MontyCloud DAY2™ adheres to a least-privilege permission model throughout all platform operations. Our goal is to ensure that customers have complete control over the permissions they grant and to limit the scope of our access for each operation.


In MontyCloud DAY2, we create a specific role with the bare minimum permissions and Service Principal/App Registration to discover resources. The custom Role Based Access Control (RBAC) roles that are associated with the Service Principal in your Azure subscription have the necessary permissions.


The roles mentioned below are created in your Azure subscription for Resource Discovery (Initial Resource Discovery and Real-Time Resource Discovery). These are the custom RBAC permissions assigned to the service principal in the subscription.


Role 

Permissions

Reader RoleAn Azure inbuilt role that reads all the resources inside the subscription.
Custom Role

  • Resource Group - Allows Read/Write access to resource groups in the subscription

  • Event Grid - Allows Read/Write access to event grids in the subscription

  • Event Subscription - Allows Read/Write access to event in the Subscription.

  • Logic Apps - Allows Read/Write access to Logic Apps in the Subscription.

  • Web App - Allows Read/Write access to Connections and Connection Gateways in the Subscription.

  • Microsoft Authorization - Allows Read, Role assignments and Role Definition access in the Subscription.

Contact us at support@montycloud.com to access granular details of permissions for each of these areas.