Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
711 questions
3 answers
Intune - Limit role to add/remove devices to groups
Hi everyone, I am trying to figure out how to limit the permissions in Intune just to add and remove devices to groups. Any groups would be fine, a specific subset of groups would be better. For the moment I tried: Azure roles: Cloud Device…
asked 2021-03-05T11:51:51.023+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 14.000000000000002%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)
Yop
81
Reputation points
commented 2021-08-23T05:49:16.667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Crystal-MSFT
45,736
Reputation points Microsoft Vendor
1 answer
Does Azure custom role needs additional assignment other than defining assignable scopes.?
Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups
asked 2021-08-05T13:25:54.397+00:00
Anudeep Duddu
21
Reputation points
commented 2021-08-12T07:57:12.65+00:00
AmanpreetSingh-MSFT
56,486
Reputation points
1 answer
Create Custom RBAC Role to manage PostgreSQL DB
Hello all, I am looking to see if anyone can assist with implementing custom role based access control. My understanding is the Custom RBAC can only be created using portal, Powershell, CLI and REST API. Maybe I am getting it all wrong together. …
asked 2021-08-05T06:04:17.157+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 37%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AzureLearner
1
Reputation point
answered 2021-08-06T10:29:09.777+00:00
Stanislav Zhelyazkov
21,936
Reputation points MVP
3 answers
One of the answers was accepted by the question author.
No Permission to copy keys when using RBAC to replicate between sites
Hi! I am trying to copy keys from one vault to an other to be able to decrypt disks in case we need to use site recover. I am using the following method …
asked 2021-07-14T08:25:54.163+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 34%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Andreas Svensson
21
Reputation points
accepted 2021-08-02T12:59:51.837+00:00
Andreas Svensson
21
Reputation points
0 answers
How to configure .NPMRC file with out auth token and email in azure pipeline to install private npm packages
please hep me to configure .NPMRC file with out auth token and email in azure pipeline to install private npm packages. in npmrc i have registry and always auth=true. While we are running locally with token and email its working. but in azure how…
asked 2021-07-29T07:18:37.703+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 97%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
S, Mohankumar
1
Reputation point
commented 2021-07-30T01:40:33.647+00:00
Candy Luo
12,686
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Do multi-tenant applications gives ability to manage resources of users' accounts(tenants) individually by their own?
I want to create an application using java sdk that can create storage accounts on azure cloud. So currently I'm using tenant_id, client_id, client_secret and subscription_id for get the access to the user tenant. My current approach is to do this by…
asked 2021-07-08T10:58:58.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 42%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sashin Sahasra
21
Reputation points
commented 2021-07-26T12:03:23.653+00:00
Sashin Sahasra
21
Reputation points
1 answer
One of the answers was accepted by the question author.
How can I remove duplicates assignment roles in subscriptions?
How can I remove duplicates assignment roles in subscriptions? I have a few scopes - inherited (subscription) and this resource. How can better do remove duplicate with scope "this resource" or scope inherited? How can I recognize these…
asked 2021-07-13T13:04:00.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 55.00000000000001%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
asemencha
21
Reputation points
commented 2021-07-15T16:44:31.45+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
0 answers
How to get group/role claim in ID token from Azure B2C?
I followed these steps to get a custom claim in ID token with name 'extension_6de6a54XXXXX4560b9d65731ce869be4_Role'. But, my expected output is 'groups' claim or 'role' claim information. I tried customMappingPolicies to map this ID token claim…
asked 2021-04-13T11:19:04.937+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 78%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shubham Singh
1
Reputation point
commented 2021-07-13T12:04:02.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 93%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKB%3C/text%3E%3C/svg%3E)
Karina Borlaug
1
Reputation point
1 answer
While designing for the migration solution form AWS. What is the cost benefits MS provide
While designing for the migration solution form AWS. What is the cost benefits MS provide
asked 2021-06-17T06:03:49.353+00:00
mahendra gagrani
1
Reputation point
answered 2021-07-09T13:11:06.727+00:00
mahendra gagrani
1
Reputation point
3 answers
One of the answers was accepted by the question author.
Create a CosmosDB Role Assignment using an ARM Template
I am trying to create a Cosmos DB Role Assignment using an ARM Template. ALl examples I found are creating the role assignments as a child resource of the cosmos account inside the arm template. Nevertheless, I thought it must be possible to have the…
asked 2021-07-05T14:15:38.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 46%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marco Papst
31
Reputation points
accepted 2021-07-09T10:51:09.167+00:00
Marco Papst
31
Reputation points
0 answers
Able to list collections but not query a collection with Cosmos DB REST API
As a follow-up from this (thank you @Anonymous ), I'm able to get a list of collections, but following these instructions I'm not able to query against a particular collection: var url = …
asked 2021-07-03T00:46:43.517+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 94%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
James G Foster
46
Reputation points
commented 2021-07-08T18:09:15.263+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 44%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Saurabh Sharma
23,781
Reputation points Microsoft Employee
1 answer
Can Azure resources in subscription access one another, by default?
I am from AWS background and recently started working on Azure. In AWS, you need to assign IAM role to a resource to allow it to access another resource. Do we have something similar in Azure also? Or, can all Azure resources in a subscription access one…
asked 2021-06-28T08:58:36.047+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 42%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Santanu Dey
1
Reputation point
commented 2021-07-07T23:46:48.307+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
Microsoft Graph API permissions not works, but yes Azure Active Directory Graph
Hi, We have configured an app registration in our Azure AD, and we tried added some API permissions to know what we need to execute: az ad app update --id xxx --add replyUrls "https://example.com/testing/" We realized that the right…
asked 2021-06-22T12:03:01.553+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 87%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Luis Sanchez
1
Reputation point
commented 2021-07-01T04:59:53.907+00:00
AmanpreetSingh-MSFT
56,486
Reputation points
1 answer
One of the answers was accepted by the question author.
RBAC on Office 365
Hi! Is there a way to create a RBAC to allow a group of users to manage only one specific license on Office 365 portal? I know that there is the License Admin role, but it allows a group of users to manage any license. I needed to narrow that power…
asked 2021-06-27T17:27:34.117+00:00
Vandrey Trindade
86
Reputation points
commented 2021-06-28T13:46:57.203+00:00
Vandrey Trindade
86
Reputation points
1 answer
Azure Function to download blobs with OAuth token
I have a huge set of PDFs that are stored on a blob container (let's call it demo_container) , within each pdf file there are links to other pdfs (links are redirecting to the blob also). i'm looking for a way to make sure that links will work only if…
asked 2021-06-11T14:30:32.817+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 94%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)
Benmehidi, Hamza (TI-CSTI)
1
Reputation point
answered 2021-06-25T14:11:13.933+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 68%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JayaC-MSFT
5,526
Reputation points
0 answers
How to add a new user to azure directory with "Owner" role at root (/) scope
How can we add Owner role for a user with root level scope ? When trying with command - az role assignment create --role 'Owner' --scope '/' --assignee-object-id <user-object-id> , following error is seen - The request did not have a…
asked 2021-06-15T06:52:47.127+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 69%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
Rabia Mehta
11
Reputation points
commented 2021-06-23T07:37:36.69+00:00
Rabia Mehta
11
Reputation points
3 answers
how to set access permissions for azure blob storage container at folder (prefix) level
How do I set access permissions for entire folder (theoretically prefix) in storage container? Example; I have 2 folders (containing many subfolders/objects) in single container(let's call them folder 'A' and 'B') and 4 members in project team. All 4…
asked 2020-06-18T18:15:30.85+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 16%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Alex, Alexon
71
Reputation points
answered 2021-06-22T20:50:51.143+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 74%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Kaniganti, Sushma
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Can client id and client seceret can be same for all subscriptions under tenant ?
Our organisation have one tenant and multiple subscriptions under it . so can we have same application id for all subscriptions under tenant?
asked 2021-06-22T05:38:57.163+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 87%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Deepak Patil
41
Reputation points
commented 2021-06-22T09:26:19.327+00:00
Deepak Patil
41
Reputation points
1 answer
Custom RBAC
Can we create a custom RBAC role that has permissions to a specific resource group name in all subscriptions under the same management group but not to anything else within the subscription
asked 2021-06-21T16:10:46.987+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 9%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
Praveen Tiwari
1
Reputation point
answered 2021-06-21T18:50:33.657+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT
36,151
Reputation points Microsoft Employee
1 answer
is there a way to restrict access to set of users to open my single page application?
I have an static app and I would like to restrict access to my page, I want just a group of users can open my page, how can I do that?
asked 2021-06-12T14:24:38.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 61%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJL%3C/text%3E%3C/svg%3E)
Junior, Leonaldo Barbosa Da Silva
1
Reputation point
commented 2021-06-20T01:30:14.747+00:00
Junior, Leonaldo Barbosa Da Silva
1
Reputation point