Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[FEATURE REQUEST] Modify Service Principal creation to have an access to only one resource group

See original GitHub issue

Is your feature request related to a problem? Please describe. On Azure right now we don’t have access to only one resource group using Service Principal creation option.

Describe the solution you’d like We want to have possibility of creation of Service Principal with access only to specific resourge group.

Describe alternatives you’ve considered None.

Additional context

Currently, when we create a service principal (in contributor role for sub) we need to have an "owner" role in the subscription. It is very problematic when the user doesn't have owner rights.
So the problem has two folds:

1. SP being "contributor" on sub level have to be created by user with "owner" rights.
2. SP is having too wide permission (to all resources within subscription)

DoD checklist

Changelog
- updated
- not needed
COMPONENTS.md
- updated
- not needed
Schema
- updated
- not needed
Backport tasks
- created
- not needed
Documentation
- added
- updated
- not needed
Feature has automated tests
Automated tests passed (QA pipelines)
- apply
- upgrade
- backup/restore
Idempotency tested
All conversations in PR resolved
Solution meets requirements and is done according to design doc
Usage compliant with license

Issue Analytics

State:
Created 4 years ago
Comments:10 (10 by maintainers)

Top GitHub Comments

1reaction

mkyccommented, Nov 16, 2020

I would go with first option as well. My opinion is that we should:

fix documentation
ensure that current code - which creates RG right now - works ok in this scenario
create followup task in CLI repo to initialise service principal and resource group (probably in some way connected with this task)

0reactions

serivacommented, Nov 16, 2022

Not going todo anymore feature requests for Epiphany.

Top Results From Across the Web

Create an Azure AD app and service principal in the portal

Create a new Azure Active Directory app and service principal to manage access to resources with role-based access control in Azure Resource ......

Azure Service Principals: How to Create (and Understand) Them

Are you creating an Azure service principal that will have access to a subscription, resource group, or selected resources? The role. There are ......

Azure Role Based Access Control in Citrix Virtual Apps and ...

A service principal assigned a custom role at resource group scope has specified permissions in the specified resource groups. You can grant the...

Service accounts | IAM Documentation | Google Cloud

Similarly, Google Workspace assets created by a service account are not created in ... Access requests for this feature are on hold while...

Policies and permissions in IAM - AWS Identity and Access ...

Principal (Required in only some circumstances) – If you create a resource-based policy, you must indicate the account, user, role, or federated user...