azure-security

RBAC access to Azure Storage - preview roles not acting as expected

元气小坏坏 提交于 2019-12-06 11:45:09
问题 I'm trying to give our operations team read-only access to a storage account containing log files. I'd like to be able to give them the right to enumerate containers and read blobs. Ideally that would be the extent of their access. There are a couple of RBAC roles in preview that looked promising: Storage Blob Data Reader (Preview) is described as "Allows for read access to Azure Storage blobs containers and data" which sounds exactly like what I'm after Storage Blob Data Contributor (Preview

RBAC access to Azure Storage - preview roles not acting as expected

懵懂的女人 提交于 2019-12-04 19:26:24
I'm trying to give our operations team read-only access to a storage account containing log files. I'd like to be able to give them the right to enumerate containers and read blobs. Ideally that would be the extent of their access. There are a couple of RBAC roles in preview that looked promising: Storage Blob Data Reader (Preview) is described as "Allows for read access to Azure Storage blobs containers and data" which sounds exactly like what I'm after Storage Blob Data Contributor (Preview) sounds like read/write to blob accounts Neither of these roles worked for me, however. The operations

Azure: Service Principal ID vs Application ID

夙愿已清 提交于 2019-11-30 15:57:11
问题 According to this documentation: Application and Service principal are clearly two different things. Application is the global identity and Service principal is per Tenant/AAD But This Documentation and This Stack Overflow Question suggest they are the same. To make it more confusing, When I used the Graph API (from the first reference) and queried by my application name: https://graph.windows.net/<tenantName>/applications?api-version=1.6&$filter=displayName eq '<Apllication Name>' I see a

Azure: Service Principal ID vs Application ID

≯℡__Kan透↙ 提交于 2019-11-30 14:41:51
According to this documentation : Application and Service principal are clearly two different things. Application is the global identity and Service principal is per Tenant/AAD But This Documentation and This Stack Overflow Question suggest they are the same. To make it more confusing, When I used the Graph API (from the first reference) and queried by my application name: https://graph.windows.net/<tenantName>/applications?api-version=1.6&$filter=displayName eq '<Apllication Name>' I see a object Id, an Application ID (which I thought were the same), but no service principal ID in the Json