Lucidity Assessment for Azure: Permission Flexibility
Lucidity provides full flexibility in what permissions are granted to run the assessment, ensuring complete alignment with your organization’s security and operational controls.
Lucidity Assessment supports two permission modes:
Comprehensive Permissions Mode (Recommended) – Enables full coverage across your environment. If VM Insights is not already enabled, Lucidity temporarily enables it to capture disk utilization and performance metrics, then disables it immediately after the metadata collection.
Essential Permissions Mode – Designed for customers who already have VM Insights enabled or prefer not to allow Lucidity to modify any monitoring settings. This mode uses only essential read-only permissions to collect metadata.
Comprehensive Permissions
In the Comprehensive Permissions mode for Azure, Lucidity Assessment is granted temporary access to ensure that the assessment can run successfully, even in cases where VM Insights is not already enabled. As part of the flow, Lucidity Assessment App will create a Log Analytics workspace local to subscription to store metadata collected by VM insights in the same subscription, create Data collection rules (DCRs) used by the Azure Monitor agent to specify Disk Utilization data to collect and finally enable VM Insights. You can learn more about VM Insights here. The permissions include:
Cost Operations – Permissions to access cost and usage data for disks.
VM and Disk Operations – Ability to describe instances, volumes, and regions, as well as perform minimal modifications to enable VM Insights.
Monitoring Operations – Create Data Collection Rule, Log Analytics Workspace and Enabling VM Insights and disable or delete these if enabled at end of assessment.
Note
To view Azure Policy Statement visit Policy Statement for Comprehensive Permissions Mode.
For customers who already have VM Insights enabled on at least 40% of Azure VM or can enable before starting assessment, can proceed with the Essential Permissions mode. In this mode, VM Insights is not automatically enabled by Lucidity, assessment instead uses your existing VM Insights configuration to perform the assessment in a lightweight, read-only manner.
Essential Permissions
Under the Essential Permission model, Lucidity is granted a minimal set of read-only and monitoring permissions for Usage Reporting, Virtual Machines and Monitoring.
Cost Operations – Read-only access to cost and usage data for disks.
EC2 Operations – Ability to describe instances, volumes, and regions. No modifications are performed.
Monitoring Operations – Use existing VM Insights to collect Utilization information.
Unlike the Essential Permissions model, this approach excludes any VM modifications, relying solely on existing configurations. This provides a lightweight way to perform the assessment when environments already have the necessary configuration for VM Insights in place.
Note
To view Azure Policy Statement visit Policy Statement for Essential Permissions Mode.
To learn more about the full list of actions and why it is required visit Permissions Overview for Azure Assessment.