Custom roles are not returned when i query a users memberof endpoint in graph api
Hi, I have used graph api users memberOf endpoint to get the roles assigned for a user . The response from the endpoint returns all the groups and roles that is assigned for that user , but the custom defined role is not returned . Is there any other way…
Required help on correcting the Bicep template for assigning the role assignment at resource level scope
Hi, we are in the process of generating several public IPs using the provided Bicep template. Our goal is to allocate role assignments to all these IPs within the scope of the resource level. However, we are encountering numerous challenges in…
I need to assign a policy to the tenant root management group from a new user account.
what is the role needed for the user? How to do it?
AuthorizationPermissionMismatch error when accessing blob file with indirect permission in RBAC
Hi, I'm using BlobContainerClient for accessing blobs from code (C#) private async Task<BlobClient> GetBlobClientAsync(string blobName, string container, CancellationToken cancellationToken) { var containerClient = await…
Azure Key Vault RBAC permissions required for APIM to retreive a cert?
Hi I have a Azure API manager setup and want to add a custom domain. We have deployed Azure Key Vault and uploaded a certificate. We have deployed Key Vault with the recommended "role-based access control" We have given the APIM managed…
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
To add a backend pool and health probe to loadbalancer, which role is needed?
Network contributor on loadbalancer level? Network contributor on the resource group level?
need to remove RBAC role when try to delete resource group before
In azure, i want to delete resource group. It is need to remove RBAC role that has been assignment to this resource group first? And then i can delete resource group. And it will release that RBAC role what has assignment on this resource group?
Can I assign Azure built in roles (RBAC) to security groups when setting up GDAP?
When setting up granular delegated admin privileges, as the partner, can I assign Azure built-in roles (RBAC) to our security groups, such as contributor roles, to enable my added users to work/manage with an Azure resource? or are we limited to only…
"Storage account - Container - Directory permissions for viewing for a single folder user."
Good morning community, I'm seeking assistance. I want to grant permissions in a storage account so that an external user can only view a specific folder that I have hosted in a container. But so far, I haven't been able to achieve it, as I've tried in…
How to assign Reader role to a member within my subscription when only Owner role populates?
How to assign Reader role to a member within my subscription when only Owner role populates? I am trying to assign the Reader role to a member that populates within my subscription. No options show other than Owner, which is not appropriate for this…
role based access control in azure using cosmosdb
Hi i need to create role based access using json file of my company employees data which is stored as items in a container in azure cosmos db. All employees data stored in Json format. i am still confused how achieve this in azure. i am creating this…
Restricting read and run access to Azure Data Factory individual pipeline
Hello, Our data team support multiple research teams. We create ADF pipelines for researchers under one resource group (because it all falls under one research purpose). Since researchers aren't well-versed with Azure, we want to make sure they don't…
ApplicationImpersonation permission on new admin role group
I am attempting to create a new role group with ApplicationImpersonation permissions per https://answers.microsoft.com/en-us/msoffice/forum/all/exchange-impersonation-error-unable-to-open-user/834c4ea9-6cb5-4df4-9011-433ba501f6d2. When I do so in…
Questions wrt mail with subject "Transition to role-based access control (RBAC) in Azure by 31 August 2024"
I received an email about classis administrator roles starting with: On 31 August 2024, Azure classic administrator roles will be retired. If your organization has active Co-Administrator or Service Admin roles, you'll need to transition to using Azure…
How to lock the Vnet peerings like we lock the the resources in resource group once after we create them?
To prevent unauthorized peerings to other Vnets after creation, it's essential to lock the peerings to restrict access for other users from creating unnecessary peerings. How to do that? Can anyone help me out with this? Thanks.
Azure Subscription showing Owner role identity not found.
Hello, I am facing a strange issue. When I am checking my Azure Subscription, Access control (IAM) - The owner role is showing - Identity not found, Unable to find identity. Here is the screenshot. Can you help? Thanks, Anuraj
Move Subscription to Management Group
Hi Team, We have created management groups (have Owner access) and have a few subscriptions with Owner access. When we try to move the subscriptions to the management groups from portal , getting error as below Add subscription failed. An error…
I need to create a policy that blocks sign in of M365 accounts if MFA is not enabled, How do I do this?
Hi, as described above, I need to create a policy that blocks sign in of office 365 accounts, if the account in question does not have MFA enabled on it, how can I achieve this? Thanks!