IAM permissions for Key Vault

DG001 286 Reputation points Microsoft Employee

Hello, I would like some suggestions on what permission are needed to grant users ONLY access to change 'networking information' of Key vaults?
I have tried Key Vault Reader and this allows them network access BUT it also allows them to modify the access policy and basically create their own policy to view the secrets and keys, which I want to avoid.

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,051 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 25,291 Reputation points Microsoft Employee

    @DG001 Apologies for the delayed response, yes you are correct if the current RBAC roles have more privileges, then you can go for custom role option or clone the existing role and modify the changes which are needed for the task. Let me know if you have any further questions, feel free to post back.

    0 comments No comments