I believe the service bus has been fully ported to RM.
However, we have users who are assigned to the contributor role scoped to the subscription.
Their contributor role permissions are properly inherited to new resource groups.
However, neither the contributor role at subscription nor the contributor scoped at any resource groups has the service bus provider listed in the RBAC role permission set.
When a user who is a contributor at both subscription and resource group tries to create a service bus they get the following error:
"You don't have the required permission (Microsoft.ServiceBus/register/action)"
I attempted to resolve this with the following cmds:
$role = Get-AzureRmRoleDefinition "Contributor"
$role.AssignableScopes.Add("/subscriptions/<MYSUBSCRIPTONGUID>")
$role.Actions.Add("Microsoft.ServiceBus/*")
Set-AzureRmRoleDefinition -Role $role
This fails because I am not authorized even though I am a Subscription Admin (ie coadmin).
We wish to manage permission to the service bus the same way we manage access to all ARM resources.
Please adivse why read\write access is not assigned to the servicebus provider on the contributror RBAC role.
Thanks!!