I am trying to setup some Azure application insights web tests on a coworker's azure account. He gave me Reader & Application Insights Component Contributor, then Owner roles for that resource group. No luck. As the owner I then went and gave myself all the other roles, one by one, and logging off and back on each time and it still says 'No Access' and the '+Add Web Test' button is still greyed out. I also see 'No Access' for alert rules, but I haven't gotten that far yet. This seems like a bug. Any ideas? Thanks!
P.S. I did see the same problem discussed here but with no resolution.
Since webtests are an Azure resources themselves. So in order to gain access you will need contributor level access at the ResourceGroup under which your AI resource exists.
Hope this helps.
Related
I have an Azure App Service enviroment that occasionally encounters performance degradation alerts, but when I click the "See in Azure Portal" button on the notification email, I land up with a blank screen:
The URL looks similar to:
https://portal.azure.com/#blade/Microsoft_Azure_Monitoring/AlertDetailsTemplateBlade/alertId/XXX%2fMicrosoft.AlertsManagement%2falerts%2fXXX/invokedFrom/emailnoncommonschema
I must not have the right permission/access setup to view this - could anyone advise on how to rectify this?
Edit 1:
There's an error in the console mentioning the following permission, but I have now been assigned Monitoring Reader and Log Analytics Reader roles on the relevant App Service and App Insights for the resource in question, which grant me this permission - is there somewhere else I need to have these roles assigned?
Microsoft.AlertsManagement/alerts/history/read
I've also reached out on the Microsoft Q&A site here
Recently, we started using Microsoft LUIS from a Azure Account, with the desire to give access to some LUIS Apps (created by a Azure Admin Account), trying to assign these permissions to users (inside the corporation) for the contribution.
We tried to add the Contributor Role for the Azure authoring resource, but without results. After giving this access, our users reported that the LUIS platform is displaying a popup, with recommendations to switching the Azure directory. What happens is that the LUIS platform freezes, and no options are displayed to continue the process, without any Directory to go ahead.
Does anyone can recommend any other action, or even a role that we need to add for a LUIS APP Contributor?
Tried to follow these steps below:
https://learn.microsoft.com/pt-br/azure/cognitive-services/luis/luis-how-to-collaborate
The issue is not reproducible. For intermittent issues please contact Microsoft Support.
Based on a investigation done by the Microsoft team, they have discovered a very specific case when Azure admins have enabled conditional access policy requiring MFA. This was causing some breaks on LUIS portal.
The fix was successfully applied, and the Portal is working properly.
I Would like to thank all of you for the taskforce to fix the portal.
Detailed thread:
https://learn.microsoft.com/en-us/answers/questions/240393/cannot-add-contributors-on-a-luis-app-using-azure.html
I am new to azure & azure media services. I started creating sample by following https://learn.microsoft.com/en-us/azure/media-services/latest/stream-files-tutorial-with-api.
I have created media service & storage service. Now but when I reach to "API access" section. I am keep getting following error even I am top level admin role.
& the link is not that much helpful or guide what i need to do.
That would be great help if anyone can guide me what i am missing.
This normally would indicate that you do not have the correct permissions in your Azure Subscription to create a Azure AD application. You can confirm this by first going into the Subscription section of the portal and seeing what role you are in. You can also confirm this by going directly into Azure AD and trying to create an Application in that page of the portal (or use the CLI as well.) If you are getting the same error message there, it is likely that you have not been granted permission to create Azure AD applications in your primary tenant. You can contact your subscription administrator to ask them to do this for you, or add you to the permission group.
User needs to have read only access to two subscriptions, so added user to the Access
Control for both subscriptions and gave them the built in role [Readers]. Basically I want the user to be able to view Application Insights but not to create, delete, update anything else.
The user reported that they could not AI and instead saw this.
Digging into this error I got this documentation from MS.
The pertinent information is:
These items require write access to the whole Resource group that contains your website:
TLS/SSL Certificates and bindings (TLS/SSL certificates can be shared between sites in the same resource group and geo-location)
Alert rules
Autoscale settings
Application insights components
Web tests
I think the best way to proceed is to create a role that is the same as the built in Reader, and then assign write rights to Application Insights, add this role to the user, and remove the built-in reader. I am knew to Azure and would appreciate any advice or recommendation.
Try to grant the user with both Reader and Application Insights Component Contributor roles. For full list of built-in roles, see Azure built-in roles.
How about this role https://learn.microsoft.com/en-us/azure/azure-monitor/roles-permissions-security#monitoring-reader
It allows for:
- Access Application Insights data and view data in Application Insights Analytics.
Let me know if you've found some other solution.
I have somewhat similar task: provide user with readonly access to Application Insights, but without using Contributor role or custom roles.
A couple of clients gave me access to their Azure subscriptions so that I could do work for them. The work has been completed and I asked them to remove my permission from their subscriptions.
They have done this but for some reason their subscriptions still show up in my list of available subscriptions when I click on my profile in the top right of the Azure Portal.
I can click on one of the subscriptions and switch to it, but I cannot see any of their resources, or create new ones. This confirms that I do not have permissions for that subscription anymore.
So if my access has been removed, which is it still showing up in the list of subscriptions which are available to me? Is there any way I can remove it from the list?
Thanks :)
It is not possible at the moment.
The link here shows a reply from Azure customer care.
Greetings from Microsoft Azure. I reviewed your request and would like
to mention that there is unfortunately no option to remove the
disabled subscription from the Azure portal. This is by design to
enable customer’s view the subscriptions purchased by them right from
the day the Azure account was created.
This means you are still a member of the directory (even though you are no longer an admin of anything). You can ask the administrator of the directory to remove you.
You should also upvote this suggestion: https://feedback.azure.com/forums/223579-azure-portal/suggestions/13327620-remove-old-directories
If you are a co-admin you can remove yourself by navigating to Settings->Administrators->Select->Remove from the classic portal (old)