Azure で az acr build するのに最低限の権限

az_acr_build_role.md

Built-in role がないのでね。

{
  "roleName": "My AcrBuild",
  "roleType": "CustomRole",
  "description": "Build images in a container registry.",

  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/read",
        "Microsoft.ContainerRegistry/registries/scheduleRun/action",
        "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl/action",
        "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl/action"
      ],
      "dataActions": [],
      "notActions": [],
      "notDataActions": []
    }
  ],
  "assignableScopes": [
    "<my-subscription>"
  ]
}

Azure/acr#174 (comment) にコメントしておいた。