I have over 50 Azure subscriptions under same tenant. I have created a service-principal under Azure active directory and provided the service principal 'reader' role to each subscriptions. When I make an API call from Postman I get all subscription ids but my concern is I am giving 'READ' access to all my resources on different subscriptions. I want to limit this service-principal will ONLY be able to list the subscription ids and nothing else.
Grant Read access to service principal to get ONLY subscription ids on Azure
584 Views Asked by cloudify At
1
There are 1 best solutions below
Related Questions in AZURE
- How to update to the latest external Git in Azure Web App?
- I need an azure product that executes my intensive ffmpeg command then dies, and i only get charged for the delta. Any Tips?
- Inject AsyncCollector into a service
- mutual tls authentication between app service and function app
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Application settings for production deployment slot in Azure App Services
- Encountered an error (ServiceUnavailable) from host runtime on Azure Function App
- Implementing Incremental consent when using both application and delegated permissions
- Invalid format for email address in WordPress on Azure app service
- Producer Batching Service Bus Vs Kafka
- Integrating Angular External IP with ClusterIP of .NET microservices on AKS
- Difficulty creating a data pipeline with Fabric Datafactory using REST
- Azure Batch for Excel VBA
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Azure Scale Sets and Parallel Jobs
Related Questions in API
- Google Sheets API - Append Request not working
- Is there really no product for docs that has these?
- How to show suggested content in response using Azure Cognitive Search?
- error message when closing current position in binance futures, using ccxt library
- How to filter API data in React Native
- I have fetched an API with JS, but the output looks really bad and I don't know how to fix it
- Session is not storing in react and Asp Dot Core Web API
- Apex charts not rendering series value, showing cannot map values of NULL
- Configure IIS to accept API calls only from API Manager, Deny from direct calls
- Problems with API return using the Axios library in NextJS
- How to query by Iteration in pyral?
- Is there a way to have a user enter a url query and have a single function filter a database?
- Cant get value in Vue from data
- Read stories/posts using instagram API
- Need To Make Minor Change To REST API Response
Related Questions in RBAC
- Unable to pass RBAC username of AWS Redis in ServiceStack,Redis. Does ServiceStack.Redis supports RBAC?
- Neo4j Granting Access Based on Label Patterns
- Prevent user login to Azure App Registration
- "Invalid client or Invalid client credentials" with ArgoCD and Keycloak
- RBAC(Role Base Access Control) with gRPC-Gateway generated RESTful API
- How to implement RBAC with express-graphql resolvers?
- Superset - Give a user read-only access on a dashboard and edit access on another dashboard
- K8s rbac - Service Account missing capabilities
- How to implement Multi entity RBAC via Firestore DB and Firestore rules through SubCollections scheme is it even right?
- How to persist users in Grafana open source (docker swarm)
- Is it possible to restrict the group to have reader access at container level in azure?
- Is there a way to allow user to view some of the pods in a namespace using k8s rbac
- Can Kubernetes RoleBinding have subjects in a different namespace?
- Is it possible to use Entra ID to handle my custom application permissions without tying myself to the .NET framework?
- Unable to restrict Vault policy names in hcl template
Related Questions in AZURE-SERVICE-PRINCIPAL
- Azure Service Principals are not deleting from the Azure CLI
- Terraform Azure Provider: Authenticating using a Service Principal with a Client Certificate
- Deploy from Azure Devops into someone else’s tenant
- How to run docker commands in azure devops build pipelines by not using standard tasks
- Authorization_RequestDenied on terraform apply
- Graph API retrieve multiple applications based on list of appids
- Azure app registration apps list- access needed
- azure terraform linux aci connector CrashLoopBackOff
- Assign user to an enterprise app powershell
- What Azure account to use to run a python script on multiple azure tenants resources?
- Azure nodejs SDK list resource groups, empty result
- Does it take time between when a service principal is created and when it can be used?
- Service Principal Global administrator role for PowerBI Service
- Cannot find Azure Service Principal that I created
- Service Principle Identity not working with azure config connectivity in local environment with .Net and azure. Error 403 not able to connect
Related Questions in READ-ACCESS
- AccessError related to the record rule
- Chain function call only works if you don't save a reference to an intermediate type
- How to add user to Docker image with limited read only permissions?
- Creating own IntelliJ Plugin causes Read access is allowed from inside read-action
- C++ HashTable Read access violation
- Grant Read access to service principal to get ONLY subscription ids on Azure
- Any creative ways to detect deleted data allocated in heap?
- Prevent consecutive read operations from memory in C from being optimized away
- I don't understand how this error only occurs in Codewars but not in my Visual Studio IDE. (C++) Kata: Sum by Factors
- How can I modify my Stack Operation. (struct address problem)
- C++: Read access violation (this-> x was nullptr) with Blackmagic DeckLink SDK
- Is there a way to give read permissions for a subdirectory in Deno?
- any way to enable GCP service account access to specific folder in GCS bucket?
- Apache: How do I open up read access to a directory & its contents, giving a directory listing, but not write access?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
With "Reader" role, a user would be able to read all resources inside a subscription and not just subscription id.
I believe the solution to your problem is to create a custom role (let's call it
SubscriptionPropertiesReader) and then give only the permission to perform read operation just at the subscription level. Based on the information providedhere, I believe the permission you would want to include in this role isMicrosoft.Resources/subscriptions/read.The challenge obviously will be to create this custom role in each and every subscription and then assigning this role to your Service Principal in each subscription.