Topics relating to Azure Role Base Access Control
Questions tagged [azure-rbac]
264 questions
0
votes
1 answer
Can I Access Azure Service Bus Relay Using RBAC?
I know that I can access anything in Azure Service Bus using SAS token authentication, and it seems that accessing via RBAC is now becoming the preferred auth method for things like Event Hubs. What I cannot find in the various web articles or…
pjneary
- 1,136
- 6
- 8
0
votes
1 answer
Terraform azurerm role definition with email address
I am deploying resources to Azure with Terraform. I want to assign roles to AD users by using their email address. In the azurerm_role_assignment resource, only the object id of the user can be used. I have tried it with email but it logically…
MoonHorse
- 1,966
- 2
- 24
- 46
0
votes
1 answer
How to restrict permission to a user to access a folder in the Data Lake if the RBAC permission allows AD Group level access?
I have an AAD Group that is allowed to access the Data Lake Gen 2 via RBAC. However, there are some people in the AAD Group that should not be allowed to see some of the files/folders. How can it be done?
I saw ACLs, but from what I've read ACLs are…
Samantha
- 65
- 1
- 2
- 7
0
votes
1 answer
kubectl error: You must be logged in to the server (Unauthorized) after some time in AKS
I have a cluster with RBAC in AKS, and it works just fine, but sometimes (it seems after my laptop goes to sleep) I just get this error and have to create context again:
kubectl error: You must be logged in to the server (Unauthorized)
It does not…
Ilya Chernomordik
- 27,817
- 27
- 121
- 207
0
votes
1 answer
List details of Azure Management Group from daemon application
I have a daemon application that wants to list all subscriptions (incl. some details) within a management group in Azure.
For that I have created an App registration including client secrets in Azure to be used by the daemon application.
However, I…
mister.elastic
- 389
- 2
- 18
0
votes
1 answer
Multiple wildcards in Azure RBAC
I saw this in the documentation:
You can also have multiple wildcards in a string. For example, the following string represents all query permissions for Cost Management.
Microsoft.CostManagement/*/query/*
What does the first wildcard mean before…
Samantha
- 65
- 1
- 2
- 7
0
votes
1 answer
Azure Tenant Creation - Who can create?
I have a question on AZURE Active directory and trying to understand the RBAC. I have a azure subscription and default directory created in it. I have a created a user in the default directory say user1@xyz.onmicrosoft.com and assigned a reader…
Prashant1987
- 15
- 4
0
votes
1 answer
Is there a way to give the user Owner role in subscription scope, but deny/read access to resource groups not made by him?
I want to invite guest user in Azure with permissions that he could do whatever he wants in subscription scope with owner role, but he couldn't view other resource groups that he didn't make or just be able to read them.
Sulas
- 39
- 8
0
votes
1 answer
Is there any REST API available to list owners of an azure resource group?
The REST API which is available to list role assignments of a resource group by MS results with few properties in which neither DisplayName nor RoleDefinitionName specified. But all the expected details could be fetched using PowerShell as stated in…
0
votes
1 answer
How to grant read access to only some resources in an Azure subscription?
Lets say I have a user "User A" and someone with more privilege "Owner 1". "Owner 1", in Subscription "Product" makes 2 different resource groups, one for Dev resources, and one for Test resources. "Owner 1" has the Owner role on the Subscription…
B. Witter
- 564
- 6
- 19
0
votes
1 answer
Why do I get the error 'Forbidden.' when executing Add-AzKeyVaultManagedStorageAccount using a Service Principal?
Using Powershell in an Azure DevOps pipeline, I am trying to assign the key vault a new storage account by calling the command Add-AzKeyVaultManagedStorageAccount.
All the scripting seems to have worked so far except for that last command which…
Kzryzstof
- 7,688
- 10
- 61
- 108
0
votes
1 answer
Why do I get the error 'The provided information does not map to an AD object id.' when executing New-AzRoleAssignment using a Service Principal?
Using Powershell in an Azure DevOps pipeline, I am trying to assign the key vault's principal the role Storage Account Key Operator Service Role to a storage account.
Command Line
The command line is run after I connected Azure with the service…
Kzryzstof
- 7,688
- 10
- 61
- 108
0
votes
1 answer
How to use microsoft graph api for assigning role to the user in azure ad
I have created below role in the app registration manifest:
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Student",
"id": "d1c2ade8-98f8-45fd-aa4a-6d06b947c66f",
"isEnabled": true,
…
S Andrew
- 5,592
- 27
- 115
- 237
0
votes
1 answer
No users to select from the list in Azure Role assignments using Resource Group Owner
With an Azure Resource Group Owner I could not find any user from the list of users in Role assignments. I got a message "An error occurred. Please try again later." instead. Please see screenshot here. screenshot
The Resource Group Owner is a guest…
mwa
- 148
- 2
- 9
0
votes
1 answer
What Azure RBAC permissions are required to backup and restore an Azure SQL Managed Instance?
As a baseline, my role currently looks like this. Are there any permissions that are overloaded or unnecessary for these tasks?
{
"Name": "Azure SQL Managed Instance Restore and Backup",
"IsCustom": true,
"Description": "Permissions requisite…
John Fisher
- 243
- 3
- 10