backport of commit 4811ef9cc3885f83e204aea86083589b22c19d62 (#22025)

Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
2023-07-21 18:09:47 -04:00 · 2023-07-21 18:09:47 -04:00 · 08187d2ca4
parent 94dc0d67e0
commit 08187d2ca4
1 changed files with 7 additions and 3 deletions
--- a/website/content/docs/secrets/azure.mdx
+++ b/website/content/docs/secrets/azure.mdx
@ -237,6 +237,9 @@ service principals.
 | Application.ReadWrite.OwnedBy | Application |
 | GroupMember.ReadWrite.All     | Application |
 ~> **Note**: If you plan to use the [rotate root](/vault/api-docs/secret/azure#rotate-root)
 credentials API, you'll need to change `Application.ReadWrite.OwnedBy` to `Application.ReadWrite.All`.
 #### Existing Service Principals
 | Permission Name               | Type        |
@ -251,8 +254,8 @@ must be granted in order for the secrets engine to manage role assignments for s
 principles it creates.
 | Role                                           | Scope        | Security Principal                          |
-| ----- | ------------ | ------------------------------------------- |
+|------------------------------------------------| ------------ | ------------------------------------------- |
-| Owner | Subscription | Service Principal ID given in configuration |
+| [User Access Administrator][user_access_admin] | Subscription | Service Principal ID given in configuration |
 ## Choosing between dynamic or existing service principals
@ -320,3 +323,4 @@ for more details.
 [api]: /vault/api-docs/secret/azure
 [config]: /vault/api-docs/secret/azure#configure-access
 [repo]: https://github.com/hashicorp/vault-plugin-secrets-azure
 [user_access_admin]: https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator