Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
1
vote
1 answer

Azure - should the creator of a resource have owner rights?

If an Azure user has Contributor rights to a Subscription and they create a resource under that subscription e.g. a Storage Account. Should that user be automatically granted owner rights over the resource? They would then be able to manage who has…
Caleb Seadon
  • 684
  • 8
  • 18
1
vote
0 answers

List Azure Resources RBAC Assignments Showing Eligible/Active

Via PowerShell or API, is there a way to recursively or non-recursively list role assignments for azure resources at (a) given scope(s) and show whether the role assignment is Eligible or Active? The results need to be exportable to a csv file.
Bandz
  • 253
  • 4
  • 15
1
vote
1 answer

Is it possible to use RBAC to allow read only access to an App Service's Application Settings?

I would like provide read only access to an the Application Settings of an app service. Specifically by Application Settings of an App Service, I'm referring to the 4 tabs that appear when you open an App Service in the portal and select…
Andy Palmer
  • 75
  • 1
  • 7
1
vote
0 answers

Azure Data Explorer Minimum Permissions to View Function Output

I have an Azure Data Explorer/Kusto function that I would like to give access to, but I don't necessarily want to give access to the full tables or databases the function utilizes. I've seen this Role-Based Auth article and see Function Admin, but…
Jacob S
  • 11
  • 2
1
vote
0 answers

How do you use System-assigned managed identity? ManagedIdentityCredential: The managed identity endpoint is indicating there's no available identity

I a resource Azure Media Service and an Azure Web app service. What I am trying to do is turn the web app's identity into a system assigned identity. I get this error ManagedIdentityCredential: The managed identity endpoint is indicating there's no…
Christian Matthew
  • 4,014
  • 4
  • 33
  • 43
1
vote
1 answer

The client XXX does not have authorization to perform action over scope or the scope is invalid

I created an Azure AD Application added user_impersonation permission and generated access token using the https://management.azure.com/.default scope https://login.microsoftonline.com/XX/oauth2/v2.0/token client_id: client_secret: …
Graffy Naresh
  • 17
  • 5
1
vote
1 answer

How to Redirect automatically to a page/path on login - MSAL React SPA

I am working on a single page application (SPA) app that grants access to specific paths in the application, based on roles setup in Azure AD for the user logging in. As per this…
Skadoosh
  • 699
  • 2
  • 11
  • 27
1
vote
1 answer

Any graph api call to create Azure b2c tenant

We want to create Azure b2c tenant using Graph api. We tried searching in Internet and got how to create b2c tenant from portal. This is the reference we found: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant But…
Suvmam950
  • 25
  • 5
1
vote
1 answer

Is there any chance to extract specific permissions from few roles and create a new role with them

I want to create custom Azure role by extracting few properties from couple of roles like User Administrator and Application Administrator. I saw few blogs and articles on creating custom RBAC role but my need is for Directory roles. Permissions…
Sanam7
  • 21
  • 5
1
vote
2 answers

Azure Data Factory - read only custom role

We'd like to give support personnel Read Only access to Azure Data Factories so they can troubleshoot issues. Following this guide I was able to create a custom role that mostly does the trick but on further review I can see that the user granted…
mac
  • 307
  • 2
  • 17
1
vote
1 answer

What Azure RBAC API to use for getting roles for a specific user?

Does the service offer a specific API for getting a role assignments for a user and not for a resources group/resource? In a previous question that was asked here,are there any plans to make the CLI response and the API similar regarding getting…
Moris
  • 135
  • 11
1
vote
1 answer

Azure AD Custom Role for Application Admin Role Assignment

My requirement is I need to add users/applications to Application Administrator Role. As per the ms design, only Global Admin has permission to add assignments to this role. But I don't want to give the Global Admin to many members rather, I'm…
Jayendran
  • 9,638
  • 8
  • 60
  • 103
1
vote
0 answers

Not able to read/write in the AKS Cluster even after assigning Azure Kubernetes Service RBAC Writer role to the cluster

I have a user named rbacWriterAndConsoleNsReader in my azure portal and assigned him Azure Kubernetes Service Cluster User role and Azure Kubernetes Service RBAC Writer role (scope= full cluster) But when I try to list namespaces or even pods, it…
Mayank
  • 11
  • 1
1
vote
1 answer

Azure role assignment precedence

Lets say a user has below role structure assigned. Contributor at Subscription scope Reader at a Resource group scope. This resource group is inside subscription. Cosmos DB Account Reader role on cosmos db which is inside the Resource group in…
Venkata Dorisala
  • 4,783
  • 7
  • 49
  • 90
1
vote
3 answers

How is everyone doing Azure RBAC as Code?

I was wondering how everyone is handling RBAC at scale. We have AD groups that map to our Azure RBAC roles but everything is pretty much done via the portal. Has anyone successfully used a pipeline and Bicep/ARM/Terraform to deploy all role…
EG92
  • 75
  • 1
  • 7
1 2 3
17 18