Skip to content

Commit 251c2c9

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #273427 from greg-lindsay/appgw-issues
replace incorrect merge
2 parents 2e506af + 694066e commit 251c2c9

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

articles/application-gateway/configuration-infrastructure.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 04/18/2024
8+
ms.date: 04/25/2024
99
ms.author: greglin
1010
---
1111

@@ -70,7 +70,9 @@ The virtual network resource supports [DNS server](../virtual-network/manage-vir
7070

7171
The Application Gateway resource is deployed inside a virtual network, so checks are also performed to verify the permission on the virtual network resource. This validation is performed during both creation and management operations and also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
7272

73-
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.yml) to verify that the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the virtual network or subnet. This validation also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
73+
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.yml) to verify that the users and service principals that operate application gateways have at least the following permissions on the virtual network or subnet:
74+
- **Microsoft.Network/virtualNetworks/subnets/join/action**
75+
- **Microsoft.Network/virtualNetworks/subnets/read**
7476

7577
You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support these permissions. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
7678

0 commit comments

Comments
 (0)