Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
851 questions
1 answer
How to authorize Entra ID apps as “apps” instead of “service principals
I registered my app through “Entra ID” for integration with New Relic. I granted the apps registered with the subscriptions to be viewed. Then, in the access control list, it was registered as a “service principal” instead of an “app”. How can I register…
asked 2024-12-19T08:54:46.2566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 13%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Shashiki.T
0
Reputation points
commented 2024-12-20T23:01:18.8233333+00:00
James Hamil
26,386
Reputation points Microsoft Employee
1 answer
Set up as Workspace Owner and Data Scientist role, but cannot create notebooks/write files
I just set up a Workspace under my Subscription, and am the Owner on both. I'm trying to work in Azure ML in this Workspace, where I have a Azure ML Data Scientist role for myself as well, and keep getting this message when I try to create a new…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 33%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
1 answer
Role to manage auto-shutdown of VM
We are encountering an issue where a user with appropriate roles and permissions is unable to manage the auto-shutdown feature for Azure Virtual Machines (VMs). Despite assigning the built-in DevTest Labs User role and attempting several combinations of…
asked 2024-12-20T07:30:23.5066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 90%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Rahul Kamble
0
Reputation points
answered 2024-12-20T12:05:11.9266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 24%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
akinbade abiola
21,040
Reputation points
1 answer
One of the answers was accepted by the question author.
What Azure role assignments would i need to allow a dba permissions to manage Azure SQL resources including storage accounts?
I am looking at assigning role assignments to a DBA to manage Azure SQL resources from the Azure Portal including managing a specific storage account. Currently, the permissions are set as follows: Contributor Reader SQL Security Manager …
asked 2022-06-10T12:42:30.167+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 48%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Schieman, Paul
21
Reputation points
accepted 2024-12-20T02:45:13.6066667+00:00
Schieman, Paul
21
Reputation points
1 answer
What is the API needed permission in order to assign a role to a user (in entraId)
I'm doing a call to this endpoint (@POST): https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments with this payload: { "@odata.type": "#microsoft.graph.unifiedRoleAssignment", "roleDefinitionId":…
asked 2024-12-19T09:00:40.01+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 23%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
EntraDeveloper
0
Reputation points
answered 2024-12-20T02:34:14.53+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Raja Pothuraju
9,805
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
How to give full Azure admin access to my CTO
Hi, I am having trouble giving my CTO full access to everything in Azure, which results in random situations where I am personally required to sign in just to change a setting. We have already tried giving ownership permissions everywhere we find them,…
asked 2024-12-17T22:07:33.5166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 70%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
Akil Bhagat
20
Reputation points
commented 2024-12-19T20:09:41.8+00:00
Akil Bhagat
20
Reputation points
0 answers
Accepting Recommendations on Access Review for Entra ID Access Packages Throws an Error
I am an Entra ID Access Package Reviewer. Usually, I just accept recommendations but recently, I have been getting this error message: Error: Exception of type…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 13%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
0 answers
Im trying to configure a Azure connector on LCS but its failing
Im trying to configure a Azure connector on LCS but its failing. When I try to add "DD Dynamics Deployment Services [wsfed-enabled] (pme)" in the role assignment its not showing.
asked 2024-12-06T10:43:46.1066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
VishTrial D365FO
0
Reputation points
commented 2024-12-19T18:13:19.6033333+00:00
Raja Pothuraju
9,805
Reputation points Microsoft Vendor
1 answer
Unable to get email alert for PIM role activation
Hello, we used to receive emails from Microsoft Azure for the PIM roles activation but It just stopped. Nothing changed just we are no longer receiving emails for role activation. Can you please help me with this? Thanks!
asked 2024-12-05T17:18:37.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 24%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYT%3C/text%3E%3C/svg%3E)
Yasin Turan
0
Reputation points
commented 2024-12-19T14:14:06.97+00:00
Yasin Turan
0
Reputation points
1 answer
One of the answers was accepted by the question author.
What API permission do I need in order to assign role to a user
I'm doing a (@POST) request the role assignment endpoint https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments with this payload: { "@odata.type": "#microsoft.graph.unifiedRoleAssignment", …
asked 2024-12-19T10:00:15.6166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 88%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
MIRIAM GRAHAM
40
Reputation points
accepted 2024-12-19T11:41:39.8666667+00:00
MIRIAM GRAHAM
40
Reputation points
1 answer
Infiinte Loop MFA
I just got a new iPhone, and my authenticator app does not have my previous accounts stored. I am receiving a request to sign in with the Auth App, but when I click "I can't use my Microsoft Authenticator app right now," it just keeps looping…
asked 2024-12-18T23:15:57.1566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 3%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Kevin Doan
5
Reputation points
answered 2024-12-19T04:43:22.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
20,266
Reputation points Microsoft Employee
1 answer
How to Grant Precise Access Control Rights for viewing Azure Front Door Reports?
It appears that enabling a user with precise Access Control permissions, specifically tailored to viewing Reports and Security Reports for Azure Front Door, may not be achievable or, at the very least, is not well-documented. Even after granting them the…
asked 2023-11-01T14:03:38.5933333+00:00
Bart van der Braak
10
Reputation points
commented 2024-12-18T18:19:59.91+00:00
Bart van der Braak
10
Reputation points
2 answers
Unable to Access Log Analytics Demo (aka.ms/lademo)
Hello, I have been using the log analytics demo environment to help train for the last month for KQL. Recently, I have no idea what changed, but I have lost access the the public and free environment at "aka.ms/lademo". I have tried all…
asked 2024-12-09T17:12:58.2033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 99%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECC%3C/text%3E%3C/svg%3E)
Colin Colón
25
Reputation points
edited the question 2024-12-18T07:58:35.9566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 16%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Rakesh Gurram
10,545
Reputation points Microsoft Vendor
0 answers
I need to reactivate an account that was disabled on August 15 to recover documents...
We are a company with enough subscriptions and a domain. I need to reactivate an account that was disabled on August 15th to recover documents.
asked 2024-12-17T20:05:51.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 2%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYC%3C/text%3E%3C/svg%3E)
Yafte Caballero
0
Reputation points
edited a comment 2024-12-17T22:26:56.8766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
KarishmaTiwari-MSFT
20,307
Reputation points Microsoft Employee
1 answer
What does the "Microsoft.Authorization/elevateAccess/action" role actually do? A sub permission of the User Access Administistrator Azure resource role
I've got some questions relating to the User Access Administrator Azure resource role. Because it grants Microsoft.Authorization/*, it means that Microsoft.Authorization/elevateAccess/action is a part of that permission set. That permission is defined…
asked 2022-11-02T20:29:53.617+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 61%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJW%3C/text%3E%3C/svg%3E)
Johnathan Welker
106
Reputation points
commented 2024-12-17T18:57:35.0966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 94%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGN%3C/text%3E%3C/svg%3E)
Godrey, Nick J
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Exporting Management Groups with Role Assignment(IAM)
Is it possible to generate a report via PowerShell on all Management Groups and Subscriptions with all role assignment permissions details.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 90%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHR%3C/text%3E%3C/svg%3E)
3 answers
One of the answers was accepted by the question author.
PIM: How to set approvers in Role Management Policy approval rule for "Require approval to activate" possibility in PIM role settings by Powershell using Update-AzRoleManagementPolicy command?
Hello everyone, I need to configure "RoleManagementPolicyApprovalRule" rule for updating role management policy on resource group scope for Contributor role in PIM settings automatically from Powershell code. I'm following this documentation…
asked 2024-12-09T10:34:17.2666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 43%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERR%3C/text%3E%3C/svg%3E)
Ruslan Rahozhkin
25
Reputation points
accepted 2024-12-13T17:06:58.4033333+00:00
Ruslan Rahozhkin
25
Reputation points
1 answer
Why does "Key Vault Certificate User" role have permissions to read keys and secrets as well?
Key Vault Built-In Role Assignment "Key Vault Certificate User" has permissions to read keys and secrets as well. Note that the more privileged role "Key Vault Certificates Officer" on the other hand doesn't have permissions to read…
asked 2024-09-09T08:32:50.57+00:00
Karan Agarwal
0
Reputation points Microsoft Employee
edited a comment 2024-12-12T10:08:26.0733333+00:00
Karan Agarwal
0
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Access error 403 for Synapse Analytics
When navigating to my Synapse Analytics workspace I see a popup indicating a 403 error like below. When checking my access I have both Contributor and Owner to the Resource Group. Failed to load one or more resources due to no access, error code 403. …
asked 2024-12-06T14:02:47.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 2%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
Johnson, Robert
20
Reputation points
accepted 2024-12-10T05:00:09.4166667+00:00
Johnson, Robert
20
Reputation points
2 answers
What Admin Role Allows Releasing Quarantined Emails?
I am looking to add permissions to an admin account that allows this admin to release quarantined emails. I do not want to give them global admin, but I have not found a admin role that allows someone to release these emails. As a global reader this user…
asked 2024-05-16T13:40:49.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 90%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Taylor
0
Reputation points
answered 2024-12-05T19:38:12.8966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 28.999999999999996%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEM%3C/text%3E%3C/svg%3E)
Elliott, Mike
0
Reputation points