How to Create a custom RBAC role to provide access to a specific container in cosmosdb
Hi Microsoft Support Team, I’m reaching out for assistance with creating a custom RBAC role that provides access to a specific container within a Cosmos DB account. I followed the instructions outlined in…
Mutliple Admin Account Removal
Team, I want to use power user right concept and want to create a single admin account. I want to convert the current admin accounts in to Power user accounts to limitize the admin rights of the user for accesing and installing applications and…
Restore the owner for my free subscription
Hi everyone, Accidentally I deleted the owner role of my free subscription. Is there any way to restore my permissions? The option for cancelling and reactivating the subscription is not on the table, as I don't have permissions. Could anyone pls…
Create Custom Role
I have the following error when creating a custom role: with object id 26f83ad1-0683-493e-a0f1-fceSfc67332* does not have authorization to perform action Microsoft. Authorization/roleDefinitions/write over scope…
I am uanble to upgrade my account because my billing access was changed automatically by Azure
Recently my account was disabled. I would like to find out how to enable it and upgrade it. Its not letting me upgrade.
Prevent users from creating azure subscriptions in tenant
Hi Team, Is there any option to prevent the users from creating azure subscriptions in tenant. Only Global admin should have access for creating subscription and other users should not have option to create subscription in tenant level
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
Forbidden Error When Assigning 'Contributor' Role to Service Principal in Aadiam Scope
I'm encountering an issue when trying to run the following PowerShell command: New-AzRoleAssignment -ObjectId $objectId -Scope "/providers/Microsoft.aadiam" -RoleDefinitionName 'Contributor' -ObjectType 'ServicePrincipal' I have Global Admin…
Getting 403 error in Terraform while assigning RBAC in Azure
I have correct access (Owner) and able to assign RBAC through portal but not Terraform. │ Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error.…
Unable to Assign Global Admin Roles in Microsoft 365 due to GDAP Issues
None of our users in MS365 admin center has global admin rights. We do not have the rights to assign global admin rights to ourselves in MS Admin Center Our MS365 provider cannot help us since there is no active GDAP. Our MS365 provider has tried…
What happens after I enable any RBAC Role as PIM enabled role?
I have a question on PIM (Privileged Identity Management). Let say, Users A, B, C, D, E have Reader role on subscription ABC right now. This is standing permanent access before enabling PIM. Now, we enable PIM, enable on this ABC subscription on this…
Connect to CloudShell
Hi, I have granted one of my users access to Azure Kubernetes Service. The user wants to connect to Azure Cloud Shell from the Azure portal but is unable to do so, as connecting to Azure Cloud Shell requires a storage account, and the user does not have…
How to have more control on my users having access to client's tenant?
Hi, I am facing a scenario where a org needs to give his consultants (part time employees) a domain email address using which they get invited to a separate Azure tenant from client and do their tasks there. The thing is, in this scenario org have no…
azure owner roles issue
Hi Team, accidentally i was deleted my owner role attached to the my subscription . and now i am unable to perform operations in my account. could you please help me on this issue
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Need no authentication but only authorization from spring boot 3 to access roles for API exposed
We want to just authorization using spring boot 3 for the APIs exposed for the ROLE that is there in the token issued from another cli client by executing command = az account get-access-token. We need sample piece of code of spring 3 application that…
Received error - "AADSTS399266: Blob grant token received with wrong issuer type."
I am trying to use the code from this microsoft learn page - https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-ciam-javascript-tutorial/ms-identity-ciam-javascript-tutorial-0-call-api-vanillajs/ and configure the Ids. When trying to…
Level 2 AD Group & SQL server Microsoft Entra admin group & usage of IS_MEMBER for Row Level Security
Currently we are running into an issue developing Row Level Security since the IS_MEMBER does not work for the Microsoft Entra Admin group setup for that SQL server.…
Blob/storage container security role needed to "add" a blob/container
Hello, I'm looking to determine what the minimum security Roles I would need to assign to a user that will allow them to create and manage Azure storage containers and Azure Blobs in the azure portal. thanks, RT
How to allow users from a different tenant access our storage, servers, etc
Is it possible to allow the users from a different Azure tenant access to Windows VMs, file shares, storage, etc, in our tenant without having to have them set up accounts, invites, etc? In other words, seamlessly?