I'm a dev. I have
WEBSITE CONTRIBUTOR
Role on my azure function that our infrastructure team created. I can't see any functions listed in my function app in the portal and this ajax request fails when I try to expand the functions list in the side nav in the azure portal:
Request URL:
https://management.azure.com/subscriptions/{{my-enterprise-subscription-id-here}}/resourceGroups/mclintdevnc-ase-rg/providers/Microsoft.Web/hostingEnvironments/mclintdevnc-aseweb?api-version=2016-09-01
Request Method:
GET
Status Code:
403
The response body on this request contains this:
{"error":{"code":"AuthorizationFailed","message":"The client '{{my-organizational-username-here}}' with object id '{{my-organizationao-user-id-here}}' does not have authorization to perform action 'Microsoft.Web/hostingEnvironments/read' over scope '/subscriptions/{{my-enterprise-subscription-id-here}}/resourceGroups/mclintdevnc-ase-rg/providers/Microsoft.Web/hostingEnvironments/mclintdevnc-aseweb'."}}
So what privledges do i need on my function app to be able to do things like see the functions, enable disable individual functions, and generate api keys for a function?
Here is the screen show of what I'm getting:
When I deploy the same code to an azure function on my personal account (which I'm an administrator for) I see this:
I'm sure I wont get administrator role in my organizations subscription, so what is the minimal set of privileges I can have so i can see my functions and perform basic configuration on them?
Website Contributormeans you can "manage websites(not web plans), but not access them".Readerrole gives you the right to read everything, but you cannot contribute.These roles are Built-in roles for Azure resources. You can find all of the Azure built-in RBAC in Microsoft docs https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
Your organization administrator can create a custom role for you if it's needed to be a Website Contributor and reader at the same time.