Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
0
votes
1 answer

Azure Devops - Service Principal manual setup?

I have the following Azure devops pipeline in two different Azure devops projects one for the Infrastructure team and another one for the application development team Networking, ACR and AKS Infrastructure provisioning using Terraform AKS…
One Developer
  • 99
  • 5
  • 43
  • 103
0
votes
0 answers

Managing .Net Core Application Role and Permission through Azure Active Directory

I am trying to perform Authetication and Authorization of my .Net core application through Azure Active Directory. So far, I am successfully able to do, Authentication with OIDC Authentication through Graph API Applying groups and roles…
DSA
  • 720
  • 2
  • 9
  • 30
0
votes
1 answer

Figure out the right set of actions in Azure RBAC custom role

There is this Azure function that needs to call Azure REST API. PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/web?api-version=2019-08-01 And the…
dushyantp
  • 4,398
  • 7
  • 37
  • 59
0
votes
1 answer

How to assign an application role to a managed identity in the ARM template

I have the following scenario. My application registration defines a set of application roles I dynamically deploy a scaleset with a System assigned managed identity via ARM template During the deployment i want to assign that identity to one of the…
Cheick
  • 2,154
  • 24
  • 28
0
votes
1 answer

Folder level access control in ADLS Gen2 for upcoming users

I have a Gen2 storage account and created a container. Folder Structure looks something like this StorageAccount ->Container1 ->normal-data ->Files 1....n ->sensitive-data ->Files 1....m I want to give read only access to the…
DOJI
  • 153
  • 6
0
votes
0 answers

Get-AzRoleAssignment command returning users and service principles who are removed from RBAC Permissions

I am using Get-AzRoleAssignment to get RBAC details for Data Lake Storage Gen1 resource. Command : Get-AzRoleAssignment -ResourceGroupName "test" -ResourceName "testResource" -ResourceType "Microsoft.DataLakeAnalytics/accounts" Above command gives…
sujit gavhane
  • 1
  • 1
0
votes
1 answer

azure cosmos db : How to manage users'tokens and connection string for cosmos db

On Azure cosmos DB, I want to have a user with access only to DATA plane (no CONTROL plane). Following the REST API (https://learn.microsoft.com/en-us/rest/api/cosmos-db/create-a-user) I am able to create a user then to grant him permissions. Now,…
mwa
  • 148
  • 2
  • 9
0
votes
1 answer

How can an Azure user create a Resource Group if user is not Contributor or Owner?

What role can I assign to a user that will allow them to create resource groups? I cannot use owner or contributor because those are too powerful. The whole point is limit what various developers can do. For example, our development teams create web…
Schwammy
  • 223
  • 3
  • 15
0
votes
1 answer

Azure Storage blob container assign RBAC using ARM

We currently have ARM templates that create storage accounts and containers in a solution however I can't seem to manage to assign the RBAC access to the container in the ARM template. I have tried using Erik's solution here "type":…
jakli
  • 57
  • 1
  • 7
0
votes
1 answer

Using MSI to access Azure Key Vault in C# .Net

Since I am new to Azure, this question might be silly. I am trying to build a service to provision and manage a cluster of VMs. For security concerns, I don't want to put some sensitive data on each cluster. So I decide to provision an Azure Key…
Meng Li
  • 65
  • 1
  • 7
0
votes
1 answer

How can I connect to storage queue using Azure AD and WebJobs SDK?

My WebJobs app uses an Azure Storage Queue Trigger. It runs smoothly when the connection string to the storage account the queue app listens to is set-up in the configuration; i.e. appsettings.json. { "AzureWebJobsStorage": "connString" } However,…
baouss
  • 1,312
  • 1
  • 22
  • 52
0
votes
1 answer

Is there a built-in role to allow owner type actions on everything in a subscription, but not on the subscription itself

I want a group of people to be able to completely manage a subscription, including managing access to resources within it, except for managing the subscription itself. So (for example) when a new resource group with a storage account is added to the…
standardModel
  • 355
  • 3
  • 11
0
votes
1 answer

Subscription level Role similar to Reader but preventing Key Vault secret access & storage key access

I am looking for some RBAC role at subscription level, something like 'Reader' but unlike Reader, it should not allow accessing Key Vault secrets and Azure Storage blob keys. Is there any such role at subscription level?
Dhiraj
  • 3,396
  • 4
  • 41
  • 80
0
votes
1 answer

How to access Image of one subscription from another subscription to create a VM in azure?

We have a requirement that needs to create a VM in a one Subscription using Image. But the image will be in another subscription. This should be done without copying or moving the image to the destination subscription. We tried the shared image…
user6264
  • 175
  • 1
  • 7
  • 22
0
votes
2 answers

Getting issue The request to create role assignment 'xxxx--x-x-x--x-x-x-xxxxxxx' is not valid. Role assignment scope must match the scope specified

I am trying to create storage account, blob storage and then trying to create role on storage account. Below is the code storagedeploy.json: { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", …
KCS
  • 2,937
  • 4
  • 22
  • 32
1 2 3
17 18