List of required permissions per resource

[sharebear]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I'm configuring a private GitHub Actions runner to avoid manual processes when applying terraform, especially in production. In order to do this I would like to create a role with the absolute minimum permissions necessary for the resources that I actually use. Having a reference of which permissions are necessary to CRUD each resource type would be very valuable in this situation as I generally find Azure's built-in roles lacking in granularity.

New or Affected Resource(s)

All resources and data sources

Potential Terraform Configuration

N/A

References

• https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
• https://docs.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations

[maniSbindra]

@sharebear not sure but I think the Open Source az-mpf utility should be able to provide the requested information.