Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
1
vote
1 answer

Run ADF pipeline without assigning 'Contributor' role at subscription level

Appreciate for your advice if there is other approach i could try out.. I would like to run the ADF pipeline via RestFul API / .Net SDK and I have followed through the Microsoft tutorial for this. Microsoft Run ADF Pipeline link via Restful /…
Chooi Ling Si Toh
  • 55
  • 1
  • 8
1
vote
1 answer

How can i do the Role Based Access Control in Azure Kubernetes Service?

I deployed my application pods in azure kubernetes service through VSTS. I have idea on kubernetes with RBAC on on-premise cluster through create users. Now what i want to do is like create some roles and assign different permissions on kubernetes…
BSG
  • 673
  • 2
  • 13
  • 33
1
vote
3 answers

Is it possible to give permissions to create Azure Resource Groups through AAD without RBAC?

I understand you can assign 'Contributor' RBAC role on the Subscription level to give a user permission to create Resource Groups. However, is there a way to give that permission through AAD (Administrator role assignment)? Or any other way? I am…
Gadam
  • 2,674
  • 8
  • 37
  • 56
1
vote
1 answer

Azure Logic App -Can this Custom RBAC rule be created?

Can a Azure RBAC custom rule be set up so that the Role can ONLY Resubmit an earlier Logic App Run BUT not Modify the workflow via Designer oor otherwise ?
GilliVilla
  • 4,998
  • 11
  • 55
  • 96
1
vote
1 answer

Azure Policy not denying Custom Role creation

I am currently helping investigate adopting Azure for my organization's public cloud. One of the tasks I have been assigned is locking down accounts to prevent users from being able to elevate their permissions within a subscription. One of the…
hpoe
  • 642
  • 5
  • 10
1
vote
1 answer

Microsoft Graph list RBACRoleAssignments by resourceScope

I would like list roleAssignments of a group with GraphAPI. But I only see an API to list whole roleAssignments. I tried to filter by resourceScopes/scopeMembers using $filter clause but it's not working. Should I filter this whole list myself or…
dongseok0
  • 737
  • 2
  • 7
  • 18
1
vote
1 answer

Azure RBAC and Azure IAM

A user should be able to read a resource group. Not allowing the user to create/delete a resource group. i. I have created a custom role using json script with the following permissions: Actions:…
Madhur Asati
  • 185
  • 3
  • 13
0
votes
0 answers

How to refresh AKS RBAC role assignment?

I depoloyed this rbac manifest to cluster: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: rbac-reader subjects: - kind: Group name: AKS_READER roleRef: kind: ClusterRole name: view apiGroup:…
Michael
  • 169
  • 2
  • 2
  • 16
0
votes
1 answer

UserErrorMissingPermissionsOnSecretStore: Missing permissions to read the Key vault secrets

Hi I am creating vault back up for postgres database in azure. I deployed my terraform scripts as below. resource "azurerm_data_protection_backup_vault" "abc-backup-vault" { name = "abc-backup-vault" resource_group_name =…
Niranjan
  • 63
  • 5
0
votes
1 answer

Custom Role Permission to allow read on Azure storage account Queue

User has been assigned a custom role with below Actions on an Azure storage account but user sees This request is not authorized to perform this operation: { "id": .., "properties": { "roleName": "ContributorBPMD(custom)", …
Rajesh Swarnkar
  • 601
  • 1
  • 6
  • 18
0
votes
1 answer

Is there a way to create alerts for logs in Directory log in Azure Monitor?

I am trying to create an alert for the specific "Assigns the caller to User Access Administrator role" log entry in the Azure Monitor Directory log section, so that when it is triggered, I can send an e-mail to a specific address. However, whenever…
MarcosHT503
  • 3
  • 2
0
votes
1 answer

Impossible to remove Tenant's wide azure policy despite Global administrator role

I am trying to remove an Azure Policy and the delete button is grey out despite my user having Global administrator permission. I can't find any information on Microsoft documentation about the role required. Any idea ? The policy is on the location…
Vincent
  • 17
  • 5
0
votes
1 answer

Can't create Azure Management Group using bicep

I'm trying to create Management Groups using the Azure Landing Zones bicep template as follows: az deployment tenant create --location westeurope --template-file managementGroups.bicep However, I'm getting the following error: The client 'xxx'…
filip
  • 1,444
  • 1
  • 20
  • 40
0
votes
1 answer

Can I restrict an owner of a group to only add members but not new owners?

Is there a way to restrict owner of groups from adding new owners? Would like them to only have the ability to add/remove members. We have restricted regular users from using our admin portals, so the owners are using…
George
  • 1
  • 1
0
votes
1 answer

Cannot Create Azure AKS Namespace with Azure Kubernetes Service RBAC Admin role

I've deployed an Azure Kubernetes Service with the Azure AD authentication with Azure RBAC Authentication mode configured. I have given myself the Azure Kubernetes Service Cluster Admin Role Azure Kubernetes Service RBAC Admin - roles. And with…
Zander Fick
  • 106
  • 1
  • 9
1 2 3
17 18