|
<< Click to Display Table of Contents >> Raynet One Data Hub > 2026.2 > Connectors > Alphabetic Connector List > Azure Compute > Prerequisites Required Permissions |
The Azure Compute connector uses Azure role-based access control (RBAC) rather than Microsoft Graph API permissions. The registered application's service principal must be assigned an appropriate role at the subscription level. The following two options are available:
Assign the built-in Reader role to the service principal at subscription level. This is the simplest configuration and grants read-only access to all Azure resources within the subscription.
As an alternative, a custom role can be created with only the specific Azure Resource Manager actions required by the connector. This provides the most restrictive access following the principle of least privilege.
The following table lists the required and optional actions for the custom role:
Action |
Necessity |
Description |
|---|---|---|
Microsoft.Resources/subscriptions/read |
mandatory |
Read subscription details. |
Microsoft.Compute/virtualMachines/read |
mandatory |
Read virtual machine properties. |
Microsoft.Compute/virtualMachines/instanceView/read |
mandatory |
Read the runtime status of a virtual machine. |
Microsoft.Network/networkInterfaces/read |
optional |
Read network interface details. Required when the connector option fetchNetworkInformation is enabled. |
Microsoft.Compute/virtualMachineScaleSets/read |
optional |
Read virtual machine scale set properties. Required when fetchScaleSets is enabled (default). |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read |
optional |
Read virtual machines within a scale set. Required when fetchScaleSets is enabled (default). |
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/instanceView/read |
optional |
Read the runtime status of virtual machines in a scale set. Required when fetchScaleSets is enabled (default). |
Microsoft.SqlVirtualMachine/sqlVirtualMachines/read |
optional |
Read SQL virtual machine details. Required when skipSQLVMs is set to false (default). |
Microsoft.Compute/skus/read |
optional |
Read available Azure compute SKUs. Required when fetchVMSKUs is enabled. |
Microsoft.Compute/hostGroups/read |
optional |
Read dedicated host group properties. Required when fetchDedicatedHosts is enabled. |
Microsoft.Compute/hostGroups/hosts/read |
optional |
Read dedicated host properties. Required when fetchDedicatedHosts is enabled. |
Microsoft.Compute/galleries/read |
optional |
Read Azure Compute Gallery properties. Required when fetchGalleryImages is enabled. |
The optional action Microsoft.Compute/galleries/images/read is also required when fetchGalleryImages is enabled, in addition to Microsoft.Compute/galleries/read.
The role assignment must be applied to the service principal of the registered application at the subscription scope. For environments with multiple Azure subscriptions, the role must be assigned for each subscription that the connector should access.