Explicit permissions required to Disable Container vulnerability results

Copper Contributor

Hi Team, 


We would like to disable some of the vulnerability assessments made in our container registry.  We found a nice documentation on how to do that https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-ass....

However it seems we can't disable this with Contributor access on the subscription and also with Resource Policy Contributor role. We tried with Owner/User Access Administrator access and then we are able to disable it. 

In our setup, it's not possible to get  Owner/User Access Administrator on the Subscription.  


Question 1: Do we have any other built in role which can help to disable it? 
Question 2: If we have to create a custom role, what actions that role should have permission to ? 

Question 3: Any other implementation suggestion where a "contributor" can disable particular vulnerability assessment ? 

0 Replies