You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/vpn-gateway/roles-permissions.md
+4-6Lines changed: 4 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,31 +17,29 @@ Because of this, it's essential to verify permissions on all involved resources
17
17
## Azure built-in roles
18
18
19
19
You can choose to assign [Azure built-in roles](../role-based-access-control/built-in-roles.md) to a user, group, service principal, or managed identity such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which support all the required permissions for creating the gateway.
20
-
For more information, see [Steps to assign an Azure role](../role-based-access-control/role-assignments-steps.md)
20
+
For more information, see [Steps to assign an Azure role](../role-based-access-control/role-assignments-steps.md).
21
21
22
22
## Custom roles
23
23
24
24
If the [Azure built-in roles](../role-based-access-control/built-in-roles.md) don't meet the specific needs of your organization, you can create your own custom roles.
25
25
Just like built-in roles, you can assign custom roles to users, groups, and service principals at management group, subscription, and resource group scopes.
26
-
For more information, see [Steps to create a custom role](../role-based-access-control/custom-roles.md#steps-to-create-a-custom-role)
26
+
For more information, see [Steps to create a custom role](../role-based-access-control/custom-roles.md#steps-to-create-a-custom-role).
27
27
28
28
To ensure proper functionality, check your custom role permissions to confirm user service principals, and managed identities operating the VPN gateway have the necessary permissions.
29
-
To add any missing permissions listed here, see [Update a custom role](../role-based-access-control/custom-roles-portal.md#update-a-custom-role)
29
+
To add any missing permissions listed here, see [Update a custom role](../role-based-access-control/custom-roles-portal.md#update-a-custom-role).
30
30
31
31
## Permissions
32
32
33
33
Depending on whether you're creating new resources or using existing ones, add the appropriate permissions from the following list:
34
34
35
-
**Permissions table**
36
-
37
35
|Resource | Resource status | Required Azure permissions |
| Subnet | Use existing| Microsoft.Network/virtualNetworks/subnets/join/action<br>Microsoft.Network/virtualNetworks/subnets/read |
41
39
| IP addresses| Create new| Microsoft.Network/publicIPAddresses/write |
42
40
| IP addresses | Use existing| Microsoft.Network/publicIPAddresses/join/action<br>Microsoft.Network/publicIPAddresses/read |
43
41
44
-
For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions)
42
+
For more information, see [Azure permissions for Networking](../role-based-access-control/permissions/networking.md) and [Virtual network permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
0 commit comments