Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
1
vote
1 answer

Azure Managed Application role assignment

I need to grant Reader access to my Managed Application outside of the application resource group. The user deploying the app is Owner on the subscription so the deployment should go through but it currently fails because the resource deployment…
Matthieu Maitre
  • 422
  • 3
  • 15
1
vote
1 answer

How to use Azure Cosmos DB REST (Data plane) API with AAD RBAC?

I am attempting to make a REST request following these instructions which states "The Azure Cosmos DB RBAC is currently supported with the 2021-03-15 version of REST API." Yet when I make a request I get the response "Invalid API version. Ensure a…
James Foster
  • 2,070
  • 10
  • 15
1
vote
1 answer

How to get Azure Activity Log Summary with alerts/powershell/cli?

I am currently trying to monitor any RBAC changes that happens in our subscriptions example: John.Doe added Sue.Jones as Reader to Resource Group rg-test. Is there any to achieve what I am trying using powershell/cli/rest. From what I have tried and…
EG92
  • 75
  • 1
  • 7
1
vote
1 answer

Having trouble understanding Azure's Roles JSON

Its just a concept im having trouble understanding with the wildcard * and what that means, so here we have two roles Owner and contributor. "Name": "Contributor", "Id": "b24988ac-6180-42a0-ab88-20f7382dd24c", "IsCustom": false, "Description":…
Mikey
  • 61
  • 1
  • 3
1
vote
1 answer

Adding Support Request Contributor role to subscription

I am setting up an Azure subscription such that users have the ability to open support requests. When I try to add a role I see that all of the options are disabled. Can someone either help me understand what permissions need to be enabled or where…
Evan Gertis
  • 1,796
  • 2
  • 25
  • 59
1
vote
1 answer

Specify Scope in Azure Storage Blob for REST requests while requesting token?

Can anyone confirm that to make a REST requestd to Azure storage we have to do these steps? Create an App Registration and get its client ID and client secret Goto API permissions -> Add permission -> Azure storage, add user_impersonation as API…
Mayank Patel
  • 346
  • 3
  • 18
1
vote
1 answer

Azure RBAC application-insights-component-contributor vs monitoring-contributor

I am trying to understand the overlap between two of those roles in Azure RBAC. Looks like monitor-contributor completely covers application-insights-component-contributor besides "Microsoft.Resources/deployments/*". Considering the following…
Alexey Auslender
  • 402
  • 5
  • 18
1
vote
1 answer

Resolving principal id in Azure AD to User,Service

I am trying to resolve a list of principal ids into the details like name of the user/service. I have the following code - from azure.common.credentials import ServicePrincipalCredentials from azure.graphrbac import GraphRbacManagementClient TENANT…
Steve_Greenwood
  • 546
  • 8
  • 20
1
vote
1 answer

Azure RBAC - modularity and custom roles inheritance

My team and I are handling hundreds of subscriptions that are belonging to different teams. Many of them have different needs in terms of security, services to be used, etc whereas we, as a central platform, also make sure that everyone work with…
Jul_DW
  • 1,036
  • 6
  • 20
1
vote
1 answer

Azure AD Graph vs. MS Graph Application.ReadWrite.All

I have a service principal I've setup for my DevOps pipeline which I use to create service principals/apps for use by services I'm deploying via Azure CLI as follows: az ad sp create-for-rbac --name TestAccount1 --skip-assignment If I assign the…
Simon
  • 1,613
  • 1
  • 12
  • 27
1
vote
1 answer

Azure Create deny but Update Allow

I want to deny creation of VM but allow everything else on that including updating it. I created a custom RBAC role to deny create and allow other stuff, but as I attached a Disk to that VM I was denied because I didn't have permission to Update the…
pranjal munjal
  • 11
  • 1
1
vote
1 answer

Openshift Monitoring with REST_API

I am trying to use Openshift REST-API's to get the status of my cron-jobs. I am the admin of my namespace but I don't have cluster access so I can't do anything on cluster level. Now, to get the status, I am first creating the role : # oc create…
dataplumber
  • 375
  • 3
  • 16
1
vote
1 answer

.NET Core Azure AD App Registration -- Allow access via groups

Background I have a .NET Core 3.1 web site deployed in a docker via Azure Web Apps for Containers. The app is registered with my organization's Azure AD for only our organization, and users must be added to be granted access. The site is working…
SeanKilleen
  • 8,809
  • 17
  • 80
  • 133
1
vote
1 answer

Force all Azure access through Management Groups

We are looking to force all Azure access assignments to go through our management groups instead of at the subscription level. Basically we don't want access to be able to be assigned per subscription and want to block that capability. This way we…
Dylan James
  • 11
  • 1
1
vote
2 answers

Azure Automation - Unable to get AzRoleAssignement

In order to automate some processes, I'm using Azure Automation with Owner rights for RunAsAccount. $connection = Get-AutomationConnection -Name AzureRunAsConnection while(!($connectionResult) -And ($logonAttempt -le 10)) { $LogonAttempt++ …
Makram
  • 834
  • 2
  • 9
  • 21
1 2 3
17 18