We're facing a challenge where a team of developers needs to have access to an Azure IoTHub which allows them the abiity to read telemetry and heartbeat data. However, granting reader access does not provide this capability, and granting contributor access is highly-privileged. Therefore, it is necessary to determine the least-privileged role for accessing this information. Any help would be helpful. Thank you!
There is no built-in RBAC role for IoTHub, your option is to create a Custom role.
The format is like this, change the Name, Id, Actions, etc. For the Actions, just refer to this REST API sample response, the actions are included, you could use them depending on your requirement.
Sample:
{
"Name": "IotHub Operator",
"Id": "<Your-Guid>",
"IsCustom": true,
"Description": "Can do operations on IotHub",
"Actions": [
"Microsoft.Devices/iotHubs/Read",
"Microsoft.Devices/iotHubs/*/Read",
"Microsoft.Devices/iotHubs/listkeys/Action"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/{subscriptionId}"
]
}