If you are using Service Principal authentication on the Azure platform, your IAM role should be 'owner' or have at least the minimum access privilege listed below:
{ "Name": "SoftNAS", "Actions": [ "Microsoft.Authorization/*/read", "Microsoft.Compute/availabilitySets/*", "Microsoft.Compute/locations/*", "Microsoft.Compute/virtualMachines/*", "Microsoft.Compute/disks/*", "Microsoft.Network/applicationGateways/backendAddressPools/join/action", "Microsoft.Network/locations/*", "Microsoft.Network/networkInterfaces/*", "Microsoft.Network/networkSecurityGroups/join/action", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/publicIPAddresses/join/action", "Microsoft.Network/publicIPAddresses/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.Network/virtualNetworks/subnets/read", "Microsoft.Network/virtualNetworks/subnets/write", "Microsoft.Network/virtualNetworks/subnets/delete", "Microsoft.Network/virtualNetworks/subnets/virtualMachines/read", "Microsoft.Network/virtualNetworks/virtualMachines/read", "Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/routeTables/read", "Microsoft.Network/routeTables/write", "Microsoft.Network/routeTables/delete", "Microsoft.Network/routeTables/join/action", "Microsoft.Network/routeTables/routes/read", "Microsoft.Network/routeTables/routes/write", "Microsoft.Network/routeTables/routes/delete", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/*", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Storage/storageAccounts/*", "Microsoft.Support/*" ], "NotActions": [], "AssignableScopes": ["/subscriptions/XXXXXXXXXXXXXXXXXXXXXXXXXX"], <--- Your subscription ID here "Description": "SoftNAS Cloud Instance Permissions", "IsCustom": "true" }