbac.json   new-azurermroledefinition : authorizationfailed: client 'admin@company.com' object id '{guid}' not have authorization perform action 'microsoft.authorization/roledefinitions/write' on scope '/providers/microsoft.authorization/roledefinitions/{guid}'. @ line:1 char:1 + new-azurermroledefinition .\developer_access_rbac.json + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : closeerror: (:) [new-azurermroledefinition], cloudexception     + fullyqualifiederrorid : microsoft.azure.commands.resources.newazureroledefinitioncommand

i asked 1 of our administrators in our organization , says account admin@company.com global administrator. , in active directory admin@company.com displayed service administrator.

i'm little confused these permission levels in azure. can explain me how acquire needed permission account admin@company.com solving issue.

taken https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-custom-roles/#custom-roles-access-control:

who can create custom role? owners (and user access administrators) of subscriptions, resource groups, , resources can create custom roles use in scopes. user creating role needs able perform microsoft.authorization/roledefinition/write operation on assignablescopes of role.

who can modify custom role? owners (and user access administrators) of subscriptions, resource groups, , resources can modify custom roles in scopes. users need able perform microsoft.authorization/roledefinition/write operation on assignablescopes of custom role.

who can view custom roles? built-in roles in azure rbac allow viewing of roles available assignment. users can perform microsoft.authorization/roledefinition/read operation @ scope can view rbac roles available assignment @ scope.


Comments

Post a Comment

Popular posts from this blog

php - How to add and update images or image url in Volusion using Volusion API -

actually have store importing products store product data insert , update image or image url not insert , update. this xml code name datapro.txt. <products_joined> <productcode>3710_012t</productcode> <vendor_partno>eah5450silent/di/1gd3(lp)</vendor_partno> <productname>test product ta</productname> <hideproduct>n</hideproduct> <stockstatus>20</stockstatus> <lastmodified>1/5/2016 10:25:00 am</lastmodified> <lastmodby>2</lastmodby> <productweight>0.9</productweight> <productprice>100</productprice> <productmanufacturer>asus tek</productmanufacturer> <vendor_price>32.69</vendor_price> <numproductssharingstock>0</numproductssharingstock> <categoryids>107</categoryids> <producturl>http://tebkq.mvlce.servertrust.com/productdetails.asp?productcode=3710_012t</producturl...
Read more

Laravel mail error `Swift_TransportException in StreamBuffer.php line 269: Connection could not be established with host smtp.gmail.com [ #0]` -

i developing website contact-us page guest users can send me email using gmail . anytime try send mail using contact-us form, error swift_transportexception in streambuffer.php line 269: connection not established host smtp.gmail.com [ #0] this mail.php return [ 'driver' => env('mail_driver', 'smtp'), 'host' => env('mail_host', 'smtp.gmail.com'), 'port' => 587, 'from' => ['address' => '', 'name' => ''], 'encryption' => env('mail_encryption', 'tls'), 'username' => env('mail_username'), 'password' => env(mail_password), 'sendmail' => '/usr/sbin/sendmail -bs', 'pretend' => env('mail_pretend', false), ]; this .env mail_driver=smtp mail_host=smtp.gmail.com mail_port=587 mail_username=afecjaped@gmail.com mail_password=********...
Read more

c# SetCompatibleTextRenderingDefault must be called before the first -

i tried search exception couldn't find solution on case i'am using code below invoke .net application : assembly assem = assembly.load(data); methodinfo method = assem.entrypoint; var o = activator.createinstance(method.declaringtype); method.invoke(o, null); the application invoked has form , in entrypoint of application : [stathread] static void main() { application.enablevisualstyles(); application.setcompatibletextrenderingdefault(false); //exception application.run(new form1()); } setcompatibletextrenderingdefault must called before first iwin32window object created in application. edit : assembly = assembly.load(data); methodinfo method = a.gettype().getmethod("start"); var o = activator.createinstance(method.declaringtype); method.invoke(o, null); you should create new method skips initialization...
Read more