Skip to content

Commit bb8ad2f

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #287210 from halkazwini/nw-rbac
Update flow logs permissions
2 parents b804be9 + 3fa92b3 commit bb8ad2f

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

articles/network-watcher/required-rbac-permissions.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ author: halkazwini
66
ms.author: halkazwini
77
ms.service: azure-network-watcher
88
ms.topic: concept-article
9-
ms.date: 05/09/2024
9+
ms.date: 09/23/2024
1010

1111
#CustomerIntent: As an Azure administrator, I want to know the required Azure role-based access control (Azure RBAC) permissions to use each of the Network Watcher capabilities, so I can assign them correctly to users using any of those capabilities.
1212
---
@@ -48,11 +48,14 @@ Azure role-based access control (Azure RBAC) enables you to assign only the spec
4848
> | --------- | -------------------------------------------------------------- |
4949
> | Microsoft.Network/networkWatchers/configureFlowLog/action | Configure a flow Log |
5050
> | Microsoft.Network/networkWatchers/queryFlowLogStatus/action | Query status for a flow log |
51+
> | Microsoft.Network/networkSecurityGroups/write <sup>1</sup> | Creates a network security group or updates an existing network security group |
5152
Microsoft.Storage/storageAccounts/listServiceSas/Action, </br> Microsoft.Storage/storageAccounts/listAccountSas/Action, <br> Microsoft.Storage/storageAccounts/listKeys/Action | Fetch shared access signatures (SAS) enabling [secure access to storage account](../storage/common/storage-sas-overview.md?toc=/azure/network-watcher/toc.json) and write to the storage account |
5253
54+
<sup>1</sup> Only required with NSG flow logs.
55+
5356
## Traffic analytics
5457

55-
Since traffic analytics is enabled as part of the Flow log resource, the following permissions are required in addition to all the required permissions for [Flow logs](#flow-logs):
58+
Since traffic analytics is enabled as part of the flow log resource, the following permissions are required in addition to all the required permissions for [Flow logs](#flow-logs):
5659

5760
> [!div class="mx-tableFixed"]
5861
> | Action | Description |

0 commit comments

Comments
 (0)