Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
709 questions
2 answers
One of the answers was accepted by the question author.
Azure B2C approles and permissions
Hi, Is there a way where I can define application roles AND also what each role can actually perform? I see we can define approles in the manifest, but what about roles permissions. So that in my application I can like enable/disable UI element…
asked 2020-08-06T18:59:51.427+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 84%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
bdiddy
171
Reputation points
commented 2021-06-09T18:48:09.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 13%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Muqaddas Mehmood
1
Reputation point
2 answers
Azure – Access Control (IAM): Invisible custom roles
In Azure, I was playing with custom roles, I created some then I deleted them. I saw them in the listing at Subscriptions>#######>Access Control (IAM)>Roles where I used the type filter to make it show only the custom roles. They were…
asked 2021-04-14T14:43:33.273+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 3%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESJ%3C/text%3E%3C/svg%3E)
Somogyi János
6
Reputation points
commented 2021-06-09T15:53:54.127+00:00
Siva-kumar-selvaraj
15,596
Reputation points
1 answer
One of the answers was accepted by the question author.
What RBAC role is needed to access the Networking blade in Azure Kubernetes Service?
I'm trying to allow a user access to the Networking blade of an AKS cluster in order to update the API server IP allowlist. As a manner of debugging, I've given this user the Owner role across the containing resource group and the cluster, but the user…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 88%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
0 answers
correct flow of authentication in flask api and angular frontend
Hello, i have an angular SPA as a frontend of an API written with flask. I want to protect my API with login with microsoft accounts of my organization. What is the best way to do that? I tried to authenticate in angular and then send the…
asked 2021-05-13T07:34:19.657+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 75%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDA%3C/text%3E%3C/svg%3E)
Ducci Alberto Duccio
1
Reputation point
commented 2021-06-06T18:09:03.427+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 65%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Surabhi Mathur
1
Reputation point
2 answers
Devops Access in Azure AD
One of the developers reached out sending me the first error.I assigned him "App Developer" role but it generates a new error now,any advice will be helpful.
asked 2021-06-02T17:48:58.163+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Ankita Aparajita
1
Reputation point
answered 2021-06-02T18:14:53.873+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Michael Taylor
50,586
Reputation points
2 answers
One of the answers was accepted by the question author.
Is there a way to prevent external invited users from being in IAM roles on a subscription?
Looking to see if it's possible to prevent/block guest accounts from IAM roles on a subscription.
asked 2021-05-20T14:28:24.813+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF4%3C/text%3E%3C/svg%3E)
FrankM-482
21
Reputation points
accepted 2021-06-02T14:31:16.777+00:00
FrankM-482
21
Reputation points
0 answers
Cannot access App Service Logs blade as Owner
I'm assigned as Owner to a resource group. No deny assignments are defined. When opening Logs blade of an App Service in that resource group I get an error You do not have authorization to access this resource.…
asked 2021-05-28T09:30:45.947+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 48%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Mike Koder
1
Reputation point
commented 2021-05-28T21:11:30.017+00:00
Ryan Hill
26,866
Reputation points Microsoft Employee
2 answers
Send Event to Event Grid Topic from ADF Web activity using Managed Identity
Hello! I wish to send an event from ADF "Web" Activity to event grid topic. I managed to do it with sending "aeg-sas-key" from web activity as documented here. However, when I tried to achieve the same through ADF Web activity…
asked 2021-05-20T14:34:35.41+00:00
Harsh Ghatge
1
Reputation point
commented 2021-05-28T16:50:15.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHM%3C/text%3E%3C/svg%3E)
HimanshuSinha-msft
19,376
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Enteprise access model, tier level classification of administrators
I am currently setting up the Enterprise Access Model recommended by Microsoft. In the documentation of Privileged Access Groups, I am wondering what is meant by "Tier 3 Office Admins". Does the tier refer to the administration level or to the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
1 answer
What are the minimum permissions required to create a budget?
I'm trying to create a minimal CustomRole for running terraform on my hobby project. One of the first things I'm trying to automate is the creation of a Budget so that I can be sure I get alerted before spending too much money. The terraform provider…
asked 2021-05-18T21:13:21.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 6%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Jonathan Share
6
Reputation points
commented 2021-05-25T20:39:42.67+00:00
olufemia-MSFT
2,861
Reputation points
1 answer
Microsoft Azure Cloud service management API fails with 401: Unauthorized error?
We are integrating the Role Assignments - List API from Microsoft Azure Cloud Management APIs, Link to documentation: https://video2.skills-academy.com/en-us/rest/api/authorization/roleassignments/list#errordetail We have done all of the configs mentioned:…
asked 2021-04-12T12:40:21.323+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 34%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPJ%3C/text%3E%3C/svg%3E)
Prashant Jagadale
1
Reputation point
commented 2021-05-11T15:57:47.27+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Global reader unable to view any environment in admin.powerplatform.microsoft.com
We have PIM enabled and a user is enabled with Global reader access. User is able to access all other admin centers like exchange and can view the configuration but no configuration like environments, capacity is visible in powerplatform admin center. Is…
asked 2021-05-07T08:23:39.297+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHS%3C/text%3E%3C/svg%3E)
hitender singh
126
Reputation points
commented 2021-05-10T07:10:59.89+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 15%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
singhh-msft
2,431
Reputation points
1 answer
Group multiple managed identities into one group for role-assignment
Hi, I have a use case that I would like to check if it's possible to implement on our environment: We are using a lot of logic apps (playbooks) which needs an access to a specific storage account in the same resource group. I want to implement a…
asked 2021-04-26T17:30:11.77+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 55.00000000000001%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
Sagi Yagen
1
Reputation point
answered 2021-04-27T07:43:23.92+00:00
Pramod Valavala
20,606
Reputation points Microsoft Employee
1 answer
We are looking for create a global read custom role at Root management group level
We are looking to create a global read custom role at Root management group level, we have elevated the access in one account but i can not see the option on the portal to create a custom role at this level. Can you please let me know if this is…
asked 2021-04-15T01:33:35.637+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 16%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AzCoAdmCore03
1
Reputation point
answered 2021-04-20T21:39:28.06+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
How to apply azure policies as per AKS RBAC managed by Active Directory?
Team, We have 3 level of AD roles in Azure kubernetes. Admin --> created while making the cluster SRE --> Have almost 85 to 90% control on AKS. DEV user-> Have less control and only able to work in their specific namespace. Now…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
0 answers
How to Manage Role Assignment and API Permissions?
I have an application that will consume my API service and I encountered issues regarding the approval. My request to consume the API service did not reflect to the approval page. The assessment is, the API service has given lots of permissions and roles…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 57.00000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
1 answer
Roles to be requested for a security assessment
I'm trying to figure out the exact privileges to ask for when a customer needs to create an account on their Azure AD tenant during a security audit. I have identified the roles: "Security Reader" which allows access to the CSA ; …
asked 2021-04-06T15:40:51.79+00:00
ABITBOL Ilan
1
Reputation point
answered 2021-04-19T20:48:05.237+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
In Azure, Could the user administrator have permissions to manage MFA?
For Example: Could user administrator add security questions to the reset process?
asked 2021-04-14T02:47:05.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 97%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELV%3C/text%3E%3C/svg%3E)
Lam Vinh Khang
46
Reputation points
commented 2021-04-15T02:06:45.847+00:00
Lam Vinh Khang
46
Reputation points
1 answer
One of the answers was accepted by the question author.
Customer wants to ensure security of their Tenant-data and they want to ensure they have only access.
Azure Plan (Tenant) --Subscription 1 Provider (CSP) and customer both have access --Subscription 2 Provider (CSP) and customer both have access --Resources Group Only Customer has access Customer wants to ensure security of their data and they want to…
asked 2021-03-23T08:10:58.607+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 8%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Atiqur Chowdhury
31
Reputation points
accepted 2021-03-31T05:09:45.223+00:00
Atiqur Chowdhury
31
Reputation points
1 answer
Control who logs into VMs via Azure AD Domain Services
Looking at setting up Azure AD Domain Services for several VMs in Azure (include 2 SQL Servers in a cluster for Availability Groups). If we do that how can we control which people from the AAD can log into the machines - is that just done by making an…
asked 2021-03-22T09:30:00.397+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Nigel Morse
191
Reputation points
answered 2021-03-30T21:26:51.293+00:00
JamesTran-MSFT
36,531
Reputation points Microsoft Employee