stackoom
  简体   繁体   中英

Service principal or Managed Identity

 原文  2021-05-11 15:45:17       azure/ azure-active-directory/ terraform

Question

I have a client that can only give me full access to one or two resource groups.

I need to deliver some prescripted terraform resources that contain the need for a service principal.

Can you lock an SP to a resource group? The subscription itself is a production subscription so they want to know if you can tie down using role base access just to that group.

Or should I be create a MI account?

1 answers

solution1
 0 ACCPTED  2021-05-11 15:54:01

Can you lock an SP to a resource group?

You most certainly can. Azure Role-based access control is very granular and you can apply access control at any level (management group, subscription, resource group or even at individual resource).

Please see this for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to SharePoint and outlook using Azure Service principal/managed identity How to reset the password of the Service Principal created for the System Managed Identity in Azure? Azure service principal vs managed identity vs (enterprise) application How to use Service Principal/Managed Identity to access Azure App Configuration? Surface the application associated to a Managed Service Identity service principal in AAD app registrations Access O365 Exchange Online with an Azure Managed Identity or Service Principal Difference between Service Principal and Managed Identities in Azure Configuration of Managed Service Identity(MSI) Service to Service authentication with Managed Identity in Azure Could not fetch access token for Managed Service Principal During DevOps Implementation
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM