Andrew Wilson's Blog

{ ... Plan - Architect - Develop - Reflect - Improve - Repeat ... }

Azure RBAC Key Vault | Role Assignment for Specific Secret

Background Azure role-based access control (Azure RBAC) provides fine grained control over access to Azure resources. Azure RBAC is founded on top of the Azure Resource Manager which allows us to provide access authorisation at differing scope levels ranging from the Management Group through to individual resources. With RBAC enabled key vaults we can manage access to the resource and data stored in the vault. We can also manage access for individual keys, secrets, and certificates.

Posted by Andrew Wilson on Wednesday, November 22, 2023

Azure Role Assignment

Problem Space: I recently came into some issues with assigning Azure roles through a Bicep template and pipeline deployment. I was looking to assign ‘Storage Blob Data Reader’ to a service principal, and refine their access to only the container of the storage account. The three main issues that I ran into were: What are Role Assignment Conditions and how can I use them in my template? I am trying to assign a built in role, what is the roleDefinitionId that I should be using?

Posted by Andrew Wilson on Friday, September 2, 2022

avatar

Andrew Wilson
Husband - Father - Microsoft Azure MVP - Chief Consulting Officer @ Black Marble

Has a passion for creating software [especially solution integrations] that help others execute their jobs faster and more efficiently.

QUICK LINKS
FEATURED TAGS
api management apim apim-policy app service arm az cli azure azure devops azure integration services azure portal bicep biztalk biztalk deployment framework btdf consulting dsc fluent ui function-app git gitversion iac keyvault logic app logic app standard nerd fonts office-ui-fabric ohmyposh powershell rbac react requirements rest client roles security speaking sso storage account strong name key swagger typescript vs code webpack windows terminal winget winget configuration yaml pipeline