I have an Azure App Service enviroment that occasionally encounters performance degradation alerts, but when I click the "See in Azure Portal" button on the notification email, I land up with a blank screen:
The URL looks similar to:
https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AlertDetailsTemplateBlade/alertId/XXX%2fMicrosoft.AlertsManagement%2falerts%2fXXX/invokedFrom/emailnoncommonschema
I must not have the right permission/access setup to view this - could anyone advise on how to rectify this?
Edit 1:
There's an error in the console mentioning the following permission, but I have now been assigned Monitoring Reader and Log Analytics Reader roles on the relevant App Service and App Insights for the resource in question, which grant me this permission - is there somewhere else I need to have these roles assigned?
Microsoft.AlertsManagement/alerts/history/read
I've also reached out on the Microsoft Q&A site here
Related
From various tutorials and stack overflow questions, I see a possibility to add Service Bus in the API Permission tab of an App Registration in Azure. See image below.
However, I don't see this option in my organization's or my personal Azure tenant now. Has this been taken off by Microsoft recently? Are you able to see an option to add Service Bus?
Yeah, I couldn't able to see Microsoft Service bus api permissions as below:
But check the similar functionality by giving azure service bus data owner role which has the similar functionality using below process:
Firstly, go to your Resource group and then click on Access Control:
Next click on Add+:
Then type Service Bus:
Then Select your required App Registration and then click on select:
Now Click ON Access Control and check you have got your required permission On Service Bus:
Now click on it:
If you your access is denied adding role assignment, then you need to ask you admin to provide you the access.
And also check reference.
I am new to azure & azure media services. I started creating sample by following https://learn.microsoft.com/en-us/azure/media-services/latest/stream-files-tutorial-with-api.
I have created media service & storage service. Now but when I reach to "API access" section. I am keep getting following error even I am top level admin role.
& the link is not that much helpful or guide what i need to do.
That would be great help if anyone can guide me what i am missing.
This normally would indicate that you do not have the correct permissions in your Azure Subscription to create a Azure AD application. You can confirm this by first going into the Subscription section of the portal and seeing what role you are in. You can also confirm this by going directly into Azure AD and trying to create an Application in that page of the portal (or use the CLI as well.) If you are getting the same error message there, it is likely that you have not been granted permission to create Azure AD applications in your primary tenant. You can contact your subscription administrator to ask them to do this for you, or add you to the permission group.
User needs to have read only access to two subscriptions, so added user to the Access
Control for both subscriptions and gave them the built in role [Readers]. Basically I want the user to be able to view Application Insights but not to create, delete, update anything else.
The user reported that they could not AI and instead saw this.
Digging into this error I got this documentation from MS.
The pertinent information is:
These items require write access to the whole Resource group that contains your website:
TLS/SSL Certificates and bindings (TLS/SSL certificates can be shared between sites in the same resource group and geo-location)
Alert rules
Autoscale settings
Application insights components
Web tests
I think the best way to proceed is to create a role that is the same as the built in Reader, and then assign write rights to Application Insights, add this role to the user, and remove the built-in reader. I am knew to Azure and would appreciate any advice or recommendation.
Try to grant the user with both Reader and Application Insights Component Contributor roles. For full list of built-in roles, see Azure built-in roles.
How about this role https://learn.microsoft.com/en-us/azure/azure-monitor/roles-permissions-security#monitoring-reader
It allows for:
- Access Application Insights data and view data in Application Insights Analytics.
Let me know if you've found some other solution.
I have somewhat similar task: provide user with readonly access to Application Insights, but without using Contributor role or custom roles.
I am trying to enable Custom Logs for Azure Log Analytics.
I looked at the official documentation which says this:
After you are redirected to the OMS portal, click the Settings tile on the top right-hand side of the page.
I also found this stack overflow page which says a similar thing.
Now when I go to the OMS portal I see the following:
which no cog!
Has how to enable this moved or have I not got the correct access?
I am an Owner of the subscription but not account administrator
I have reproduced your issue, I created the workspace, I add a user as READONLY USER.
In the portal of my own account(ADMINISTRATOR of the workspace), it will be fine. But in the portal of the READONLY USER , it is the same issue with yours.
You could refer to the screenshot.
So you should get the CONTRIBUTOR user to the workspace or create a workspace by yourself, it will be fine.
I am trying to setup some Azure application insights web tests on a coworker's azure account. He gave me Reader & Application Insights Component Contributor, then Owner roles for that resource group. No luck. As the owner I then went and gave myself all the other roles, one by one, and logging off and back on each time and it still says 'No Access' and the '+Add Web Test' button is still greyed out. I also see 'No Access' for alert rules, but I haven't gotten that far yet. This seems like a bug. Any ideas? Thanks!
P.S. I did see the same problem discussed here but with no resolution.
Since webtests are an Azure resources themselves. So in order to gain access you will need contributor level access at the ResourceGroup under which your AI resource exists.
Hope this helps.