Forum Discussion
Behind the scenes: access and region control in Windows Update for Business reports
The GitHub page says that whatever account will run the Ansible playbook should be Subscription owner to be able to create all the resources. However, the target_resource_group parameter in the localhost file seems to indicate that we can have everything go in the same resource group.
To me it seems possible to have the account have just the Contributor role for that resource group in order to run the playbook successfully, since everything created by the playbook would go into that group. I assume the Subscription Owner role would definitely be needed if the playbook was also creating a new resource group instead of using an existing one.
Am I missing something? Is subscription owner a hard requirement besides for the reason I mentioned?
Thank you.
Specifically, 'Microsoft.Storage/register/action' permission to the subscription is what is required.