Open rhuanbarreto opened 10 months ago
Related/duplicate #780
This is still under consideration and there's no ETA at the moment.
@rhuanbarreto just to confirm, you added those 3 permissions to a custom role, and a user was able to start container app jobs that are typically set to run on a schedule? Did that user have any other roles assigned as well? I've been trying to get this working to no avail. I even updated the custom role (assigned at the subscription level) to include the following permissions, but that still did not allow them to start container app jobs manually:
Only after over-provisioning the user with the Contributor role finally granted them access to start them manually. I even opened a ticket with Azure support, but it went ignored for over a week and when they finally did reach out, they simply told me that they don't support custom roles at all.
My trigger type is "Manual"
. So I use those 3 roles and it works.
@jeremyaltman Have you checked network access thoroughly? I've sometimes had a network access look like a permissions issue because of a vague error message.
My trigger type is
"Manual"
. So I use those 3 roles and it works.
I also used these 3 roles for "manual" and gave the access on subscription level but it is not working in my case. I can not click on "Run now".
@jeremyaltman Were you able to get it working without giving the contributor role?
Also the new built-in role "Container Apps Jobs Operator" is not working. See https://github.com/maciejporebski/azure-rbac-change-tracking/blob/main/roles/b9a307c4-5aa3-4b52-ba60-2b17c136cd7b.json
The built-in role "Container Apps Jobs Contributor" is working but the user can do more than just start/stop/read Container App Job.
Is your feature request related to a problem? Please describe.
Today there's no builtin role that allows a user or a service principal to trigger container app jobs.
Describe the solution you'd like.
I would like to have a builtin azure rbac role that I could assign to Service Principals or system-assigned managed identity so they could trigger job executions.
Describe alternatives you've considered.
Today I've created a custom role with the following 3 actions:
And assigned it. it just works.