Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthorizationFailed need permission for 'Microsoft.AppPlatform/Spring/gateways/listEnvSecrets/action' #37

Öffnen Sie
ezYakaEagle442 opened this issue Feb 28, 2023 · 4 comments
Öffnen Sie

AuthorizationFailed need permission for 'Microsoft.AppPlatform/Spring/gateways/listEnvSecrets/action' #37

ezYakaEagle442 opened this issue Feb 28, 2023 · 4 comments
Assignees
@ninpan-ms
Labels
Bug Something isn't working Tracking

Kommentare

@ezYakaEagle442
Copy link

Describe the bug

The client '[email protected]' with object id 'XXXXXX does not have authorization to perform action 'Microsoft.AppPlatform/Spring/gateways/listEnvSecrets/action' over scope '/subscriptions/xxxx/resourceGroups/rg-iac-asa-petclinic-mic-srv/providers/Microsoft.AppPlatform/Spring/asae-petcliasa/gateways/default' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)

To Reproduce
Steps to reproduce the behavior:

  1. Create a guest User on the Tenant
  2. At the ASA-E level, click on IAM
  3. Add role 'Azure Spring Cloud Data Reader' to this user
  4. Ask this guest user to connect to the portal
  5. Ask this guest user to switch Directory to go your Tenant
  6. Ask this guest user to click on the Azure Spring Cloud Gateway

Expected behavior
A clear and concise description of what you expected to happen.

A Built-in role should be created and documented

Screenshots
ASA-E _ Spring Cloud Gateway Custom Role

Additional context
I had to create a custom Role and add permission 'Other: List environment variables secret for Microsoft Azure Spring Apps Spring Cloud Gateway '

Can we contact you for additional details?
Y

If yes, please send us your contact information to [email protected] and include the issue number in the email title.
@ezYakaEagle442
Copy link
Author

This should be documented at https://learn.microsoft.com/en-us/azure/spring-apps/how-to-permissions?tabs=Azure-portal

ezYakaEagle442 added a commit to ezYakaEagle442/azure-spring-apps-petclinic-mic-srv that referenced this issue Mar 1, 2023
@ezYakaEagle442
to View Spring Cloud Gateway , add ref to Azure/Azure-Spring-Apps#37
09af562
@allxiao allxiao added Bug Something isn't working Tracking labels Mar 15, 2023
@ninpan-ms
Copy link

I have created a bug internally to track the issue and will add it to our document soon.

@ninpan-ms
Copy link

Tracked by another issue: #22

@ninpan-ms
Copy link

@ezYakaEagle442 I was trying to reproduce, but I found that the role "Azure Spring Cloud Data Reader" is not sufficient even for opening the service blade. Then I created a custom role which contains all permission of the role "Contributor" but without "gateways/listEnvSecrets" and then assign to a user.
image

The user can not access the service, but when the Spring Cloud Gateway blade opens, it popped up error like below which is excepted:
image

Is that the same as what you meet?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ninpan-ms ninpan-ms

Labels
Bug Something isn't working Tracking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@allxiao @ezYakaEagle442 @ninpan-ms