Skip to content

Commit

Permalink
Update roles, add archival roles (#3)
Browse files Browse the repository at this point in the history 
1. Update the latest permissions for CNP, exocompute roles.
2. Add roles for archival.
  • Loading branch information
@h-elango
h-elango authored Apr 18, 2023
1 parent 98f5b0f commit 7b46c3a
Show file tree
Hide file tree
Showing 4 changed files with 70 additions and 2 deletions.
22 changes: 22 additions & 0 deletions polaris-custom-role-archival-encryption.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"id": "/subscriptions/abcdefgh-1234-abcd-1234-abcdefghijkl/providers/Microsoft.Authorization/roleDefinitions/01234567-abcd-1234-abcd-123456789012",
"properties": {
"roleName": "Rubrik Polaris ARCHIVAL ENCRYPTION - 01234567-abcd-1234-abcd-123456789012",
"description": "Rubrik Polaris role for ARCHIVAL ENCRYPTION",
"assignableScopes": [
"/subscriptions/abcdefgh-1234-abcd-1234-abcdefghijkl"
],
"permissions": [
{
"actions": [
"Microsoft.KeyVault/vaults/keys/unwrap/action",
"Microsoft.KeyVault/vaults/keys/wrap/action",
"Microsoft.KeyVault/vaults/keys/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
40 changes: 40 additions & 0 deletions polaris-custom-role-archival.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"id": "/subscriptions/abcdefgh-1234-abcd-1234-abcdefghijkl/providers/Microsoft.Authorization/roleDefinitions/01234567-abcd-1234-abcd-123456789012",
"properties": {
"roleName": "Rubrik Polaris ARCHIVAL - 01234567-abcd-1234-abcd-123456789012",
"description": "Rubrik Polaris role for ARCHIVAL",
"assignableScopes": [
"/subscriptions/abcdefgh-1234-abcd-1234-abcdefghijkl"
],
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/listServiceSas/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/assign/action",
"Microsoft.Storage/storageAccounts/encryptionScopes/read",
"Microsoft.Storage/storageAccounts/encryptionScopes/write",
"Microsoft.KeyVault/vaults/read",
"Microsoft.KeyVault/vaults/keys/read",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/storageAccounts/blobServices/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/immutableStorage/runAsSuperUser/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
]
}
}
4 changes: 3 additions & 1 deletion polaris-custom-role-definition.json → ...-custom-role-cloud-native-protection.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,9 @@
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Compute/diskEncryptionSets/read"
"Microsoft.Compute/diskEncryptionSets/read",
"Microsoft.Compute/galleries/images/versions/read",
"Microsoft.Storage/storageAccounts/listkeys/action"
],
"notActions": [],
"dataActions": [
Expand Down
6 changes: 5 additions & 1 deletion polaris-custom-role-exocompute.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,11 @@
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/read"
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/delete"
],
"notActions": [],
"dataActions": [],
Expand Down

0 comments on commit 7b46c3a

Please sign in to comment.