How do I use Access Control Page, now that Vault Access Policy isn't working?

Question

I have been following a LinkedIn Learning course named Azure Key Vault for Developers. It was done a few years ago. I'm at the point of configuring access to my key vault. Back when this course was done, the instructor opted to use Vault Access Policy. Azure Role-based Access Control was an option, but that isn't what the instructor choose. I decided to follow the instructor's lead, but now I've run into a problem. I'm getting this error message:

Access policies not availableThe access configuration for this key vault is set to role-based access control. To add or manage your access policies, go to the Access control (IAM) page.

How do I fix this problem and proceed to configure access to my key vault?

Answer 1

Hi @Falanga, Rod, DOH , I understand that you want Azure Key Vault that has Vault Access Policy.

When creating Azure Key Vault, you can choose between Azure RBAC or Vault Access Policy for data-plane access control:

Choose "Vault access policy". If you've created an Azure Key Vault with default option (you didn't select the permission model), it will have Azure RBAC for its permission model. The solution: delete your Azure Key Vault and create a new one with "Vault access policy".

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Answer 2

@Falanga, Rod, DOH

Thank you for your post!

Error Message:

Access policies not available. The access configuration for this key vault is set to role-based access control. To add or manage your access policies, go to the Access control (IAM) page.

Based off your error message, you can resolve your issue by following the steps below. Please note that when you initially created your Key Vault, if you didn't specify Vault access policy (legacy) the default Access model is now Azure role-based access control. For more info - Azure RBAC vs. access policies (legacy).

If you'd like to continue using the Azure RBAC access model for your Key Vault, you'll have to leverage the Access Control (IAM) page and assign users the appropriate built-in roles for Key Vault data plane operations.

1. From your Azure Key Vault.
2. Select Access control (IAM) on the left pane.
3. Ensure your user has one of the appropriate built-in roles for Key Vault data plane operations (for example - Key Vault Administrator).
4. If you need to create a new role you can do so by selecting Add > Add role assignment to open the Add role assignment page. For more info - Key Vault scope role assignment.

---

If you'd like to switch to the legacy Key Vault access policy permissions model for your Key Vault, you can do so by:

1. Navigate to your Key Vault.
2. Selecting Access configuration on the left pane.
3. Select and Save the appropriate access model - Vault access policy.
4. Navigate to Access policies on the left pane.
5. Assign the appropriate permissions. For more info - Assign an access policy.

Additional Links:

• Assign a Key Vault access policy (legacy)
• Azure built-in roles for Key Vault data plane operations
• Using Azure RBAC secret, key, and certificate permissions with Key Vault
• Azure role-based access control (Azure RBAC) vs. access policies (legacy)

I hope this helps!

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.

---

If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.