Create Custom Role

Copy the code into a new text document:

{"properties":{"roleName":"lookoutCASBrole","description":"Lookout CASBrole","assignableScopes":["/subscriptions/<Subscription-ID>"],"permissio ns":[{"actions":["Microsoft.Storage/storageAccounts/read","Microsoft.Storage
/storageAccounts/encryptionScopes/read","Microsoft.Storage/storageAccounts/b lobServices/read","Microsoft.Storage/storageAccounts/blobServices/containers
/read","Microsoft.Storage/storageAccounts/blobServices/containers/write","Mi crosoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies
/read","Microsoft.Storage/storageAccounts/queueServices/read","Microsoft.Sto rage/storageAccounts/queueServices/queues/write","Microsoft.EventGrid/eventS ubscriptions/delete","Microsoft.EventGrid/eventSubscriptions/read","Microsof t.EventGrid/eventSubscriptions/write","Microsoft.Storage/storageAccounts/wri te","Microsoft.Storage/storageAccounts/listkeys/action","Microsoft.EventGrid
/systemTopics/read","Microsoft.EventGrid/systemTopics/write","Microsoft.Insi ghts/eventtypes/values/Read","Microsoft.Storage/storageAccounts/blobServices
/providers/Microsoft.Insights/diagnosticSettings/read"],"notActions":[],"dat aActions":["Microsoft.Storage/storageAccounts/blobServices/containers/blobs/ read","Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write ","Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete"," Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action", "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/filter/acti
on","Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/ac tion","Microsoft.Storage/storageAccounts/blobServices/containers/blobs/perma nentDelete/action","Microsoft.Storage/storageAccounts/blobServices/container s/blobs/deleteBlobVersion/action","Microsoft.Storage/storageAccounts/queueSe rvices/queues/messages/read","Microsoft.Storage/storageAccounts/queueService s/queues/messages/delete"],"notDataActions":[]}]}}

Replace the text "<Subscription-ID>" with the subscription ID for your Azure account.
You can also replace the roleName and description values.
Save the text file with a .json extension.
In the Azure console, access Azure Subscription > Access Control (IAM).
Click Add and select Add custom role.
For Baseline Permissions, select Start from JSON.
Use the file browser to select and upload the .json file you saved in step 2.
If needed, enter or update the name and (optional) description of your new role.
Select Review + Create to see all settings for your new role.
Click Create to finish creating the new role.
Assign the new role to a user with admin permissions on your Azure account.

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Create Custom Role

lookout-footer