What Azure role assignments would i need to allow a dba permissions to manage Azure SQL resources including storage accounts?
I am looking at assigning role assignments to a DBA to manage Azure SQL resources from the Azure Portal including managing a specific storage account. Currently, the permissions are set as follows: Contributor Reader SQL Security Manager …
azure owner roles issue
Hi Team, accidentally i was deleted my owner role attached to the my subscription . and now i am unable to perform operations in my account. could you please help me on this issue
Authorization for shared key access is denied
I have deployed a webapp in azure , I have created a datasource with connection string and its created. While creating indexers and saving it, facing error that Connection string is invalid. In storage account I am getting a warning like…
Azure Policy: check subscription role assignments
Hi everyone We have different types of users in our Azure AD. Only a certain subset of them are allowed to administer Azure resources. Those all start with "ACO" or "ACA". We now wish to create an Azure Policy that checks whether only…
Unable to update Azure kusto callout policy
I am trying to update Azure kusto's callout policy using below command: .alter-merge cluster policy callout [{ "CalloutType": "external_data", "CalloutUriRegex": "<
access to azure storage from React App
Hello, We are running a REACT app on an APP service. The APP has a BACK END in TS and a front end in REACT. In our application our customers can create posts with images. These images must be saved in a blob container. I cannot find the best solution to…
Does such a user have access to adjacent sub-resources?
Hi, I have a question about user permissions Can someone please explain me to better understand user permissions: let's say under tenant root group, I create a user1 and management-group1. Under management group1, I create a subscription1 and user2.…
Lighthouse
Hello All, I gave Contributor role (on a subscription) to users via Lighthouse to manage a customer. The users get access with no problem to the customer subscription, can start and stop VM, create a resource group, start and stop backup, etc. The…
"Insufficient privileges to complete the operation" while using Graph API
The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…
How to protect sensitive data in Azure?
I would like to load sensitive data in an Azure Data Lake Storage Gen2. I need to make sure that this data can not be read by the global administrator or any other kind of super user. How can this be realized? I think role-based access control is not…
What is the cause of the following error - "getting assigned identities for pod <namespace>/<pod_name> in CREATED state failed after 20 attempts, retry duration [5]s" , while connecting to IMDS endpoint from a pod in AKS.
I am trying to connect to Azure Key vault via user assigned managed identity from a pod of AKS. I have provided the necessary RBAC role to the identity. I have created Azure Identity and Azure Identity Binding. I have updated my deployment with…
How to add new field to request member to input in Microsoft Azure Group
Hi, I have situation like this: I have a group of users, with owners and members. The owners can actually add new members (by typing new members' emails) to the group, to see different reports. However, for the new members, we only want them to see their…
Roles required to create Azure support ticket.
Me and my senior have access to same Azure subscription, when i try to create support ticket with the subscription, it is showing we have only basic plan enabled for our subscription so technical support is not enabled for this, but when my senior…
Could you explain how to configure the following virtual machine settings?
To address the tasks you've outlined, here's a structured approach: For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs. To create a…
How to Access APIM API from Azure Function with Managed Identity without OAuth authentication call
I have created a function app to call an API from APIM and I have added security of Auth 2.0 in the API settings. Also I have added Managed identity to the function app , and added that managed identity in APIM IAM to give API Management Service Reader…
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
Identity architecture: Conditional access with MFA
How to use a Conditional Access with multifactor authentication (MFA) in free trial version? Which license are required using Conditional Access? Which better I can use a conditional access under the following web address: - www.portel.azure.com …
Issues with API call to get Azure service tags - Service Tag Discovery API
I am trying to execute API calls to get the Azure IP Ranges and Service Tags – Public Cloud (see link https://www.microsoft.com/en-us/download/details.aspx?id=56519). I was able to setup an Azure account and created an app. I created a Python script to…
Azure portal access invite is failing for READ ONLY user with error 'Invite Redemption failed'
I have invited a user by adding in role based access in Azure portal with read only access. This have generated a meeting invited but while redeeming the meeting invite it is failing with above error. Please help what to check.
Difficulty creating a custom role with specific permissions
Hello, I am trying to create a custom role on the Azure portal that includes a number of permissions from the existing Auth Admin role. However, I cannot find certain permissions such as microsoft.directory/users/authenticationMethods/create,…