Reputation: 6354
Minimum Permissions for Creating and Deleting Subscriptions to an Azure Service Bus Topic?
I am creating an app which needs to create and delete subscriptions to an already created topic in azure service bus.
does my share access token need manage permissions on the topic to create and delete subscriptions? I've does some preliminary googling, and none of the articles I can find shows the correlation of the three roles (manage, send, listen) to the subscription entity.
Thanks!
update I have created a Shared Access Policy directly on the topic, then I have the following code written to reach out to the Topic, create subscriptions, then cancel/dispose of them via an IDisposable interface:
public class SubscriptionHandler : IDisposable
{
protected NamespaceManager SubManager { get; set; }
protected SubscriptionDescription SubDetails { get; set; }
public SubscriptionClient Client { get; }
public SubscriptionHandler(AuthDetails details)
{
try
{
var connectionString = ConfigurationManager.AppSettings["Microsoft.ServiceBus.ConnectionString"];
SubManager = NamespaceManager.CreateFromConnectionString(connectionString);
SubDetails = new SubscriptionDescription("topic", $"record{details.ID}.Other{details.OtherID}");
if (!SubManager.SubscriptionExists(SubDetails.TopicPath, SubDetails.Name))
{ //setting subscription to receive all bookings that are for the given businessID
SubManager.CreateSubscription(SubDetails, new SqlFilter($"ID = {details.ID}"));
}
Client = SubscriptionClient.CreateFromConnectionString(connectionString, SubDetails.TopicPath, SubDetails.Name);
}catch (Exception ex)
{
throw;
}
}
public void Dispose()
{
if(Client != null)
{
Client.Close(); // telling subscription we are no longer going to recieve messages
}
if (SubManager != null && SubManager.SubscriptionExists(SubDetails.TopicPath, SubDetails.Name))
{
SubManager.DeleteSubscription(SubDetails.TopicPath, SubDetails.Name);
}
}
however, I am still getting unauthorized exception thrown on the
SubManager.CreateSubscription(SubDetails, new SqlFilter($"ID = {details.ID}")); call. I copied the connection string from the SharedAccessPolicy connection strings, then removed the EntityPath name value pair.... What am I doing wrong?
Upvotes: 0
Views: 1079
Answers (1)
Reputation: 18465
does my share access token need manage permissions on the topic to create and delete subscriptions?
As the official document mentioned about Rights required for Service Bus operations, the Create a subscription and Delete subscription operations need Manage permission on the topic.
Without the Manage permission, you would get the 401 response as follows when you deal with the Create/Delete subscription operation:
Upvotes: 1
Related Questions
- Azure Topics and subscriptions
- Deleting subscriptions from Azure Service Bus Topic through C#
- Azure Service Bus - Topic - Message Attribute Based Access Control
- Does Service Bus Trigger for Azure Function need Manage access rights to Service Bus Queue/Topic?
- Azure Service Bus Topics and Subscriptions with Worker Role
- Creating a Azure Service Bus Topic Subscription fails
- Azure Service Bus topic with exclusive, autodelete subscriptions with a generated name
- Azure Service Bus Topic subscription concurency
- Limit to the Subscription of the Topics
- Azure Service Bus - Topic & Subscription permissioning