Stack Overflow
Stack Overflow

Questions tagged [azure-rbac]

Topics relating to Azure Role Base Access Control

264 questions
6
votes
2 answers

Azure SQL Permissions: How to allow using Query Performance Insight, but not changing settings such as the pricing tier?

I would like to give our team members the necessary permissions to use the Query Performance Insight feature for an Azure SQL database, including the possibility to see the query text of long-running queries. They already have "Reader" and…
Fabian Schmied
  • 3,885
  • 3
  • 30
  • 49
6
votes
4 answers

Azure Service Bus - Unauthorized access. 'Send' claim(s) are required to perform this operation

I am trying to access Azure Service Bus Queue from my Windows Service application. I am following this sample. I want to protect this Azure Service Bus using Azure Service Principal Below are the steps I have implemented Register an application…
user2243747
  • 2,767
  • 6
  • 41
  • 61
5
votes
1 answer

How to deal with multiple APIs with Azure B2C

I need assistance to understand the how Azure B2C can work in case if multiple APIs are required. We have in this sample: https://api01.azurefunction.com/ https://api02.azurefunction.com/ https://app.azuresites.com/ B2C…
Dmitriy Sosunov
  • 1,075
  • 3
  • 10
  • 25
4
votes
2 answers

Enable rbac and aad on existing aks

I have created Azure Kubernetes Cluster, However RBAC and AKS-managed Azure Active Directory are disabled, i want to enable both, but unable to do so Environment : Azure AKS Cluster v1.19.11 I have tried command to enable rbac & aad $ az aks…
Satyam Pandey
  • 593
  • 2
  • 10
  • 32
4
votes
2 answers

Error while trying to assign a custom role "Secret Reader" to an object ID for an Azure Key Vault

Can anyone tell me why i am getting this error while trying to run this command and assign a custom role "Secret Reader" to a guest account Object Id : az role assignment create --role "Secret Reader" --assignee-object-id…
Pallab
  • 1,915
  • 2
  • 19
  • 46
4
votes
1 answer

Use Azure Python Function and Managed Identity to Download from Storage Account

I've created an Azure Function called "transformerfunction" written in Python which should upload and download data to an Azure Data Lake / Storage. I've also turned on System assigned managed identity and gave the function the role permissions…
Christian Vorhemus
  • 2,396
  • 1
  • 17
  • 29
3
votes
1 answer

Is a user with "Contributor" and "User Access Administrator" roles same as a user with "Owner" role?

So we have got 3 built-in roles: Owner, Contributor and User Access Administrator. Considering a Contributor can do everything in an Azure Subscription except RBAC role assignment and a User Access Administrator can do RBAC role assignment, can we…
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
3
votes
1 answer

Azure RBAC and AKS not working as expected

I have create an AKS Cluster with AKS-managed Azure Active Directory and Role-based access control (RBAC) Enabled. If I try to connect with the Cluster by using one of the accounts which are included in the Admin Azure AD groups everything works as…
Mike
  • 45
  • 1
  • 5
3
votes
2 answers

What permission is required to remove or add resource lock for Azure SQL with Terraform on Azure Pipeline

I have prod subscription where deploying pipeline fails because of permission missing. My Azure AD user have no permission to create or remove locks of Azure SQL. I wonder what and how to configure user permission so that Azure Pipeline can create,…
Kenny_I
  • 2,001
  • 5
  • 40
  • 94
3
votes
1 answer

Incremental redeployment of an ARM Template with Role Assignments throws an error

If I use Azure Pipelines to do an 'Incremental' 'Resource Group' scoped deployment of an ARM template containing Role Assignments, it seems I can't rerun/redeploy the pipeline without receiving an error on the Role Assignment…
JohnKoz
  • 908
  • 11
  • 21
3
votes
2 answers

How to find an identity by client id in Azure?

I have an application (AWX) with a script that is trying to perform an action in Azure (add tags to a vm). In AWX, I get the following error, apparently from Azure: msg: "Error retrieving resource group usw-sys-rg-001 - The client '9d...27' with…
208_man
  • 1,440
  • 3
  • 28
  • 59
3
votes
1 answer

Azure Default Reader vs Built-in Monitoring Reader

I am trying to setup narrow down the best possible role for monitoring data from security perspective. My needs are slightly different so I don't want to use the Security Reader role (mainly because security reader only has access to the security…
Saubhagya Srivastava
  • 174
  • 1
  • 11
3
votes
1 answer

Implement RBAC for Azure Blob Storage using an account in different Tenant?

I'm setting up Role-based access control for our Blob storage in Azure. Integration with AD is already available. However, I want to use a separate account's AD to access the blobs.Is it possible? and if so, how? This is how it was set up so…
Eiffel 65
  • 83
  • 1
  • 5
3
votes
2 answers

Microsoft Azure Operations are Missing from RBAC

What happened to the 'Microsoft.RecoveryServices/Vaults/backupJobsExport/operationResults/read' 'Microsoft.RecoveryServices/Vaults/backupManagementMetaData/read' operations in Azure? They exist in this…
user1951756
  • 471
  • 1
  • 8
  • 23
3
votes
3 answers

Azure Resource Group Access

How to restrict a user from accessing specific resource groups? For example, I have 10 resource groups in a subscription out of which the user should be able to access only 3 resource groups where the user can do their operations.
Madhur Asati
  • 185
  • 3
  • 13
1
2 3
17 18