Creating a custom role with the required Cloud Manager permissions

NetApp provides a policy file that you must use to create a custom Azure role. The policy file defines the actions that Cloud Manager can perform in Azure. You must assign this custom role to an Active Directory service principal.


  1. Download the Cloud Manager Azure policy from the following location:
  2. Modify the JSON file by adding Azure subscription IDs to the assignable scope.
    You should add the ID for each Azure subscription from which users will create ONTAP Cloud systems.
    "AssignableScopes": [
  3. Use the JSON file to create a custom role.
    The following example shows how to create a custom role using the Azure CLI 2.0:
    az role definition create --role-definition C:\Policy_for_Cloud_Manager_Azure_3.1.json


You should now have a custom role called OnCommand Cloud Manager Operator.

After you finish

Create an Active Directory service principal.