Share via

Azure Container Apps custom role to only deploy Container Apps but not Managed Environments

Giovanni Fleres 20 Reputation points
2023-08-08T07:57:40.2333333+00:00

Hi,

Due to security reasons and to split roles and responsabilities between different teams, I would like to being able to:

  • Assign role to a team that they can create ACAE
  • Assign a role a role to a team so that they can create ACA but not ACAE

 The goal is that, for example, the developer team can create ACA instances on existing ACAE but they can't create new ACAE.

It seems ACA doesn't have a built-in role that allows to only create Container Apps.

May be ?

So a custom role need to be created.

Right ?

Thanks,

Giovanni

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
691 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. MayankBargali-MSFT 70,941 Reputation points Moderator
    2023-08-08T09:41:26.15+00:00

    @Giovanni Fleres Thanks for reaching out.

    Yes, you are correct. Azure Container Apps does not have a built-in role that allows only creating Container Apps. However, you can create a custom role that allows the developer team to create Azure Container Apps instances on existing Azure Container Apps environments but not create new Azure Container Apps environments. To create the custom role you can refer to this document.

  2. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.