The SP guidance az ad sp create-for-rbac
1) generates a warning that sdk-auth will be deprecated
2) grants contributor permission to the entire sub. This might be overkill but the current implementation seems like it needs it. Many customers will have admins who create resource groups and then grant the min permissions to the RG.
The SP guidance az ad sp create-for-rbac 1) generates a warning that sdk-auth will be deprecated 2) grants contributor permission to the entire sub. This might be overkill but the current implementation seems like it needs it. Many customers will have admins who create resource groups and then grant the min permissions to the RG.