Apr 18 2019 04:45 AM
Hello everybody,
i have created a custom RBAC and defined the following actions:
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Network/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/powerOff/action",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/Logs/AzureActivity/Read",
"Microsoft.Insights/eventtypes/values/Read",
"Microsoft.Insights/EventCategories/Read",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.DevTestLab/labs/schedules/*"
In the Azure Portal a user who is authorized by the created RBAC can download the logs as .csv in the Activity Log but cannot directly view them in the portal.
Does anyone have an idea which action is missing?
Apr 21 2019 06:16 AM
can you explain your goal?
I have created a Custom Role in my tenant and add a test user to it.
When I login to the Azure portal with the test user, I´m now able to view all the logs under Azure Monitor in the action log.
Or did you need to see in each resource group the activity log?
Many greetings
Apr 25 2019 01:08 AM
Hi, @Gregor Reimling,
in the Azure Monitor I can also see the logs.
My goal as you described is to have the activity log in every resource.
Thank you for your work so far.
Nov 05 2020 05:46 AM
@Christian Scharf Did you get to a solution on this ? have similiar issue