Skip to content

[Question] Role based Access Control #1283

Description

@MMollyy

Hi,

I've been reading up a bit on the Azure Functions, and I was wondering how we can control/prevent the Azure Function from accessing specific resources.
The documentation does mention authentication against the Azure Function, so that for instance a specific client ID and secret is being used to be able to use the Function. This is only the frontend though.
I want to make sure that the Function is limited by a set of permissions towards the backend.

For instance:

  • I want to the Azure Function to only have permissions to start/stop/restart servers in 1 resource group.
  • I want the Azure Function to only be allowed to read, write on virtual machines within 1 resource group.

Basically, I want to put RBAC on the Function to prevent it from ever being able to be abused/used on accident or maliciously on resources it shouldn't.

It doesn't get mentioned in the documentation. So I can make the assumption that whatever permissions are assigned to the application/service principal, which is used to call the function, is whatever limitation the Azure Function has. But I would rather not assume or guess, because that could involve some security concerns as I am looking towards the possible use of Azure Functions for a project I'm working on.

Metadata

Metadata

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions