Update manage-with-azure-rbac.md

kalyaninamuduri · web-flow · commit 065ce5c6c8b2 · 2023-05-23T23:18:35.000+05:30
Updated permissions for start and stop
diff --git a/articles/sap/center-sap-solutions/manage-with-azure-rbac.md b/articles/sap/center-sap-solutions/manage-with-azure-rbac.md
@@ -300,6 +300,138 @@ To stop the SAP system from a VIS resource, a *user* and *user-assigned managed
 | `Microsoft.Compute/virtualMachines/extensions/write` |
 | `Microsoft.Compute/virtualMachines/instanceView/read` |
 
+## Start SAP Central services instance
+To start the SAP Central services instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/centralInstances/start/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
+## Stop SAP Central services instance
+To stop the SAP Central services instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/centralInstances/stop/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
+## Start SAP Application server instance
+To start the SAP Application server instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/applicationInstances/start/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
+## Stop SAP Application server instance
+To stop the SAP Application server instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/applicationInstances/stop/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
+## Start SAP HANA Database instance
+To start the SAP HANA Database instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/databaseInstances/start/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
+## Stop SAP HANA Database instance
+To stop the SAP HANA Database instance from a VIS resource, a *user* and *user-assigned managed identity* requires the following role or permissions.
+
+| Built-in roles for *users* | 
+| ------------------------- |
+| **Azure Center for SAP solutions administrator** |
+
+| Minimum permissions for *users* |
+| ------------------------------- |
+| `Microsoft.Workloads/sapVirtualInstances/databaseInstances/stop/action` |
+
+| Built-in roles for *user-assigned managed identities* |
+| ---------------------------------------------------- |
+| **Azure Center for SAP solutions service role** |
+
+| Minimum permissions for *user-assigned managed identities* |
+| ---------------------------------------------------------- |
+| `Microsoft.Compute/virtualMachines/read` |
+| `Microsoft.Compute/virtualMachines/extensions/read` |
+| `Microsoft.Compute/virtualMachines/extensions/write` |
+| `Microsoft.Compute/virtualMachines/instanceView/read` |
+
 ## View cost analysis
 
 To view the cost analysis, a *user* requires the following role or permissions.
