DCMattyG
commented
5 months ago Hi @harsimranmaan, this is a fair ask an other have made it too. This is on the near-term roadmap so it should be available in the deployment script soon.
In the meantime you can simply add the IPAM Engine Service Principal as a Reader on the target Management Group, then remove it from the Root Management Group as a workaround.
I'll update this issue and link it to the PR once we've added this option to the deployment script. Thanks so much for reaching out and the great suggestion!
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] I am interested in deploying the solution a specific management group instead of the Tenant Root Describe the solution you'd like A clear and concise description of what you want to happen.
It should be possible to restrict the IPAM solution to a specific management group and its children. Multiple IPAM instances can be deployed based on organizational use cases within a tenant.
It should be possible to specify an additional attribute
MANAGEMENT_GROUP_IDto the config and use it for looking up networking details. TheTENANT_IDwould still be needed for auth token verification.Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered. Install IPAM with Reader access to Tenant Root
Additional context Add any other context or screenshots about the feature request here. Grant Reader access at the Tenant Root is not a desired option