Reputation: 583
Assigning permissions to a custom role in Azure
So I'm creating a custom role.. let's call it "MyCompanyDeveloperRole"
I go onto the function app in the portal logged in as someone with that role.
It won't render the function apps list on the overview page as you can see.
I click on the link "See details" (highlighted in yellow), it then proceeds to say "... not have authorization to perform action 'Microsoft.Web/sites/host/properties/read'..."
Then you go in and edit the role adding custom role json editor in the portal which then says... no such role!
Working out what permissions to give is a nightmare!!!
Another example.... when visiting the role assignments for a managed identity that belongs to an Azure app service... the current role assignments aren't showing up... I have no idea what role is missing? I've tried a bunch already!
Upvotes: 0
Views: 35
Answers (1)
Reputation: 8684
As mentioned in MSDOC, Microsoft.web/sites/host/properties/read action is not available.
List of actions available under Microsoft.web/sites/host:
Follow below steps:
- Create a custom role and assign below permissions/actions:
Microsoft.Web/sites/config/list/Action
Microsoft.Web/sites/Read
- Grant the custom role access to the user.
- Able to access the function App and create the functions.
Upvotes: 0
Related Questions
- azure ad difference between group based and role based authorization
- Trouble obtaining access token for managed identity with application role
- How to give azure key vault portal access when public access is disabled
- Cannot select Azure function app in Resource instances when limiting access to storage account
- How to assign custom role to the application in Bicep
- Azure DevOps - Failed to fetch App Service. The client does not have authorization to perform action 'Microsoft.Web/sites/read'
- Managed Service Identity not working as expected in Azure Function
- Assigning permissions to Azure AD B2C application in Portal fails with "Data validation error"