Using the HYCU R‑Cloud Role for Azure

The Azure Resource Manager (ARM) creates a custom Azure role and assigns it to the HMSP when you add an Azure resource group as a source to R‑Cloud. For details, see Adding an Azure resource group as a source.

Only if you are adding an Azure resource group as a source. The following permissions are included in the HYCU R‑Cloud Role:

Permission Action
ClassicCompute virtualMachines/disks/read

Compute

disks/read
disks/beginGetAccess/action
disks/delete
disks/endGetAccess/action
disks/write
snapshots/beginGetAccess/action
snapshots/delete
snapshots/endGetAccess/action
snapshots/read
snapshots/write
virtualMachines/delete
virtualMachines/write
virtualMachines/read
virtualMachines/retrieveBootDiagnosticsData/action
virtualMachines/attachDetachDataDisks/action
virtualMachines/instanceView/read
galleries/images/versions/read

ContainerRegistry

registries/pull/read

Network

networkInterfaces/read
networkInterfaces/write
networkInterfaces/join/action
networkInterfaces/delete
networkSecurityGroups/read
networkSecurityGroups/join/action
publicIPAddresses/delete
publicIPAddresses/read
publicIPAddresses/write
publicIPAddresses/join/action
virtualNetworks/read
virtualNetworks/write
virtualNetworks/subnets/read
virtualNetworks/subnets/join/action

Resource

subscriptions/resourcegroups/deployments/read
subscriptions/resourcegroups/deployments/write
subscriptions/resourcegroups/deployments/operations/read
subscriptions/resourcegroups/deployments/operationstatuses/read
subscriptions/resourcegroups/resources/read
subscriptions/read
subscriptions/resourceGroups/read

Security

Microsoft.Security/assessments/read

ServiceBus

Actions:
namespaces/queues/read
namespaces/queues/Delete
namespaces/write
namespaces/read
namespaces/queues/write

Data actions:
namespaces/messages/send/action
namespaces/messages/receive/action

Storage

Actions:
storageAccounts/blobServices/*
storageAccounts/blobServices/containers/*
storageAccounts/blobServices/generateUserDelegationKey/action
storageAccounts/read
storageAccounts/write
storageAccounts/managementPolicies/read
storageAccounts/listkeys/action
storageAccounts/delete

Data actions:
storageAccounts/blobServices/containers/blobs/tags/write
storageAccounts/blobServices/containers/blobs/tags/read
storageAccounts/blobServices/containers/blobs/*

Only if you are adding an Azure resource group as compute. The following permissions are included in the HYCU R‑Cloud Compute Role:

Permission Action

Compute

virtualMachines/read
virtualMachines/write
virtualMachines/delete
disks/delete

Network

virtualNetworks/read
virtualNetworks/subnets/read
virtualNetworks/subnets/join/action
networkInterfaces/write
networkInterfaces/read
networkInterfaces/delete
networkInterfaces/join/action
publicIPAddresses/read
publicIPAddresses/write
publicIPAddresses/join/action
publicIPAddresses/delete

Resource

subscriptions/read
subscriptions/resourceGroups/read