I need to give a colleague access to a development azure portal so that he can learn how to create web bots. As he has no experience of azure, I dont want to through him in the deep end, so would rather use RBACs, but I cant quite see what roles would be best to apply. I had been thinking about creating a resource group and then scoping the 'contributor' role assignment to the group, but would like to try to find a more granular approach where the type of resources the user can create are restricted eg excluding VMs and SQL server?
Asked
Active
Viewed 86 times
1 Answers
0
When you deploy a bot, typically these resources are created in the Azure portal:
Resources
- Web App
- App Service
- App Service plan
- Application Insights
- Storage account
If you wanted to get really granular, you could make your colleague these built-in roles as these are the typical services deployed with a bot:
- Web Plan Contributor
- Website Contributor
- Storage Account Contributor
- Application Insights Component Contributor
Another approach would be to go the Resource Group route and assign a policy to audit the creation of services so you can give your college more room to test
Ken W - Zero Networks
- 3,533
- 1
- 13
- 18
-
I'll go with the second approach as the first is a bit too restrictive. Many thanks ! – chris rowles Feb 15 '19 at 17:23