Share via

Web app read only directory browsing

Kim Beng Ooi 0 Reputation points
2023-05-09T06:25:45.0066667+00:00

we created dev and prod subscription to allow better control of what the developer can do on the services.

in dev web app, I add the developer as the website contributor so they can deploy and test the web app.

for prod web app, I want to allow them to have read-only access to the console or Kudu so that they know what version file was located in the prod environment.

The problem is, there is no website reader or any similar permission to allow read-only access to the directory browsing.

I need some advice on how we implement this or any better way to do the deployment.

In our case, the server admin will do the deployment on behave of the developer for the production instance.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Boris Von Dahle 3,221 Reputation points
    2023-05-09T20:53:27.5333333+00:00

    Hello,

    In order for developers not to need direct access to dev or production resources, I would advise to set up a CI/CD pipeline using Azure DevOps for deployment. Developers commit their code, and the pipeline handles deployment.

    You could also, as part of the deployment process, write the version of the deployed application to a file that is accessible via a HTTP endpoint.

    You could consider using a separate deployment slot :
    https://learn.microsoft.com/en-us/azure/app-service/deploy-staging-slots

    Keep in mind that providing direct access to production resources, even read-only access, can carry risks. It's generally considered best practice to restrict access to production as much as possible and use automated processes for deployment and monitoring.

    If you found this answer usefull. Please mark it as accepted to help others users with same questions find this topic

    0 comments
  2. Konstantinos Passadis 19,686 Reputation points MVP
    2023-05-09T21:54:15.1333333+00:00

    Hello @Anonymous !

    Welcome to Microsoft QnA!

    To succeed this you need a Custom Role !

    Go to to IAM and create a Custm role , you must find the appropriate permissions to read only

    I am not sure if the specifics you need are there , but this is the way !

    Of course I agree with @Boris Von Dahle for best practices

    If you need more help please comment here !

    User's image

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    0 comments
  3. Kim Beng Ooi 0 Reputation points
    2023-05-12T00:17:02.5533333+00:00

    There is no way to give read access to Kudu or console, and no way to do the directory browsing.

    Btw, we found the solution already, thanks for the help.

    0 comments
  4. Sanjay Ramadugu 1 Reputation point
    2025-08-15T16:04:27.5+00:00

    Hi @Kim Beng Ooi,

    Thank you for sharing this question about providing read-only directory browsing for Azure web apps. I noticed you mentioned that you found a solution already - would you be able to kindly share the details of what approach worked for you?

    I'm currently facing the same challenge with needing to provide developers read-only access to production file listings without giving them full access to the Kudu console, and I would greatly appreciate any insights you could provide about your solution.

    Thank you so much for your time and any details you can share!

    Best regards

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.