Forum Discussion
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal.
Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename"
Selective permissions that I applied to user account.
My approach is to use custom role specific permissions.
Appreciate your help to knows the right permission required.
Regards,
Rajkumar
Verify whether your Azure AD tenant has custom Conditional Access policies or specific restrictions blocking this operation
Try this:
- Sign in to the Azure Portal: Go to the Azure Portal and sign in with an account that has the necessary administrative privileges.
- Navigate to Azure AD: In the left-hand menu, select Azure Active Directory.
- Create or Modify a Custom Role:
- To create a new custom role, go to Roles and administrators > New custom role.
- To modify an existing custom role, select the role from the list and click Edit.
- Add the Required Permission:
- In the Permissions tab, click Add permissions.
- Search for microsoft.aadiam/diagnosticSettings/write and add it to the role.
- Assign the Custom Role:
- After creating or modifying the role, assign it to the user or group that needs to configure diagnostic settings.
- Go to Roles and administrators, select the custom role, and click Assignments > Add assignment.
- Verify Permissions: Ensure that the user account now has the custom role assigned with the necessary permissions.
