azure-rbac

How to assign an application role to a managed identity in the ARM template

拟墨画扇 提交于 2020-12-15 06:18:01
问题 I have the following scenario. My application registration defines a set of application roles I dynamically deploy a scaleset with a System assigned managed identity via ARM template During the deployment i want to assign that identity to one of the specific application role defined above I update my deployment template with the following resource { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2017-09-01", "name": "<random Guid>", "dependsOn": [ "[concat('Microsoft

How to assign an application role to a managed identity in the ARM template

时间秒杀一切 提交于 2020-12-15 06:17:23
问题 I have the following scenario. My application registration defines a set of application roles I dynamically deploy a scaleset with a System assigned managed identity via ARM template During the deployment i want to assign that identity to one of the specific application role defined above I update my deployment template with the following resource { "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2017-09-01", "name": "<random Guid>", "dependsOn": [ "[concat('Microsoft

Azure Policy not denying Custom Role creation

时光怂恿深爱的人放手 提交于 2020-05-30 10:40:39
问题 I am currently helping investigate adopting Azure for my organization's public cloud. One of the tasks I have been assigned is locking down accounts to prevent users from being able to elevate their permissions within a subscription. One of the things in particular I am interested in is denying the creation of Custom Roles, as we don't want people to go and start creating their own roles until the need for the role has been vetted by security. I have been trying to do this via an Azure policy

Azure PowerShell or CLI command to Provide a User with Owner access to a specific Web Application

穿精又带淫゛_ 提交于 2019-12-24 19:52:59
问题 I have around 100 Azure Web Apps and Azure Functions which I created using Azure PowerShell and CLI, now I need to assign Owner Access to these Web Apps to users (Separate users for each Web Apps) I am unable to find any sample for this, most sample are pointing to Assigning Resource Group Level Access, but not to the Specific Resource. The task is achievable in the Azure Portal, just need the PowerShell or CLI command to assign users owner or contributor rights to these specific resources.

Microsoft Graph list RBACRoleAssignments by resourceScope

本小妞迷上赌 提交于 2019-12-13 04:09:50
问题 I would like list roleAssignments of a group with GraphAPI. But I only see an API to list whole roleAssignments. I tried to filter by resourceScopes/scopeMembers using $filter clause but it's not working. Should I filter this whole list myself or is there any other way to do it? 回答1: It seems like you are looking for Azure RBAC role assignments. These are different from what you've linked to, which are Intune device management role assignments (which are specific to Intune RBAC roles). They

RBAC access to Azure Storage - preview roles not acting as expected

元气小坏坏 提交于 2019-12-06 11:45:09
问题 I'm trying to give our operations team read-only access to a storage account containing log files. I'd like to be able to give them the right to enumerate containers and read blobs. Ideally that would be the extent of their access. There are a couple of RBAC roles in preview that looked promising: Storage Blob Data Reader (Preview) is described as "Allows for read access to Azure Storage blobs containers and data" which sounds exactly like what I'm after Storage Blob Data Contributor (Preview

RBAC access to Azure Storage - preview roles not acting as expected

懵懂的女人 提交于 2019-12-04 19:26:24
I'm trying to give our operations team read-only access to a storage account containing log files. I'd like to be able to give them the right to enumerate containers and read blobs. Ideally that would be the extent of their access. There are a couple of RBAC roles in preview that looked promising: Storage Blob Data Reader (Preview) is described as "Allows for read access to Azure Storage blobs containers and data" which sounds exactly like what I'm after Storage Blob Data Contributor (Preview) sounds like read/write to blob accounts Neither of these roles worked for me, however. The operations
订阅 azure-rbac