Backport of secrets/azure: update minimal permissions recommendation into release/1.14.x (#21917)
* no-op commit due to failed cherry-picking * secrets/azure: update minimal permissions recommendation (#21897) --------- Co-authored-by: temp <temp@hashicorp.com> Co-authored-by: Austin Gebauer <34121980+austingebauer@users.noreply.github.com>
This commit is contained in:
parent
17a6700f6c
commit
299f33d016
|
@ -226,12 +226,23 @@ in the configuration or environment variables.
|
|||
### MS Graph API Permissions
|
||||
|
||||
The following MS Graph [API permissions](https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions)
|
||||
must be assigned to the service principal provided to Vault for managing Azure:
|
||||
must be assigned to the service principal provided to Vault for managing Azure. The permissions
|
||||
differ depending on if you're using [dynamic or existing](#choosing-between-dynamic-or-existing-service-principals)
|
||||
service principals.
|
||||
|
||||
#### Dynamic Service Principals
|
||||
|
||||
| Permission Name | Type |
|
||||
| ----------------------------- | ----------- |
|
||||
| Application.ReadWrite.OwnedBy | Application |
|
||||
| GroupMember.ReadWrite.All | Application |
|
||||
|
||||
#### Existing Service Principals
|
||||
|
||||
| Permission Name | Type |
|
||||
| ----------------------------- | ----------- |
|
||||
| Application.ReadWrite.All | Application |
|
||||
| Group.ReadWrite.All | Application |
|
||||
| GroupMember.ReadWrite.All | Application |
|
||||
|
||||
### Role Assignments
|
||||
|
||||
|
|
Loading…
Reference in New Issue