Reputation: 25
What Rbac action/permission would allow Azure App Service Network Access Restrictions
Which Rbac action would allow Azure App Service Network --> Access Restrictions ? We dont want every user to have auth to set/unset ip-rules using 'Networking --- Access Restrictions' for app-services.
Upvotes: 2
Views: 921
Answers (1)
Reputation: 14103
I have tried to change the network access and I can get the action information from the brower.
So the action should between this:
You can use a custom role,
$role = Get-AzRoleDefinition -Name "Virtual Machine Contributor"
$role.Id =$null
$role.Name = "testcustombowman"
$role.Description = "111111111111111111111111111111111111111111111"
$role.Actions.RemoveRange(0,$role.Actions.Count)
$role.Actions.add("Microsoft.Web/sites/config/Read")
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add("/subscriptions/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx")
New-AzRoleDefinition -Role $role
Have a look of this Offcial doc, and this.
But I still recommend you to use a simple way, directly give the relevant people only Read permissions.
It is highly recommended that you use the simple method, add role assignment -> Select Reader -> Select User
As you can see, the relevant users are unable to operate the settings you said in my case.
Upvotes: 1
Related Questions
- Azure App Service access restrictions with service tag not working
- Azure AppService IP address restrictions
- IP Restriction on Azure WebApp from ARM (Azure Resource Manager)
- Azure App Service Restrictions - allow app service A for app service B
- Allow Web Apps through Network Security Group
- Restrict Azure App Service to a whitelist of IPs without returning 403
- How to restrict access to an App Service using a setting inside the Azure Portal
- Understanding/Restricting Azure Web App Permissions
- RBAC access in Azure Web App
- Azure - restrict access to app service only