We have multiple slots for the same app service. We would like to restrict users by not allowing them to publish code to staging and production slots from visual studio. I gave reader access to the staging and prod slots but the user is still able to publish the code. Is there any other settings/configurations we may need to do.
Asked
Active
Viewed 221 times
0
-
To check if your Reader access is working, in the portal, are they able to go to the slot and view the App Settings? That's not supposed to work when you're a reader, so that's a good sanity check. – David Ebbo Mar 15 '17 at 16:19
-
Yes they can view the app settings. Infact they can even publish pages to Staging and Prod slots. – Ashish Mar 15 '17 at 16:21
-
1The point is to isolate the issue, so no need to re-add publishing in the equation, as that's what your main description already says! :) So you're saying that your reader user can view/modify things like connection strings? If so, then you did not correctly make them a reader. I tested the scenario and it works fine for me. – David Ebbo Mar 15 '17 at 16:29
-
Not sure what the issue might be then. I gave the user reader on the staging slot and owner on the test slot. He has reader on the resource group on which previously he was owner. Does it take a while to update the permissions? – Ashish Mar 15 '17 at 17:24
-
It shouldn't take that long. Please try isolating. e.g create a new empty web app and add same permission. Does it do the right thing? – David Ebbo Mar 15 '17 at 20:21
-
[Update]: The settings worked for me and have been able to apply security policies around app services. – Ashish Mar 16 '17 at 04:56
-
Great, so what was wrong? – David Ebbo Mar 16 '17 at 04:57
-
Not sure. I removed the account and re-added. Started working. – Ashish Mar 16 '17 at 05:02