-
Notifications
You must be signed in to change notification settings - Fork 195
Comment update to register app as owner #262
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
While the Owner
role is sufficient to deploy onefuzz, we should recommend using the minimum required roles.
Currently, deployment-role.json shows most of the roles required, but needs to be expanded given the recent change to user assigned managed identity creation on install.
Currently, user assigned managed identity don't work with service principal credential deployment. I will return back to this PR after the fix. |
@anshuman-goel the deployment issue is caused by the fact that your deployment credential is missing the permission AppRoleAssignment.ReadWrite.All which require admin approval currently |
It turns out that I cannot create because there is a limit of 2000 custom roles per tenant. |
A few thoughts.
|
That looks reasonable. I will update the comment shortly. |
To clarify is this the
I'm assuming that of the common roles |
the delegated permission should suffice according to the documentation
Correct
Yes, and the json file linked contains the definition for the custom role |
Summary of the Pull Request
For better instruction updating the comment to indicate adding application as owner in resource group.
PR Checklist