0

I am trying to use RBAC to allow other developers to deploy containers in Azure without giving full admin rights. I tried adding as reader and contributor, didn't seem to work. Has anyone else implemented this/have any other ideas?

Hannel
  • 1,656
  • 3
  • 10
  • 17
cdr
  • 1
  • Could you include more details in your question? The container in your question is storage container or aks? – Joy Wang Apr 12 '19 at 01:04

1 Answers1

0

You could use the Azure Portal to assign a built-in RBAC role for the storage. There are the following built-in RBAC roles:

  • Storage Blob Data Owner: Use to set ownership and manage POSIX access control for Azure Data Lake Storage Gen2 (preview).
  • Storage Blob Data Contributor: Use to grant read/write/delete permissions to Blob storage resources.
  • Storage Blob Data Reader: Use to grant read-only permissions to Blob storage resources.
  • Storage Queue Data Contributor: Use to grant read/write/delete permissions to Azure queues.
  • Storage Queue Data Reader: Use to grant read-only permissions to Azure queues.
  • Storage Queue Data Message Processor: Use to grant peek, retrieve, and delete permissions to messages in Azure Storage queues.
  • Storage Queue Data Message Sender: Use to grant add permissions to messages in Azure Storage queues.

The process to assign a built-in RBAC role:

  1. Assign the appropriate Azure Storage RBAC role to grant access to an Azure AD security principal.

  2. Assign the Azure Resource Manager Reader role to users who need to access containers or queues via the Azure portal using their Azure AD credentials.

About the step to step:

  1. In the Azure portal, navigate to your storage account and display the Overview for the account.
  2. Under Services, select Blobs(for an example).
  3. Locate the container for which you want to assign a role, and display the container's settings.
  4. Select Access control (IAM) to display access control settings for the container. Select the Role assignments tab to see the list of role assignments.

enter image description here

  1. Click the Add role assignment button to add a new role.
  2. In the Add role assignment window, select the Azure Storage role that you want to assign. Then search to locate the security principal to which you want to assign that role.
  3. Click Save.

For the details, you could read here.

SunnySun
  • 1,900
  • 1
  • 6
  • 8