question

SaurabhSharma-3270 avatar image
0 Votes"
SaurabhSharma-3270 asked ·

What directory role access is required to create Azure policy (Add-AzureADServicePrincipalPolicy)

@amanpreetsingh-msft
Could you please help with the Azure directory role name for granting access to create Azure policy?

Add-AzureADServicePrincipalPolicy


azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MarileeTurscak avatar image
0 Votes"
MarileeTurscak answered ·

Aman answered this question in a related thread -

The Resource Policy Contributor role can create policies and perform most Azure Policy operations. That should be the minimum role required.

If that role has too many permissions, the best option would be to create a custom role. https://docs.microsoft.com/en-us/azure/role-based-access-control/custom-roles


·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.