none
When trying to assign Role Based Access to a Splunk Add On Application, I do Not see Roles in our Azure Portal RRS feed

  • Question

  • Hi,

    I'm new to setting up Azure Application Access.  Recently I've been tasked with setting up Splunk Add on For 0365.  This requires setting up Role Based Access to the Application.  When I look in our Portal for Access control (IAM),  I expect there to be Roles I can add to Groups or users.  when I click on the Roles and "add role assignment"  I don't see anthing in the drop down.  Also, there is a message there indicating "Unable to access data".  I'm logged in as a Global Administrator so I'm pretty sure I have the "ability" to see and add roles.  I just don't see them.  I'm probably missing something easy and obvious.  

    thanks,

    Kevin C

    Tuesday, February 12, 2019 8:14 PM

Answers

  • Hello Kevin,

    Sorry for the delayed response. There is a new feature available through which a Global administrator can acquire "User Access Administrator" role to the subscriptions linked to the directory. You will then be able to see who is the owner of the subscription from Access control tab of subscriptions from the portal.

    Please check the steps listed in this article for detailed steps. 


    Friday, March 1, 2019 8:56 AM
    Moderator

All replies

  • Hello Kevin,

    Global Administrator will have all the permissions on the directory but not on the subscription inked to the directory. 

    To manage RBAC (Access control) you need permissions on the subscription as well. Ideally owner role should be able to manage everything. Can you check what privileges you have under "Check Access" and ensure that you have the privileges to add the roles to others ?

    You can learn more about the roles available in RBAC here. Hope this helps.

    • Proposed as answer by Manoj369 Thursday, February 14, 2019 6:01 AM
    Wednesday, February 13, 2019 9:46 AM
    Moderator
  • Please let us know if you find above reply useful. If yes, do click on 'Mark as answer' link in above reply. This will help other community members facing similar query to refer to this solution. Thanks.
    Thursday, February 21, 2019 12:01 AM
    Moderator
  • Manoj369,

    Thanks for the reply.  If I am a 0365 Global Administrator, Can I  assign myself as an owner on the subsription? I looked in the area you specified and I see my Global Admin account has no roles.  Where or Who grants the roles and can an 0365 Global Adminstrator grant themselves owner to a subscription.  I'm trying to determine if I can do that, where and  how.

    Kevin

    Friday, February 22, 2019 2:04 PM
  • Hello Kevin,

    Only an owner of the subscription can assign these permissions to another user. You would have to find out who has the owner privileges on the subscription and reach out to them to grant you access. 

    Check this quickstart guide for how to assign RBAC roles and this guide for checking access. 

    Monday, February 25, 2019 4:53 AM
    Moderator
  • Hi Mnoj,

    Thank you for your help.  In a large organization, is there a way within the tenant either in the GUI or with Powershell that I can determine who is the subscription owner?  I can see our subscription name and subscription ID.  If I contact Microsoft, can they provide me the who the Subscription owner is?

    Thanks,

    Kevin C

    Monday, February 25, 2019 2:11 PM
  • Hello Kevin,

    Sorry for the delayed response. There is a new feature available through which a Global administrator can acquire "User Access Administrator" role to the subscriptions linked to the directory. You will then be able to see who is the owner of the subscription from Access control tab of subscriptions from the portal.

    Please check the steps listed in this article for detailed steps. 


    Friday, March 1, 2019 8:56 AM
    Moderator