Assigning Azure Permissions for Dynamic Permissioning

Within Azure, there are management groups and subscriptions. To read them, you need to assign Azure permissions to the tenant root group.

Perform the following steps to assign Azure permissions at the Tenant Root Group:

1. Login to Azure with administrator privileges. 
2. From the Home page, select Management groups.
3. Click on Tenant Root Group from the list.
4. Click Access control (IAM) from the navigation menu.
5. Click Role assignments tab. 
6. Click Add -> Add custom role. 
7. Enter the role name as Britive-Integration-Role in Custom role name. 
8. Click Next.
9. Click +Add permissions. 
10. Search for Microsoft Authorization. 
11. Click the Microsoft Authorization tile.
12. Select the following permissions from the displayed list:
    • Read: Get Role Assignment 
    • Write: Create Role Assignment 
    • Delete: Delete Role Assignment
13. Click Add. 
14. Click Next. 
15. Click Add assignable scopes. 
16. Select all the subscriptions and resource groups under the subscriptions. 
17. Click Add. 
18. Click Next. 
19. Click Edit. 
20. Under permissions > actions, add the following permission: "*/read",
21. Click Save. A message is displayed that the role assignment is being added.
22. Click Next. 
23. Review the role settings and click Create. 
24. Click the Role Assignments tab.  
25. Click Add. 
26. Click Add Role Assignment. 
27. Select the role created above (Britive-Integration-Role).  
28. Select Britive from the “select” field. 
29. Click Save.

The new role assignment is visible from the Role Assignments tab.

For more information about assigning Azure permissions, see Create or update Azure custom roles using the Azure portal.