What is the minimum Azure RBAC (built-in) role required to approve a Pending Private Endpoint Connection (on an Event Hub namespace)? So far we managed to do it with Contributor on the Event Hub Namespace but we are wondering if there is a role which grants less permissions and still will work for this.
Asked
Active
Viewed 104 times
0
-
Clone default Azure Event Hubs Data Owner role and create a custom role for only approving private endpoint in Event Hub namespace: https://i.imgur.com/VGobGjB.png – Venkat V Jun 13 '23 at 11:56
-
@VenkatV so that means there isn't a built-in role which would achieve that (without granting Contributor etc)? – silent Jun 13 '23 at 12:14
-
There is a built-in role to manage the Event Hub namespace. However, if you want to restrict permissions specifically for private endpoint approval, you can create a custom role : https://i.imgur.com/jHDgQeT.png – Venkat V Jun 13 '23 at 12:25
1 Answers
0
What is the minimum Azure RBAC (built-in) role required to approve a Pending Private Endpoint Connection (on an Event Hub namespace)?
There is a built-in role called Azure Event Hubs Data Owner in the Event Hub namespace that is specifically designed for managing Event Hub resources. This role provides complete access to Event Hubs resources
Refer the this MS Doc for more about the Azure Event Hubs Data Owner Role.
Azure Event Hubs Data Owner
In order to provide access specifically for approving private endpoints in the Event Hub namespace, you can create a custom role by cloning the "Azure Event Hubs Data Owner" role and removing all other actions, selecting only the "Approve Private Endpoint Connection" permission
Venkat V
- 2,197
- 1
- 1
- 10