Configuring a Custom Role and Assigning it to a Tufin Application

  1. Log in to your Azure Account through the Azure portal.

  2. Go to the Access Control page, and click Add > Add Custom Role.

    The Custom Role Editor is displayed.

  3. In the Basics tab, fill out the following information:

    1. Custom role name and Description: Enter a name and description for the custom role.

    2. Baseline Permissions: Select Clone a role.
    3. Role to clone: Select Reader.

  4. Click Next to move to the Permissions tab.

  5. Click Add Permissions.

  6. Search for Microsoft Network.

  7. Click on the Microsoft Network tile, and select the following permissions:

    • Read: Get Express Route Service Provider

    • Write: Create or Update Route

    • Other: Gets virtualNetworkGateway advertised routes

    • Other: Gets virtualnetworkgateway learned routes

  8. Click Add.

  9. Create the custom role by clicking Review+Create.

  10. In the Access Control page, click Add > Add Role Assignment.

    11. The Add Role Assignment pane is displayed.

  11. In the Role field, select the role you created.
  12. In the Select field, select the SecureTrack App registration.
  13. Click Save.