Grant Azure resource permissions

Before you start

Confirm the following stages have been completed:

The following values from the parameters workbook are required:

Use an account with the following permissions:

User with Owner or User Access Administrator role must execute these steps.

The following roles should be assigned to the Data Loader Storage Account {DataLoader-Storage-Account}:

Role	Assignee Type	Assignee
Contributor	Managed Identity	Function App {Function-App-Name} in parameters workbook.
Storage Queue Data Contributor	Managed Identity	Function App {Function-App-Name} in parameters workbook.
Storage Queue Data Contributor	Managed Identity	Web App {Web-App-Name} in parameters workbook.
Storage Blob Data Contributor	Managed Identity	Function App {Function-App-Name} in parameters workbook.
Storage Blob Data Contributor	Managed Identity	Web App {Web-App-Name} in parameters workbook.
Storage Blob Data Contributor	User	Deployment Account {Deployment-Accounts} in parameters workbook.
Storage Blob Data Contributor	User or group	Any user or a group in addition to {Deployment-Accounts} who will require access to storage accounts to manage data loader files (optional).

See following link for Microsoft documentation on adding role assignments: https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal?tabs=delegate-condition The following steps should be executed for each role:

Navigate to the Data Loader Storage Account resource in Azure
Go to Access Control (IAM) -> Role assignments -> Add -> Add role assignment
On Role tab select role (Contributor is under Privileged administrator roles section).
On Members tab select Managed Identity or User, group, or service principal based on the assignee type.
Press Select members.
Select required members from the list. Repeat for each member. Press Select
Go to Review + Assign and press Review + assign.