locked
Azure Load Balancer Probe create Custom Role RRS feed

  • Question

  • Hi,

    I have a custom role allows the user assigned the role to create load balancers. The Role definition has all load balancer actions amongst others listed in it:

    Microsoft.Network/loadBalancers/read
    Microsoft.Network/loadBalancers/write
    Microsoft.Network/loadBalancers/delete
    Microsoft.Network/loadBalancers/networkInterfaces/read
    Microsoft.Network/loadBalancers/loadBalancingRules/read
    Microsoft.Network/loadBalancers/backendAddressPools/read
    Microsoft.Network/loadBalancers/backendAddressPools/join/action
    Microsoft.Network/loadBalancers/inboundNatPools/read
    Microsoft.Network/loadBalancers/inboundNatPools/join/action
    Microsoft.Network/loadBalancers/inboundNatRules/read
    Microsoft.Network/loadBalancers/inboundNatRules/write
    Microsoft.Network/loadBalancers/inboundNatRules/delete
    Microsoft.Network/loadBalancers/inboundNatRules/join/action
    Microsoft.Network/loadBalancers/outboundNatRules/read
    Microsoft.Network/loadBalancers/probes/read
    Microsoft.Network/loadBalancers/probes/join/action
    Microsoft.Network/loadBalancers/virtualMachines/read
    Microsoft.Network/loadBalancers/frontendIPConfigurations/read

    However there is no /probes/write operation available and if I add that action to the definition it's not valid. This means the role does not allow users to create health probes via the portal. They can via powershell as this method appears to write the whole load balancer properties back and not just create a probe property.

    Running  Get-AzureRmProvideroperation -OperationSearchString microsoft.network/Loadbalancers/* confirms that there is no Microsoft.Network/loadBalancers/probes/write operation available.

    Is this by design? Is there a way to have a custom role that allows users to create a load balancer including health probes?

    Thanks,

    James

    Tuesday, May 29, 2018 3:05 PM

Answers

  • Yes, it is by design. Currently only these (‘Microsoft.Network/loadBalancers/probes/join/action’ and ‘Microsoft.Network/loadBalancers/probes/read’) two rules are available for Azure load balancer probes.  
    If you wish you may leave your feedback here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure. 

    -----------------------------------------------------------------------------------------------

    If this answer was helpful, click “Mark as Answer” or Up-Vote. To provide additional feedback on your forum experience, click here.

    • Proposed as answer by vijisankar Tuesday, May 29, 2018 7:21 PM
    • Marked as answer by Jabster78 Wednesday, May 30, 2018 7:29 AM
    Tuesday, May 29, 2018 7:21 PM