Azure Active Directory Group - controlling user access
Question
I have a requirement to add users to an Azure Active Directory group with certain privileges.
For example, specific user added to adgroup1 gets edit access on application specific data, while the same user could be part of adgroup2 with read only access for different set of application data.
What would be the best practice to implement this? Appreciate the feedback.
1 answers
solution1
1 ACCPTED 2021-05-14 07:05:17
I am afraid this could not be implemented, in Azure AD, a normal user (ie User type is member ) has the default permissions to view all the AD Apps in the tenant, source here .
This could not be restricted, default permissions for member users can be restricted list here , even if you set Restrict access to Azure AD administration portal , the user can also get the information from other clients eg powershell.
For the edit permission, the user needs to be added as an Owner to the AD App, but the AAD group is not supported to be added as an Owner to the AD App.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.