I have a daemon application that wants to list all subscriptions (incl. some details) within a management group in Azure.
For that I have created an App registration including client secrets in Azure to be used by the daemon application.
However, I am having now problems granting access to an entire management group.
What has worked, was to create a Role assignment (Type App -> Role Reader) for a single subscription. However, this does not work on management group level. There, I can only assign roles of type User to some roles. I cannot assign an App to a role.
How can I grant now the daemon application reader access to the entire management group?
(assigning individual subscriptions is not an option, because I want to see with that application for example if a subscription has been added)
Asked
Active
Viewed 43 times
0
Joy Wang
- 39,905
- 3
- 30
- 54
mister.elastic
- 389
- 2
- 18
-
Yes, thanks @JoyWang :) – mister.elastic Dec 18 '20 at 13:15
1 Answers
1
You could follow the steps below.
1.Navigate to the Azure portal -> search for management -> click Management groups.
2.Choose the management group you want.
3.Click (details).
4.Add the app(service principal) like below, in Select, search for your app name.
Joy Wang
- 39,905
- 3
- 30
- 54