I would like to know what AD Groups from a "ResourceGroup" and "PeopleSearch" require access to Grafana, and at what role each group needs access.
Had a look at Microsoft Graph but not what I need.
Is this possible? I have searched but I don't find any solutions.
I managed to resolve this issue on my own.
Due to additional details in the screenshot I won't be able to share it but feel free to ask me for additional details.
Thanks.
Related
I am trying to divide the Azure Owner RBAC role between IAM actions and Other Actions, is it possible if yes then please help.
I have tried to list out all the actions of all the Azure RBAC roles and tried to distinguish between IAM and Other actions but this is not a good practice i know, even i have tried to list out actions of Owner role which is "*". i have tried 100's of websites as well for the solutions but dint work for me
As mentioned in the comment, I think you can use the Contributor, compared to Owner, it can do anything as the Owner but not manage the access to resources(the AD related thing you said).
For the AD related thing of Owner, you could just check the NotActions of Contributor.
And if you want to divide the Owner's permissions in two, I think it does not make sense, because once your custom role has the permission to manage the access to resources, he can assign other roles(e.g. Owner) to anyone like himself.
So in your case, you could just assign the Owner to the user who should need the most permissions, assign the Contributor to the user that you don't want to give the permissions of AD related thing.
As far as I know, Azure RABC role is used to manage azure resource. Regarding how to manage actions in Azure AD, Azure provides other roles to control it. For more details, please refer to
https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles
https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
I remember having some statistics inside azure but it doesn't appear anymore. Like - the number of registrations.
Or to make it back? and is it possible to simply have more detailed statistics?
You could try the Azure PowerShell to list the registered applications :
Get-AzureRmADApplication
For more details, refer to this link.
A client of mine created a resource group in Azure. He made me an owner on the resource group but if I try to create database, function app, service app or any other resource it indicates I have insufficient permissions. He is willing to give me the access I need, but I can't figure out what needs to be changed.
As I felt into the same issue maybe it can still help someone. This other question and this MSDN blog article can be handy.
Is any way I can create a dynamic Azure AD group with service principals as dynamic members? I can only select users which is quite frustrating.
Currently, it is impossible.
Please refer to this feedback. If you really need this, you could vote up this feedback.
I am trying to figure out how to create a windows azure active directory group and/or role from the web portal. Am I missing something obvious here or? I can create users, and assign them to the 2 built in roles, but how do I create a new role? or group?
Admittedly I haven't tried this yet, but the PowerShell extensions should be able to do this:
http://technet.microsoft.com/en-us/library/jj151815.aspx
Look under "Manage group and role membership" for details on the relevant commands.
I would also assume that the Graph API could handle it. I too was hoping that the Azure Management Portal would let us do it in their GUI.
Seems the way to add groups, etc is via the graph api or as suggested above by PS scripts. The graph api is amazingly powerful, albeit not as convenient as if this funcitonality lived within the Azure portal.
Basically you have 2 options:
create app roles and assign security groups to them (AAD Premium is
required)
enable security groups as claims (AAD Free is enough)
Follow this official manual: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps