Add an Azure Role Definition
Azure role definitions can be added to both cloud rules and cloud access roles in Kion. Here's how you can add them.
To create a new Azure role definition:
- In the left navigation menu, click Cloud Management> Azure Role Definitions.
- Click the Add New button.
- On this page, fill in the Name and Description for your Azure role definition. Be sure to follow the naming convention for Azure role definitions here.
- In the text area, fill in the permissions that this role definition should give. Kion manages the assignable scopes and name/description, so only the JSON objects containing the "actions" and "notActions" for your role definition are required. If any other objects are entered (such as name and description), Kion will trim them out upon creation of the role definition. For example, the required "actions" and "notActions" objects may look like this:
{ "actions": [ "Microsoft.Storage/*/read", "Microsoft.Network/*/read", "Microsoft.Compute/*/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.ResourceHealth/availabilityStatuses/read" ], "notActions": [ ] }
- From their respective dropdowns, pick the users and user groups that should own this role definition.
- Select whether the policy will be public or restricted.
- Public policies. All users with permission to manage cloud access roles can select public policies when creating cloud access roles.
- Restricted policies. Only those users selected in the policy can select restricted policies when creating cloud access roles. When you set a policy as restricted, you must select at least one user or user group to have permission to use the policy.
- Click Create Role Definition at the bottom of the page.
What next?