Microsoft lists the following similar looking rights (https://learn.microsoft.com/en-us/azure/role-based-access-control/permissions/analytics):
Action | Description |
---|---|
Microsoft.DataFactory/factories/pipelines/sandbox/action | Creates a debug run environment for the Pipeline. |
Microsoft.DataFactory/factories/pipelines/sandbox/create/action | Creates a debug run environment for the Pipeline. |
Microsoft.DataFactory/factories/pipelines/sandbox/run/action | Creates a debug run for the Pipeline. |
Does anybody know the difference or where I can find this sort of information?
Microsoft.DataFactory/factories/pipelines/sandbox/action: This permission allows you to create a debug run environment for the pipeline. It's a general permission for setting up a sandbox environment where you can test and debug your pipeline.
Microsoft.DataFactory/factories/pipelines/sandbox/create/action: This permission specifically allows you to create a debug run environment for the pipeline.
Microsoft.DataFactory/factories/pipelines/sandbox/run/action: This permission allows you to create a debug run for the pipeline. It focuses on actually running the pipeline in the sandbox environment, rather than just setting it up.
As your requirement is to allow to start a debug run only. In that case, you should use the permission Microsoft.DataFactory/factories/pipelines/sandbox/run/action. This permission allows you to create a debug run for the pipeline, focusing specifically on running the pipeline in the sandbox environment, without granting unnecessary rights to set up or create the debug environment.