DEVHIDE
Login Or Sign up

Azure APIM - RBAC Role for approving subscription requests

120 Views Asked by At

I have azure apim premium instance and I want to provide a specific ad group users with access to approve the subscription requests. How can i give this group read access and subscription approval access rights via RBAC? is there a specific custom rbac permission I should create?

azure azure-api-management azure-rbac
Original Q&A
1

There are 1 best solutions below

1
On BEST ANSWER

I have one APIM service named sriapimdemo with below subscriptions in it like this:

enter image description here

To activate/approve subscription requests, you can create custom RBAC by includingMicrosoft.ApiManagement/service/subscriptions/write action with all other read permissions.

I created one custom RBAC role named Subscription Approver with below permissions:

Sample.json:

{
    "id": "/subscriptions/subId/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxxx",
    "properties": {
        "roleName": "Subscription Approver",
        "description": "Approves subscriptions in APIM",
        "assignableScopes": [
            "/subscriptions/subId"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.ApiManagement/service/*/read",
                    "Microsoft.ApiManagement/service/read",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.Insights/alertRules/*",
                    "Microsoft.ResourceHealth/availabilityStatuses/read",
                    "Microsoft.Resources/deployments/*",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Support/*",
                    "Microsoft.ApiManagement/service/subscriptions/write"
                ],
                "notActions": [
                    "Microsoft.ApiManagement/service/users/keys/read"
                ],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

I assigned this custom RBAC role to one user under the APIM resource like this:

enter image description here

Now, I signed in with that user and clicked on Activate option of suspended subscription:

enter image description here

When I refreshed the page, subscription activated successfully as below:

enter image description here

Related Questions in AZURE

Related Questions in AZURE-API-MANAGEMENT

Related Questions in AZURE-RBAC

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.