search

Azure / azure-dev

A developer CLI that reduces the time it takes for you to get started on Azure. The Azure Developer CLI (azd) provides a set of developer-friendly commands that map to key stages in your workflow - code, build, deploy, monitor, repeat.
https://aka.ms/azd
MIT License
400 stars 192 forks source link

Should azd describe the minimum and individual required permissions per command? #2899

Open vhvb1989 opened 11 months ago

vhvb1989 commented 11 months ago

Related / Contex issue: https://github.com/Azure-Samples/azure-search-openai-demo/issues/848

Azd doesn't currently provide a granular list of required Azure permissions for running each command.
The documentation makes reference to some general roles (like Subscription-contributor/owner/admin) as what it is required for using azd. However, for someone who wants to be very specific, or needs to create a custom role containing only the minimum required permissions to run commands, like creating a custom role for each azd-command which is given to users depending on what the user will be able to run, there are no documentation from azd about how to do this.

Opening this issue for Team's consideration about bringing and maintaining such specific documentation per command.

jongio commented 10 months ago

The nodejs-mongo-aks template has this:

This templates requires Owner or User Access Administrator role to provision successfully

All templates that use RBAC should include this statement.