"Owner" and Contributor" doesn't include the permission of "Azure Digital Twins Data Owner"

Kent010341 231 Reputation points
2022-04-27T05:50:20.897+00:00

According to the document "Azure built-in roles", the "Owner" role has all permission (the actions of permissions in the JSON is a wildcard "*"),
and the "Contributor" role also has the same permission excluding a few permission like RBAC.

It seems like the action starts with "Microsoft.DigitalTwins." should also be included in the permission with action "*",
but as an "Owner" I can't view the digital twins in Azure digital Twins Explorer, and the other user with the "Contributor" role also can't view them.

The error message says that I don't have the right permission, and after I add the "Azure Digital Twins Data Owner" role I can get access to the ADT explorer.

Is this by design or a bug?

Azure Digital Twins
Azure Digital Twins
An Azure platform that is used to create digital representations of real-world things, places, business processes, and people.
236 questions
0 comments No comments
{count} votes

Accepted answer
  1. Matthijs van der Veer 4,376 Reputation points MVP Volunteer Moderator
    2022-04-27T06:15:02.417+00:00

    This is by design! The owner and contributor roles allow you to manage the Azure resource (i.e. create and/or delete the resource). It does not however give you access to the data inside that resource. This separation of concerns is called the control plane and the data plane. An owner or contributor allows access to the control plane, whereas the Azure Digital Twins Data Owner/Reader role grants access to its data plane. This allows you to assign the minimal access needed to a user/application to do its job. The difference between the two planes is better explained here.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.