Azure Community Support

Ask questions, get answers and connect with Microsoft engineers and Azure community experts

Products

    MSDN Forum

    Microsoft response to Azure technical questions

    Additional "/read" permission to allow call to Network Watcher queryFlowLogStatus api

    Today default Build-In Reader role not allow to execute Query Flow Log Status, because Reader role allows all operations of "*/read". But query flow log status operation have "/action" in the end: Microsoft.Network/networkWatchers/queryFlowLogStatus/action This makes complicated to use different applications and services which want to query flow log status. To be able to do it they ask customers to create custom role in each and each subscription with that permission and then assign that role to the application (In addition to Reader role which they ask to assign for other features). If will be additional permission with "/read" operation to query flow logs status - then all that complication of custom role will be not needed and will need just assign Build-In Reader Role to application and automatically Reader role will permit to use it. A very high number of Azure Customers have issue with that permission and a required custom role.

    Include subscription ID in Activity logs when exporting

    Today, the subscription ID of Azure Activity logs are included when viewed in Azure Monitor or Sentinel. However, this field is not present when exporting to Event Hubs or storage, which limits traceability.

    Enable reads while azure DW is scaling and don’t throw users out. Redshift does it. Do it too!

    Throwing users out while scaling is silly. In the follow the sun economy someone is always querying anyway. Allow reads like AWS RedShift does

    StackOverflow

    Community responses to development questions

    Additional "/read" permission to allow call to Network Watcher queryFlowLogStatus api

    Today default Build-In Reader role not allow to execute Query Flow Log Status, because Reader role allows all operations of "*/read". But query flow log status operation have "/action" in the end: Microsoft.Network/networkWatchers/queryFlowLogStatus/action This makes complicated to use different applications and services which want to query flow log status. To be able to do it they ask customers to create custom role in each and each subscription with that permission and then assign that role to the application (In addition to Reader role which they ask to assign for other features). If will be additional permission with "/read" operation to query flow logs status - then all that complication of custom role will be not needed and will need just assign Build-In Reader Role to application and automatically Reader role will permit to use it. A very high number of Azure Customers have issue with that permission and a required custom role.

    Include subscription ID in Activity logs when exporting

    Today, the subscription ID of Azure Activity logs are included when viewed in Azure Monitor or Sentinel. However, this field is not present when exporting to Event Hubs or storage, which limits traceability.

    Enable reads while azure DW is scaling and don’t throw users out. Redshift does it. Do it too!

    Throwing users out while scaling is silly. In the follow the sun economy someone is always querying anyway. Allow reads like AWS RedShift does

    Serverfault

    Community responses to Sys/Net admin questions

    Additional "/read" permission to allow call to Network Watcher queryFlowLogStatus api

    Today default Build-In Reader role not allow to execute Query Flow Log Status, because Reader role allows all operations of "*/read". But query flow log status operation have "/action" in the end: Microsoft.Network/networkWatchers/queryFlowLogStatus/action This makes complicated to use different applications and services which want to query flow log status. To be able to do it they ask customers to create custom role in each and each subscription with that permission and then assign that role to the application (In addition to Reader role which they ask to assign for other features). If will be additional permission with "/read" operation to query flow logs status - then all that complication of custom role will be not needed and will need just assign Build-In Reader Role to application and automatically Reader role will permit to use it. A very high number of Azure Customers have issue with that permission and a required custom role.

    Include subscription ID in Activity logs when exporting

    Today, the subscription ID of Azure Activity logs are included when viewed in Azure Monitor or Sentinel. However, this field is not present when exporting to Event Hubs or storage, which limits traceability.

    Enable reads while azure DW is scaling and don’t throw users out. Redshift does it. Do it too!

    Throwing users out while scaling is silly. In the follow the sun economy someone is always querying anyway. Allow reads like AWS RedShift does

    Azure Feedback

    Do you have an idea or suggestion based on your experience with Azure?

    Additional "/read" permission to allow call to Network Watcher queryFlowLogStatus api

    Today default Build-In Reader role not allow to execute Query Flow Log Status, because Reader role allows all operations of "*/read". But query flow log status operation have "/action" in the end: Microsoft.Network/networkWatchers/queryFlowLogStatus/action This makes complicated to use different applications and services which want to query flow log status. To be able to do it they ask customers to create custom role in each and each subscription with that permission and then assign that role to the application (In addition to Reader role which they ask to assign for other features). If will be additional permission with "/read" operation to query flow logs status - then all that complication of custom role will be not needed and will need just assign Build-In Reader Role to application and automatically Reader role will permit to use it. A very high number of Azure Customers have issue with that permission and a required custom role.

    Include subscription ID in Activity logs when exporting

    Today, the subscription ID of Azure Activity logs are included when viewed in Azure Monitor or Sentinel. However, this field is not present when exporting to Event Hubs or storage, which limits traceability.

    Enable reads while azure DW is scaling and don’t throw users out. Redshift does it. Do it too!

    Throwing users out while scaling is silly. In the follow the sun economy someone is always querying anyway. Allow reads like AWS RedShift does

    File a support ticket

    Create an incident

    Tweet at us @AzureSupport

    Connect on Twitter

    Help us improve. Is this page helpful?

    160 character limit