Create a detailed documentation on permissions for AAD/subscription

azuredevcollege / trainingdays

Azure Developer College's application development training days content.

238 stars 142 forks source link

Create a detailed documentation on permissions for AAD/subscription #143

Open cdennig opened 3 years ago

cdennig commented 3 years ago

We need a new section in the corresponding setup challenges of Day 2 / 7 for participants to be able to setup the Azure environment upfront:

What permissions are needed to complete all challenges?
How to test if a user has the correct setup?

CC: @AndreasM009

waeltken commented 3 years ago

To my knowledge we need:

Subscription: Owner or Contributor + User Access Administrator Active Directory: Azure Application Administrator Role

For Active Directory the Application Developer role might also be enough?

cdennig commented 3 years ago

Is this also sufficient for the k8s stuff?

AndreasM009 commented 3 years ago

For day5 we need Application Administrator Role in AAD. This role is needed to consent OAuth2 Permissions. Application Developer role is only enough if users are allowed to grant consent to OAuth2 permissions. It is a setting that can be configured under AAD-> Enterprise Applications -> User settings. There is also a setting under AAD -> App Registration -> User Settings to allow non Administrators to register applications. But we have to test that, if the configuration in User settings would be enough.