Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
3
votes
1 answer

How to find what operations/permissions my Azure Service Principal needs

I'm trying to lock down my Azure service principals with minimum permissions. This can be done by creating custom roles. But in defining custom roles, how do I know what actions are required for a given task? For example, if an automation account…
jschmitter
  • 1,669
  • 19
  • 29
2
votes
1 answer

MSAL Auth stores authentication information in local storage - How to limit storage of information

I am working on a single page application (SPA) app that grants access to specific paths in the application, based on roles setup in Azure AD for the user logging in. As per this…
Skadoosh
  • 699
  • 2
  • 11
  • 27
2
votes
2 answers

Function code cannot run command that works interactively

I have an Azure Durable function, that runs some PowerShell code. The code takes the Application Id from a newly created Application Account and grants it Contributor access on a resource group. The code looks like this: $param = @{ …
Axel Andersen
  • 954
  • 1
  • 6
  • 18
2
votes
1 answer

Permissions required to delete specific Azure resource RestAPI

I'm trying to delete one Azure Resource using RestAPI by following this document: https://learn.microsoft.com/en-us/rest/api/resources/resources/delete-by-id I have the access token with scope as https:/management.azure.com/.default where I granted…
Arjun
  • 31
  • 5
2
votes
1 answer

Creating a custom role which cannot delete a resource group or individual resources within the resource group

I want to create a custom role for developers. With this custom role the developers should have contributor access to the resource group "TestRessourceGroup" and all its stored resources but the developers should not have the permission to delete…
Daniel
  • 171
  • 1
  • 9
2
votes
2 answers

Azure: I don't have permissions, but I am Owner

I've been added to a RG as owner in a subscription outside på company. Navigating to the Access contol (IAM) of the RG and clicking "View my access". clearly says "Grants full access to manage all resources, including the ability to assign roles in…
wmmhihaa
  • 744
  • 8
  • 21
2
votes
0 answers

Azure Kubernetes Service RBAC Cluster Admin doens't provide my user the cluster admin privilege

I have an aks cluster running kubernetes 1.21.2 with those options : Kubernetes RBAC --> enable AKS-managed AAD --> enable Local accounts --> disabled When I run the az aks get-credentials --resource-group --name
Will
  • 1,792
  • 2
  • 23
  • 44
2
votes
2 answers

Azure RBAC role 'ConfigureFactoryRepo' is required to be granted over the entire subscription to Terraform Service Principal to spin up Data Factory

I have a Terraform Enterprise service principal that has the following roles assigned to it over my Resource Group: Contributor Data Factory Contributor ConfigureFactoryRepoAction Network Joiner Network Interface to Subnet Joiner Reader (assigned…
vamsichivukula
  • 21
  • 3
2
votes
1 answer

Restricting Tag Editing, while being Owner of Resource Group

He everyone, I have a subscription where I want to create "sandbox" environments for people. My goal is to give folks a resource group, and make them owner of the Resource Group. They can do anything they want in this little resource group, but…
Chief
  • 130
  • 10
2
votes
1 answer

azure shared dashboard rbac without underlying resource access

i have a few charts and data grids in the azure shared dashboard, for various audiences, e.g. exec, operations,sres. Would like to share the access to read the dashboard to them, but not the underlying resources, e.g. my app services, log analytics…
Tommy Wang
  • 99
  • 6
2
votes
1 answer

I don't see the Run as account in azure automation account

A colleague created a Run as account in an azure automation account. I don't see this Run as account although i have owner rights on this automation account. I have given myself Owner rights on the subscription, after that i have started to see it.…
MoonHorse
  • 1,966
  • 2
  • 24
  • 46
2
votes
1 answer

issue setting up app gateway ingress controller(agic) azure kubernetes service(aks)

I have followed the steps from the following guide to set up an agic in azure: https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/setup/install-existing.md I have a vnet with an aks cluster(rbac enabled) in one subnet…
Laiba Abid
  • 71
  • 8
2
votes
1 answer

How to deploy ARM template with user managed identity and assign a subscription level role?

The ARM template below is supposed to create the following resources: resource group - user managed identity - subscription level Contributor role assignment Currently the deployment is failing with the error "error": { "code":…
Pedro Paulo
  • 103
  • 1
  • 9
2
votes
1 answer

Failed to remove custom role definition - existing role assignments

I have a custom role and there are no assignments as far as I know. But I am unable to delete it. Check screenshot below. The error says There are existing role assignments referencing role. The role assingments must be deleted before the role can…
dushyantp
  • 4,398
  • 7
  • 37
  • 59
2
votes
2 answers

Grant access to Azure Data Lake Gen2 Access via ACLs only (no RBAC)

my goal is to restrict access to a Azure Data Lake Gen 2 storage on a directory level (which should be possible according to Microsoft's promises). I have two directories data, and sensitive in a data lake gen 2 container. For a specific user, I…
SherwoodCH
  • 23
  • 1
  • 4
1
2
3
17 18