Hi Guys,
I tried creating the below custom role. Although it got created, when i assigned an user to it and attempted to test it. I could notice that it was still allowing the user to buy an VM image from Marketplace. Ultimately, i'm after a Custom Role, which should have Contributor level access, however they should be denied to buy anything from Azure Marketplace.
{
"Name": "Contributor with Deny permissions",
"IsCustom": true,
"Description": "Contributor with Deny permissions for MarketPlace Access",
"Actions": [
"*"
],
"NotActions": [
"Microsoft.Marketplace/*",
"Microsoft.MarketplaceApps/*",
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete",
"Microsoft.MarketplaceOrdering/*"
],
"DataActions": [
],
"NotDataActions": [
],
"AssignableScopes": [
"/subscriptions/XXXXXX-XXXX-XXXX-XXXX-XXXXXXXX"
]
}
Microsoft