Missing Permission in Custom Role

[dstaskiewicz-vervint]

Page URL

https://docs.netapp.com/us-en/bluexp-setup-admin/task-install-connector-azure-bluexp.html

Page title

Create a Connector in Azure from BlueXP

Summary

The permission Microsoft.Network/loadBalancers/write is missing from the custom role.

Public issues must not contain sensitive information

• [X] This issue contains no sensitive information.

[netapp-bcammett]

@dstaskiewicz-vervint,

Thank you for reaching out and submitting this feedback.

Are you referring to the custom role that's used to create the Connector or the custom role that is assigned to the Connector for day-to-day operations?

Did you receive an error during the Connector creation process from BlueXP?

Thanks, Ben

[dstaskiewicz-vervint]

Hi Ben, It was during the setup of the CVO instance. When BlueXP sets up the connector it automatically assigns the custom role to the managed identity of the connector. Is it expected that the customer goes in and assigns a 2nd custom role to the managed identity of the connector?

[netapp-bcammett]

When you deploy a Connector directly from BlueXP, BlueXP deploys the Connector virtual machine in Azure, it enables a system-assigned managed identity on the virtual machine, creates a custom role, and assigns it to the virtual machine. The role provides BlueXP with the permissions required to manage resources and processes within that Azure subscription.

The permissions that are included in the custom role that BlueXP creates is shown here: https://docs.netapp.com/us-en/bluexp-setup-admin/reference-permissions-azure.html#custom-role-permissions

That role includes the permission that you mentioned: Microsoft.Network/loadBalancers/write

Did that not happen in this case?

(Note that the role creation is not done by BlueXP if you create the Connector from the Marketplace or if you manually install the Connector software.)

[dstaskiewicz-vervint]

The role that was assigned to the connector did not include any of the Microsoft.Network/loadBalancers permissions (write, read, or delete).

[netapp-bcammett]

That sounds like a problem with the product. Can you please open a case with NetApp support?

(This GitHub issue is simply for documentation updates.)

[netapp-bcammett]

I'm going to close this issue, as there are no doc updates required. This problem requires a support case.

https://mysupport.netapp.com/site/