Custom RBAC | grant Activity log

Question

Hello everybody,i have created a custom RBAC and defined the following actions:"Microsoft.Storage/*/read","Microsoft.Storage/storageAccounts/listKeys/action","Microsoft.Network/*/read","Microsoft.Compute/*/read","Microsoft.Compute/virtualMachines/start/action","Microsoft.Compute/virtualMachines/restart/action","Microsoft.Compute/virtualMachines/deallocate/action","Microsoft.Compute/virtualMachines/powerOff/action","Microsoft.Authorization/*/read","Microsoft.Resources/subscriptions/resourceGroups/read","Microsoft.Insights/alertRules/*","Microsoft.Insights/diagnosticSettings/*","Microsoft.Insights/ActivityLogAlerts/*","Microsoft.Insights/Logs/AzureActivity/Read","Microsoft.Insights/eventtypes/values/Read","Microsoft.Insights/EventCategories/Read","Microsoft.DevTestLab/schedules/*","Microsoft.DevTestLab/labs/schedules/*"&nbsp;In the Azure Portal a user who is authorized by the created RBAC can download the logs as .csv in the Activity Log but cannot directly view them in the portal.Does anyone have an idea which action is missing?

gregor reimling · Answer

Hi&nbsp;Christian Scharf.
can you explain your goal?
I have created a Custom Role in my tenant and add a test user to it.&nbsp;
When I login to the Azure portal with the test user, I´m now able to view all the logs under Azure Monitor in the action log.&nbsp;
&nbsp;
Or did you need to see in each resource group the activity log?&nbsp;
&nbsp;
Many greetings
&nbsp;

christian scharf · Answer

Hi,&nbsp;Gregor Reimling,&nbsp;in the Azure Monitor I can also see the logs.My goal as you described is to have the activity log in every resource.&nbsp;Thank you for your work so far.

vinod-sr · Answer

Christian Scharf&nbsp; Did you get to a solution on this ? have similiar issue

Forum Discussion

Custom RBAC | grant Activity log

3 Replies

Resources