Setting permissions for scanning Azure subscriptions
Overview
For every subscription whose virtual machines and cloud services you want to import via the Azure Inventory extension, you need to set up access rights.
Permissions required for scanning an Azure subscription
To configure required permissions, open Subscriptions from Azure Portal home page and take the following steps for each subscription that will be scanned:
- Click the subscription from the list of all subscriptions.
- In the navigation pane click Resource Providers. Check that the following resource providers are listed as registered:
- Microsoft.ClassicSubscription
- Microsoft.Subscription
- Microsoft.SqlVirtualMachine
- Microsoft.Sql
- Microsoft.Compute
- Microsoft.Resources
If any of them is not registered, run the Register action for it.
- In the navigation page for the same subscription, click Access Control.
- On the Check access tab, click Add role assignment.
- On the page that open, select Reader under Role > Job Function Roles.
- Proceed to the next page and add a user whose credentials will be used to authenticate when creating the Azure Inventory service connection.
- Proceed to the next page and click Review + assign to finish the role assignment.
On the Role assignments tab, you can see all current assignments.