Are there plans to add support for the ARM API to support Application Permission? I have a requirement as a CSP Partner to provision various Azure resources.
Cheers Ryan
Asked
Active
Viewed 62 times
1
-
your question is not clear, please elaborate – itaysk Feb 04 '17 at 17:32
1 Answers
0
Well, there already are application permissions. A service principal in the Azure AD attached to the subscription can be added roles on the resources in the ARM API through RBAC.
But the API does not allow you to just give application permissions through Azure AD. In a multi-tenant scenario this would certainly be useful, but the permissions given would necessarily be very broad. This might be unwanted.
What you can do is require delegated permissions on the API, and have some kind of on-boarding process where a subscription admin logs in to your application, and then your app can provision the resources using the user's permissions. Or if you want, you could assign the necessary roles you need on a subscription selected by the user. Then your app's service principal would have the permissions without a logged-in user.
juunas
- 54,244
- 13
- 113
- 149