An AD Group needs the appropriate RBAC Role assigned so they can update advanced filters on an existing EventGrid Subscription, but I can't find the appropriate Role.
- Source type:
microsoft.storage.storageaccounts - Endpoint: StorageQueue
- Use-case: When a blob is uploaded to an Azure Storage Container, an EventGrid message is written to an Azure Storage Queue.
There are a couple StackOverflow answers that say "Assign an EventGrid EventSubscription Contributor..." or the like. This is not an RBAC Role that is found in the Storage Account, Storage Queue nor the EventGrid System Topic.
Any insights on which built-in RBAC Role can be granted in this case? I do not want to create a custom Role if it can be avoided.
To allow Event grid to write messages to the Storage queue, you need to assign Event grid a role on Azure storage queue.
Storage Queue Data Contributor could fit that goal
And to update Event Grid advanced filters, the AAD group should be assigned the
EventGrid ContributorandEventGrid EventSubscription Contrinbutorroles