roleAssignment with current user id

Question

I'm using Azure AD app registration principles to deploy resources via Azure Resource Manager to deploy via Pipelines. During the deployment I need to set some permissions to the deployment user to ensure it has enough permission to - for example - upload files. As I'm using different principles, and I'm not managing those in the code, I would like to know if there is a way to reference the "current user-principals - ID" during the deployment.

Something like:

deployment().properties.xx

or

environment()

https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/template-functions-deployment https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?tabs=bicep

Otherwise, I would need to inject this information via parameter, I think. I could get that information by script - or there is a variable even present from azure dev ops. Any ideas, help appreciated. Thanks.

I don't think it is possible, you will have to inject the details. are you using az cli or powershell to deploy ? — Thomas, Jul 28 '22 at 20:01

score 3 · Answer 1 · answered Jul 29 '22 at 16:38

3

Currently, it's not possible to get the objectId of the user deploying the template... we do have a backlog item for it.

answered Jul 29 '22 at 16:38

bmoore-msft

8,376
20
22

2

any news about this feature? I also need it to create keys in a KeyVaultduring a deployment process. – Karen Tazayan Nov 22 '22 at 15:04
2

We have it on the backlog - no specific date yet... – bmoore-msft Nov 28 '22 at 20:20
Is this backlog-item public? Can you link it so we can reference it in our documentation? – giklo Dec 02 '22 at 09:37
It is not public – bmoore-msft Dec 05 '22 at 17:20
3

We would like this feature too @bmoore-msft. We want our ADO Service Connection principal user set secrets in our keyvault. – Wesley Dec 21 '22 at 22:44

roleAssignment with current user id

1 Answers1

Linked

Related