Forum Discussion
What would be the minimum role (IAM) for performing a succesful Azure Migrate?
I would like to know what the least privileged role is for performing an Azure Migrate. Often, a customer does not want to give you full permissions (e.g. Owner, Contributor) to a subscription. However, the Reader role does not have specific permissions within an Azure Migrate. You can think of creating/changing an assessment, exporting an assessment, etc. How should we deal with this?
- Hi Gertjan Jongeneel
If the built-in roles don't meet the specific needs of your organization. you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at subscription, resource group, and resource scopes. Custom roles are stored in an Azure Active Directory (Azure AD) directory and can be shared across subscriptions. Each directory can have up to 2000 custom roles. Custom roles can be created using Azure PowerShell, Azure CLI, or the REST API.
https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-rolesHi Vinoth,
I'm aware that I can create custom roles, but I'm looking for the specific permissions required to execute all tasks for a successful Azure Migrate (assessment). The Reader role is not enough to create assessments and/or export assessments to .csv. What permissions do we need to be able to execute these tasks?
Gertjan Jongeneel as for as i am aware that, You must have Administartor or Co-administrator role to execute the Azure Migration assessment and project.And also you must hold admin permission to on-premises Hyper-V or Vmware environment.
