Skip to content

Commit ce0d3d7

Browse files
Merge pull request #230289 from ericd-mst-github/erd-run-command-windows
Erd run command windows
2 parents 2bae8d8 + 37123e2 commit ce0d3d7

File tree

5 files changed

+21
-7
lines changed

5 files changed

+21
-7
lines changed

articles/virtual-machines/linux/run-command-managed.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,13 @@ The *updated* managed Run Command uses the same VM agent channel to execute scri
2828
- Support for long running (hours/days) scripts
2929
- Passing secrets (parameters, passwords) in a secure manner
3030

31+
## Limiting access to Run Command
32+
33+
Listing the run commands or showing the details of a command requires the `Microsoft.Compute/locations/runCommands/read` permission on Subscription level. The built-in [Reader](../../role-based-access-control/built-in-roles.md#reader) role and higher levels have this permission.
34+
35+
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/write` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
36+
37+
You can use one of the [built-in roles](../../role-based-access-control/built-in-roles.md) or create a [custom role](../../role-based-access-control/custom-roles.md) to use Run Command.
3138

3239
## Azure CLI
3340

articles/virtual-machines/linux/run-command.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ ms.service: virtual-machines
66
ms.collection: linux
77
author: nikhilpatel909
88
ms.author: erd
9-
ms.date: 10/25/2022
9+
ms.date: 03/10/2023
1010
ms.topic: how-to
1111
ms.reviewer: erd
1212
ms.custom: devx-track-azurecli
@@ -91,7 +91,7 @@ Invoke-AzVMRunCommand -ResourceGroupName '<myResourceGroup>' -Name '<myVMName>'
9191

9292
Listing the run commands or showing the details of a command requires the `Microsoft.Compute/locations/runCommands/read` permission on Subscription level. The built-in [Reader](../../role-based-access-control/built-in-roles.md#reader) role and higher levels have this permission.
9393

94-
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/action` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
94+
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/write` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
9595

9696
You can use one of the [built-in roles](../../role-based-access-control/built-in-roles.md) or create a [custom role](../../role-based-access-control/custom-roles.md) to use Run Command.
9797

articles/virtual-machines/run-command-overview.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: This topic provides an overview of running scripts within an Azure
44
ms.service: virtual-machines
55
author: nikhilpatel909
66
ms.author: erd
7-
ms.date: 11/03/2022
7+
ms.date: 03/10/2023
88
ms.topic: how-to
99
ms.reviewer: erd
1010
---
@@ -14,7 +14,7 @@ ms.reviewer: erd
1414
Run Command uses the virtual machine (VM) agent to run scripts within an Azure Windows or Linux VM. You can use these scripts for general machine or application management. They can help you to quickly diagnose and remediate VM access and network issues and get the VM back to a good state. Scripts can be embedded in the properties or referenced to a pre published gallery script.
1515

1616

17-
The original set of commands are action orientated. The updated set of commands, currently in Public Preview, are management orientated and enable you to run multiple scripts and has less restrictions. This article will explain the difference between the two sets of run commands and help you decide which set is the right one to use in your scenario.
17+
The original set of commands are action orientated. The updated set of commands are management orientated and enable you to run multiple scripts and has less restrictions. This article will explain the difference between the two sets of run commands and help you decide which set is the right one to use in your scenario.
1818

1919
> [!IMPORTANT]
2020
> **Managed Run Command** is currently available in Azure CLI, PowerShell, and API at this time. Portal functionality will soon be available.

articles/virtual-machines/windows/run-command-managed.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ ms.service: virtual-machines
66
ms.collection: windows
77
author: nikhilpatel909
88
ms.author: erd
9-
ms.date: 11/03/2022
9+
ms.date: 03/10/2023
1010
ms.topic: how-to
1111
ms.reviewer: erd
1212
ms.custom: devx-track-azurepowershell, devx-track-azurecli
@@ -28,6 +28,13 @@ The *updated* managed Run Command uses the same VM agent channel to execute scri
2828
- Support for long running (hours/days) scripts
2929
- Passing secrets (parameters, passwords) in a secure manner
3030

31+
## Limiting access to Run Command
32+
33+
Listing the run commands or showing the details of a command requires the `Microsoft.Compute/locations/runCommands/read` permission on Subscription Level. The built-in [Reader](../../role-based-access-control/built-in-roles.md#reader) role and higher levels have this permission.
34+
35+
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/write` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
36+
37+
You can use one of the [built-in roles](../../role-based-access-control/built-in-roles.md) or create a [custom role](../../role-based-access-control/custom-roles.md) to use Run Command.
3138

3239
## Azure CLI
3340

articles/virtual-machines/windows/run-command.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ ms.service: virtual-machines
66
ms.collection: windows
77
author: nikhilpatel909
88
ms.author: erd
9-
ms.date: 10/25/2022
9+
ms.date: 03/10/2023
1010
ms.topic: how-to
1111
ms.reviewer: erd
1212
ms.custom: devx-track-azurecli
@@ -110,7 +110,7 @@ Invoke-AzVMRunCommand -ResourceGroupName '<myResourceGroup>' -Name '<myVMName>'
110110

111111
Listing the run commands or showing the details of a command requires the `Microsoft.Compute/locations/runCommands/read` permission on Subscription Level. The built-in [Reader](../../role-based-access-control/built-in-roles.md#reader) role and higher levels have this permission.
112112

113-
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/action` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
113+
Running a command requires the `Microsoft.Compute/virtualMachines/runCommand/write` permission. The [Virtual Machine Contributor](../../role-based-access-control/built-in-roles.md#virtual-machine-contributor) role and higher levels have this permission.
114114

115115
You can use one of the [built-in roles](../../role-based-access-control/built-in-roles.md) or create a [custom role](../../role-based-access-control/custom-roles.md) to use Run Command.
116116

0 commit comments

Comments
 (0)