How do i assign custom app roles to a function app that's using managed identity service principal?
I have an app service that uses managed identity but I am unable to assign app roles (custom app roles for the API) to the service principal. I've looked in enterprise apps but app roles is not an option in the manage section and there is no manifest option. I've looked in app registrations but app services and function do not appear as registered apps.
So I have created a app registration for my app service and created custom roles for my API end points. (Not what I wanted to do but I now have custom app roles for my app)
I then need to assign the custom roles to some function apps that are also using managed identity but I am unable to assign the roles to the functions for the same reasons!
I have resorted to registering the function apps in app registration and then assigning the Custom API permissions to the new registration. I'm then using the new client id and secret in the function app. This gives me the API endpoint security that I need but This seems very wrong as I am treating the function app like an external app and not making use of the managed identity.
How can I do this using the Managed Identity of both my App Service API and my Function App rather than create app registrations for them?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 46%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 68%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
