Open ezYakaEagle442 opened 1 year ago
In Azure Spring Apps, the apps and deployments are exposed and managed through the ARM APIs. So the RBAC can be applied to apps and deployments by default.
You can check Assign Azure roles using Azure CLI - Azure RBAC | Microsoft Learn for the general way to assign roles to a given scope. In this case, the scope will be resource ID of apps or deployments.
We will add a page in our docs site to describe this.
ok may be it works with CLI, but definitely it is not possible to configure this through Azure Portal as the 'IAM' link is available only at ASA service instance level. ==> RFE : add IAM in the left blade at App & Deployment level
add this as feature candidate for Ga semester planning.
Is your feature request related to a problem? Please describe. The doc describes how to managed role permissions but this does not address a common scenario where a customer has 3 Teams A, B & C and where :
Describe the solution you'd like All the permissions listed in the doc should be more granular allowing to configure it at App Level ASA should support an RBAC solution integrated with AAD , something like what we have in AKS
This would require to deploy App to a specific namespace for each App. See https://github.com/Azure/Azure-Spring-Apps/issues/21
Describe alternatives you've considered None
Additional context