To properly connect Secberus to Azure, you will need to grant role assignment permission to the necessary resources.
From the resource Overview page, select the Access control (IAM) tab on the left side of the screen:
- Click the ＋Add button.
- Select Add custom role from the dropdown menu.
- Populate the Custom role name and Description fields and select Next.
- Select + Add permissions.
- Search for 'roleAssignments' under Add permissions and select Microsoft Authorization
- Mark the checkboxes to select the Read, Write, & Delete permissions for Microsoft.Authorization/roleAssignments and click Add.
- Confirm the permissions were added and select Review + create.
- Select the Review + create tab, confirm once again you’ve selected the correct permissions & resource scope, and click Create.
Check the scope
- The scope should read as either:
- /subscriptions/ for a Subscription
- /subscriptions//resourceGroups/ for a Resource Group
- Select OK to confirm the custom role has been created.
- You will be directed back to the Access control (IAM) tab for your resource. Select Add role assignment under the + Add dropdown menu.
- Leave the Assignment type set to Job function roles and select Next.
- Use the search bar to locate the role you made in Steps 1-12. Select the role and click Next.
- Use the + Select members menu to search for and select the members you want assigned to the role. Click Select.
- Confirm the correct User(s) appears in the Members section, add an optional Description and then select Next.
- Confirm the scope and select Review + assign.
- You will be returned to the home screen with a confirmation that the role has been assigned.
You have granted a role assignment in Azure.
The user(s) should now have access to grant resource roles to registered Apps.
Updated 5 months ago