A user in our organization needs to create static web apps in Azure. Please let us know the appropriate RBAC role and scope which can be assigned for that user.
A user in our organization needs to create static web apps in Azure. Please let us know the appropriate RBAC role and scope which can be assigned for that user.
Hi @SysAdmin-3492,
If you are looking for least privileged, then Website contributor should be fine; see https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#website-contributor. You don't need to create a separate app service plan when creating a Static Web App. You can apply this at the subscription level or at the resource group level.
Regards,
Ryan
Hi Ryanchill,
Greetings of the day!! Hope you are doing well..
I assigned the 'Website Contributor' IAM role as suggested by you for the user's ID, both at Resource Group level as well as Subscription level. But the user is getting an error in the 'Basics' section while trying to name the Static Web App (Preview) resource :-
"The client 'XXXX@XXXX.com' with object id 'XXXXXX-XXXX-XXXX-XXXXX' does not have authorization to perform action 'Microsoft.Web/staticsites/read' over scope '/subscriptions/xxxxxxxxxxxxxxxx/resourceGroups/XXXX/providers/Microsoft.Web/staticsites/saszf' or the scope is invalid. If access was recently granted, please refresh your credentials. "
Please help.
Thanks & Regards,
SysAdmin-3492
Apologies for the delayed response @SysAdmin-3492. I've heard back from the product team and try applying Microsoft.Web/staticSites/Write. This is not documented since Static Web Sites is still preview. Please do let me know if this works or not.
{
"Name": "Microsoft.Web/staticSites/Write",
"Display": {
"Provider": "Microsoft Web Apps",
"Resource": "Static Site",
"Operation": "Create or Update Static Site",
"Description": "Create a new Static Site or update an existing one"
},
"Origin": "user,system"
},
Hi @ryanchill ,
Given that Azure Static Web Apps is now generally available, what is the appropriate RBAC role to assign to a user so that they can create and manage Static Web Sites?
Under a resource group, in the "Add role assignment" page, I searched for a term "static" and no results came up.
Thanks.
4 people are following this question.