Share via

I clicked on Access policies on my ley vault, but i was shown this "Access policies not available". How do i make it available?

Charles Onyebuchi 20 Reputation points
2024-09-09T11:45:38.9033333+00:00

Access policies not available.

The access configuration for this key vault is set to role-based access control. To add or manage your access policies, go to the Access control (IAM) page.

How can I resolve this

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,309 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
825 questions
Access
Access
A family of Microsoft relational database management systems designed for ease of use.
398 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
912 questions
Access Development
Access Development
Access: A family of Microsoft relational database management systems designed for ease of use.Development: The process of researching, productizing, and refining new or existing technologies.
880 questions
0 comments
Accepted answer
  1. Dan Rios 1,990 Reputation points MVP
    2024-09-09T13:35:34.72+00:00

    Hi Charles,

    This is correct message. You don't really want to make it available as access policies are now legacy. RBAC is the recommended and default method you should be using on a Key Vault. You can read a bit more on the comparison here: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-access-policy

    To add access to the Key Vault, navigate to the Access Control (IAM) page as it mentions. You are then able to add roles to users to grant them access to Key Vault depending on the level of access you want them to have (https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli#azure-built-in-roles-for-key-vault-data-plane-operations):

    There is a Portal, azure cli and PowerShell guide here: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-portal#key-vault-scope-role-assignment

    Roles to choose from:

    Built-in role Description ID
    Key Vault Administrator Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e74483
    Key Vault Administrator Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e74483
    Key Vault Reader Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d2
    Key Vault Certificates Officer Perform any action on the certificates of a key vault, excluding reading the secret and key portions, and managing permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985
    Key Vault Certificate User Read entire certificate contents including secret and key portion. Only works for key vaults that use the 'Azure role-based access control' permission model. db79e9a7-68ee-4b58-9aeb-b90e7c24fcba
    Key Vault Crypto Officer Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf60603
    Key Vault Crypto Service Encryption User Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6
    Key Vault Crypto User Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d297424
    Key Vault Crypto Service Release User Release keys for Azure Confidential Computing and equivalent environments. Only works for key vaults that use the 'Azure role-based access control' permission model.
    Key Vault Secrets Officer Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7
    Key Vault Secrets User Read secret contents including secret portion of a certificate with private key. Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e6

    Please mark this answer as accepted if it solves your question so others can benefit.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.