Describe the bug
A customized role is created to only allow job/task creation in azure batch account. A test user with this customized role can create job/task and submit task to batch node by using azure portal application or azure login from web browser but not by using batch explorer. The batch explorer shows add button greyed out with notification "Add a job (You don't have permission to perform this action)
To Reproduce
Steps to reproduce the behavior:
-
Create custom role with permission below and assign this role to test user.
{
"Name": "Batch job role",
"IsCustom": true,
"Description": "View, create and view batch jobs.",
"Actions": [
"Microsoft.Batch/batchAccounts/write"
],
"NotActions": [],
"DataActions": [
"Microsoft.Batch/batchAccounts/jobs/",
"Microsoft.Batch/batchAccounts/jobSchedules/"
],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
]
}
-
login azure portal application or azure website as test user account. Go to batch account/jobs and verify test user account can create job. This is to prove the custom role is setup properly and issue is not from custom role side.
-
Login batch explorer as test user account. Go to batch accounts/jobs the add button greyed out.
Expected behavior
Batch explorer application should allow test account to create job/task as azure portal application and azure online.
Screenshots
2 screenshots attached. One is good scenario from azure portal. The other is issue noticed under batch explorer.
Logs(Click profile > View Logs > app.log, client.log)
N.A.
Version (please complete the following information):
- OS: [Windows]
- Version [1803]
Describe the bug
A customized role is created to only allow job/task creation in azure batch account. A test user with this customized role can create job/task and submit task to batch node by using azure portal application or azure login from web browser but not by using batch explorer. The batch explorer shows add button greyed out with notification "Add a job (You don't have permission to perform this action)
To Reproduce
Steps to reproduce the behavior:
Create custom role with permission below and assign this role to test user.
{
"Name": "Batch job role",
"IsCustom": true,
"Description": "View, create and view batch jobs.",
"Actions": [
"Microsoft.Batch/batchAccounts/write"
],
"NotActions": [],
"DataActions": [
"Microsoft.Batch/batchAccounts/jobs/",
"Microsoft.Batch/batchAccounts/jobSchedules/"
],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
]
}
login azure portal application or azure website as test user account. Go to batch account/jobs and verify test user account can create job. This is to prove the custom role is setup properly and issue is not from custom role side.
Login batch explorer as test user account. Go to batch accounts/jobs the add button greyed out.
Expected behavior
Batch explorer application should allow test account to create job/task as azure portal application and azure online.
Screenshots
2 screenshots attached. One is good scenario from azure portal. The other is issue noticed under batch explorer.
Logs(Click profile > View Logs > app.log, client.log)
N.A.
Version (please complete the following information):