Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
2
votes
1 answer

PoC for Support Request Contributor Role

I would like your guidance and advice on this please. I am trying to build proof of concept for an Azure RBAC role called the "Support Request Contributor" These are the tests I am planning on after creating a non admin regular user account and…
Hinda
  • 27
  • 1
  • 7
2
votes
1 answer

RBAC role for VM to manage resources with az

New to Azure. I was trying to use az cli in 18.04.1-Ubuntu to manage a resource group [The VM is part of the resource group]. I enabled the system managed assigned identity for the VM and also gave RBAC access of owner to the VM from the resource…
azureLearning
  • 21
  • 1
2
votes
1 answer

azure ad difference between group based and role based authorization

Hi recently I started working on azure ad. I have started working on authorization for my .net core apis. I have an below understanding on azure ad roles and groups. Azure AD groups. Groups nothing but grouping of users belongs to same business.…
Niranjan
  • 1,881
  • 6
  • 44
  • 71
2
votes
2 answers

How to create Azure Role Assignment scoped to a certain resource type

I'm trying to create an Azure Role Assignment which assigns the User Access Administrator role to a service principal but only for Azure Data Factory resources. I see plenty of documentation on setting scopes by subscription, resource group, or even…
jschmitter
  • 1,669
  • 19
  • 29
2
votes
2 answers

Relationship between Azure RBAC roles and service principal

What is the relationship between Azure RBAC roles and service principal? Are they the same thing or Azure RBAC roles is the property of the account that can create different service principals by different RBAC roles? What is the relationship…
SLN
  • 4,772
  • 2
  • 38
  • 79
2
votes
2 answers

error when running Get-AzManagementGroup PowerShell Command

I am a global administrator and when I run the command Get-AzManagementGroup I get the following error: Get-AzManagementGroup : The client 'live.com#kellygarcia9@yahoo.co.uk' with object id 'bd24ab44-e034-439e-8a02-756d1e3557a3' does not have …
kay106
  • 65
  • 5
2
votes
1 answer

Azure (Policy/RBAC/MFA) - how to block user

I do have users assigned as Owners to Subs. I also have MFA forced for set of users, not all from AAD. I am trying to find a solution (policy?) where I can block Owner of Subscription from adding a user to Sub without MFA solution applied yet. Only…
maras2002
  • 193
  • 5
2
votes
1 answer

What role do I assign to a user so he can manage MFA activities in my Azure subscription?

I want to delegate the 'MFA activities' to a group of people, because it is very difficult for only one person (Global administrator) to do this job. However, I do not see any built-in role for delegating the MFA responsibilities using RBAC. Can…
Manjunath Rao
  • 1,397
  • 4
  • 26
  • 42
2
votes
1 answer

Creating Custom Azure RBAC Role to allow users to swap slots within portal.azure.com

I'm trying to create a Custom Role for developers to allow them to simply swap slots on our various WebApps. Here's the Role I've created to complete this: { "Name": "Swap Role", "Id": "", "IsCustom": true, "Description": "Lets developers perform…
alexinslc
  • 33
  • 7
2
votes
1 answer

What is the difference in RBAC for VMs vs VM scale sets?

I have a custom role that allows creation of a VM in a particular VNet and its subnet. I am able to deploy a single VM in this subnet without issue. However, when I try to deploy a scale set to the same subnet, I am faced with the following…
Aakash Sheth
  • 330
  • 3
  • 10
2
votes
2 answers

Limiting access to azure key vault

I want to create an Azure key vault with fairly restricted access (one or two of our apps). I've created the Key Vault through the Azure portal, but when I look at the Access Control section, I find that several Apps and Users have the Contributor…
Jacob Soderlund
  • 345
  • 1
  • 9
2
votes
1 answer

RBAC access to Azure Storage - preview roles not acting as expected

I'm trying to give our operations team read-only access to a storage account containing log files. I'd like to be able to give them the right to enumerate containers and read blobs. Ideally that would be the extent of their access. There are a…
Josh
  • 4,009
  • 2
  • 31
  • 46
1
vote
1 answer

Authorization Issue during Azure Deployment: 'Microsoft.Authorization/roleAssignments/write' Permission Error

I'm encountering an authorization issue while attempting to deploy a resource in Microsoft Azure. The deployment is failing with the following error message: Error the setup.ps1 file that I ran…
zineb98
  • 11
  • 1
1
vote
1 answer

Get-AzRoleAssignment : Scope '/subscriptions' should have even number of parts

Actually, I trying to run below PowerShell script which will tell me about the Role Assignments in my Azure Subscription:- $tenantId = "xxxxxx" $subscriptionId = "xxxxxxx" # Log in to Azure withtenant and subscription IDs Connect-AzAccount -Tenant…
Dheeman Das
  • 11
  • 2
1
vote
1 answer

Azure multi subscription RBAC for a service princpal

I have 2 Azure subscriptions. Subscription_1 is used to create a VNET/SUBNET. Subscription_2 is used to create a VM inside that VNET. To do the deployment, I am creating 2 Services principals. SPN_1 will deploy the VNET/SUBNET. SPN_2 will deploy the…
MouIdri
  • 1,300
  • 1
  • 18
  • 37
1 2
3
17 18