Closed ogiel closed 1 year ago
@Fuchio Thanks for your feedback! We will investigate and update as appropriate.
Hi @Fuchio, thank you for your feedback! I will add some more information, here and in the document.
Here are the steps:
On the Role tab, select the role of Azure Digital Twins Data Owner. (This is the page that has a screenshot in the document currently)
On the "Members" tab, assign access to User, group, or service principal. Then, use + Select members to open the pane on the right, where you can search for the app registration by its name or Client ID, and select it to add the role. (I will add this screenshot to the document)
On the Review + assign tab, select the Review + assign button to finish the role assignment.
I am adding to the document in this pull request (PR): https://github.com/MicrosoftDocs/azure-docs-pr/pull/223660
Since the PR addresses the issue, I'll have Git automatically close this issue when the PR is merged. However, feel free to continue the conversation here and we can reopen if needed.
Thank you!
@Fuchio: Also, if you continue to see authorization errors after adding the role and would like some help digging into your solution, I'd like to suggest the Microsoft Q&A forum for Azure Digital Twins. This is Azure’s preferred destination for community support, and is attended by Microsoft Engineers, Azure Most Valuable Professionals (MVPs), and our expert community. It’s a good place to post questions that might be solution-specific.
Thanks a lot. This was the solution. However, i had to search on registered app name, not id.
Thanks for the reply and additional information! I've confirmed that it appears to work better using the app name, so I'll update the instructions to recommend searching by name. That work is being done in this PR: https://github.com/MicrosoftDocs/azure-docs-pr/pull/280353
Unclear how to assign Azure Digital Twins Data Owner role to App Registration.
Hey Microsoft, I think it is unclear in the current docs how to assign roles to an App Registration, and there are pictures that try to show how it should look like but the important part is cut out.
From the docs under heading Create role assignment: "In this section, you'll create a role assignment for the App Registration on the Azure Digital Twins instance." It then suggests the Azure Digital Twins Data Owner role. However, when following the steps in the next to images, there is no option to actually assign this role to the App Registration. It only shows users and managed identities under the member tab, and there is no managed identity option in the App Registration resource itself (like how it works with other resources).
Under Verify role assignments there is another screenshot that just shows the tab Role assigment, but it does not show how that App Registration has been selected.
I am building a React app with MSAL and ADT and getting Unauthorized errors, I think this might be the issue I can nowhere find how to add App Registrations as roles from within other resources than the App Registration itself.
I think this page could be improved by giving some more information about this issue and not cropping the screenshots.
EDIT: Assigning the role through CLI works even though the same action is not possible through UI. Unfortunately I am still getting the same 401 Unauthorized error.
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.