Needed Permissions to deploy to Azure Spring Apps

Daniel Fenz 20 Reputation points
2023-09-14T14:59:58.0366667+00:00

I have a Azure Spring App instance with a running deployment that I created with the az CLI.

I created a Service Principal for the Resource Group with the Role 'Azure Spring Cloud Config Server Contributor'

My problem is that deployment failed in my CI environment with this error message

Message: The client '<id>' with object id '<id>' does not have authorization to perform action 'Microsoft.AppPlatform/Spring/apps/deployments/read' over scope '/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AppPlatform/Spring/<service-name>/apps/<app-name>/deployments/default' or the scope is invalid. If access was recently granted, please refresh your credentials.

But I can't find a role with the action Microsoft.AppPlatform/Spring/apps/deployments/read in the Built-in Role definition.

Do I really have to make my service prinicple Contributor?

Azure Spring Apps
Azure Spring Apps
An Azure platform as a service for running Spring Boot applications at cloud scale. Previously known as Azure Spring Cloud.
124 questions
Accepted answer
  1. MuthuKumaranMurugaachari-MSFT 22,321 Reputation points
    2023-09-14T17:44:32.19+00:00

    Daniel Fenz Thanks for posting your question in Microsoft Q&A. As you mentioned, Azure Spring Cloud Config Server Contributor role didn't have Microsoft.AppPlatform/Spring/apps/deployments/read permission and only have the permissions to read, write, delete config service as the following:

    User's image

    Also, currently, there is no built-in role available with that permission. In general, we recommend creating a custom role with needed permissions following the principle of least privilege (reference doc). The doc: How to use permissions in Azure Spring Apps will help you create a custom role for different scenarios such as Developer, DevOps etc. and you can adopt based on your need. For the full list of permissions, check out Microsoft.AppPlatform doc with description about the permission action.

    To submit a feature request or provide feedback to our product team, go to Azure Feedback and others with similar interest can upvote your idea too. I hope this helps and let us know if you have any questions.

    If you found the answer to your question helpful, please take a moment to mark it as "Yes" for others to benefit from your experience. Or simply add a comment tagging me and would be happy to answer your questions.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.