Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
0
votes
1 answer

Principal does not have permissions to perform "databaseAccounts/readMetadata" on resource "/"

I have a CosmosDB account: az cosmosdb list | jq 'map({"name": .name, "identity": .identity})' [ { "name": "redacted-db-account", "identity": { "principalId": null, "tenantId": null, "type": "userassigned", …
Victor
  • 13,914
  • 19
  • 78
  • 147
0
votes
1 answer

Getting error when copying file from one container to another container in Azure Storage using .Net client library

I am trying to copy a file from one storage account container to another storage account container. Both accounts are public. I am using Microsoft Managed account (Role based access accoount)and I am the owner. From my machine as an admin. I am able…
Jashvita
  • 553
  • 3
  • 24
0
votes
1 answer

Which RBAC role is required to approve a Private Endpoint Connection (on an Event Hub namespace)?

What is the minimum Azure RBAC (built-in) role required to approve a Pending Private Endpoint Connection (on an Event Hub namespace)? So far we managed to do it with Contributor on the Event Hub Namespace but we are wondering if there is a role…
silent
  • 14,494
  • 4
  • 46
  • 86
0
votes
1 answer

What permission are required to view Directory log in Azure?

I am trying to access the Directory activity log in my Azure tenant, but I am getting the error that I don't have permission to view Directory log. I am trying to figure out if anyone know the permission required to view those logs. Also, I am…
Nader Sipahy
  • 1
  • 2
0
votes
1 answer

call azure management rest api through 'client credential' flow

I want to call some Azure management api, such as https://learn.microsoft.com/en-us/rest/api/authorization/role-assignments/create?tabs=HTTP#security but in docs, they mention just 'implicit grant' oauth2 flow. I want to use 'client credential'…
hich9n
  • 1,578
  • 2
  • 15
  • 32
0
votes
1 answer

Can Azure AKS operate on Managed Identities without requiring a Contributor role?

Our enterprise strictly disallows the use of Contributor and a handful of other extremely-powerful RBAC roles in Azure. When I deploy AKS and pre-configure it to use two managed identities, which have been granted all RBAC actions documented per the…
STW
  • 44,917
  • 17
  • 105
  • 161
0
votes
2 answers

Azure Data Factory linked service not working using KeyVault linked service - Secret "NotFound"

I have a Data Factory (live mode) with a KeyVault linked service (Test connection: successful): KeyVault linked service When I try to use this linked service in a new linked service to connect to a SQL Server, it fails to load the secrets in the…
mreyes
  • 1
  • 2
0
votes
1 answer

Apply role to resources based on tags

I have an use case like this: the dev team creates resource groups and resources in it, using azure devops pipelines. One of the pipelines steps, is to assign role to a newly created Key Vault with a newly create web app. I would like to assign a…
Ericsson de Oliveira
  • 1
0
votes
1 answer

App roles & groups claim (emitted as roles) in Azure Active Directory App

I have registered an Azure AD Application with an App role called read. User Principal If a user principal is assigned to the app role read and the groups claim (emit_as_roles enabled) is added in the Azure AD App, only the AAD security groups show…
Johannes Schmidt
  • 371
  • 3
  • 12
0
votes
3 answers

Unable to send email from local machine via Azure Communication Service and using logged-in user's credentials

I am trying to send email using Azure Communication Service and DefaultAzureCredential from my local machine but I am getting the following error: Azure.Identity.AuthenticationFailedException: Azure CLI authentication failed due to an unknown error.…
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
0
votes
1 answer

Why can an Azure application read role definitions without permissions

Microsoft states that Microsoft.Authorization/roleDefinitions/read permission is needed to read RBAC role definition. It is mentioned here https://learn.microsoft.com/en-us/rest/api/authorization/role-definitions/list?tabs=HTTP However I have Azure…
Petr Havlicek
  • 2,051
  • 1
  • 19
  • 25
0
votes
1 answer

Granular Role permissions in Azure AD

I know that Azure AD app roles or group memberships can be used to implement RBAC. Do these two options have a more granular approach to roles? Ex: We have tables called users, locations, teams, skills, campaigns etc and would like to be able to…
Sandeep C
  • 13
  • 3
0
votes
2 answers

Assign subscription owner using arm template

What needs to be changed in the arm template below in order for it to add subscription owner role to the given principal id? The problem we are getting is that the following arm template and invocation command are assigning unintended resource group…
CodeMed
  • 9,527
  • 70
  • 212
  • 364
0
votes
1 answer

Bicep role assignment to storage account in different resource group

I have a devops pipeline that run a "resource group" scoped deployment via "az deployment group create". There is no permission to run deployments at subscription level. My bicep deploys a function app into resource group A. Resource group B…
Rob Bowman
  • 7,632
  • 22
  • 93
  • 200
0
votes
1 answer

Azure Logic App azure_auth - does not have authorization to perform action 'Microsoft.Logic/workflows/listCallbackUrl/action'

The client 'clientId' with object id 'objectId' does not have authorization to perform action 'Microsoft.Logic/workflows/listCallbackUrl/action' over…
Geezer
  • 513
  • 5
  • 17
1 2 3
17 18