This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 70%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
Hi, I have prepared a managed application definition based on the already exiting ARM template. It is an application that contains code being deployed to Web Apps on App Service. The security is organized based on the SystemAssigned managed identities and appropriate role assignments in data plane.
The solution works fine when deployed in a regular way. However with exactly the same role assignments we observe 403 errors on writes to Storage Account (Blob).
How to achieve Managed Identities (system assigned) + RBAC based security within Managed Resource Group for a scenario infrastructure + application code? Presumably there is a policy that forcefully blocks writes (data plane) for Managed Resource Group resources?
Should we convert to KeyVault based connection strings/shared access tokens?
Best regards