You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Azure Role-based access control (RBAC) and Device Update
12
12
13
-
Device Update uses Azure RBAC to provide authentication and authorization for users and service APIs.
13
+
Device Update uses Azure RBAC to provide authentication and authorization for users and service APIs. In order for other users and applications to have access to Device Update, users or applications must be granted access to this resource. It is also necessary to [configure access for Azure Device Update service principal](./device-update-control-access.md.md) for successfully deploying updates and managing your devices.
14
14
15
15
## Configure access control roles
16
16
17
-
In order for other users and applications to have access to Device Update, users or applications must be granted access to this resource. Here are the roles that are supported by Device Update:
17
+
These are the roles that are supported by Device Update:
18
18
19
19
| Role Name | Description |
20
20
| :--------- | :---- |
@@ -27,6 +27,23 @@ In order for other users and applications to have access to Device Update, users
27
27
28
28
A combination of roles can be used to provide the right level of access. For example, a developer can import and manage updates using the Device Update Content Administrator role, but needs a Device Update Deployments Reader role to view the progress of an update. Conversely, a solution operator with the Device Update Reader role can view all updates, but needs to use the Device Update Deployments Administrator role to deploy a specific update to devices.
29
29
30
+
## Configuring access for Azure Device Update service principal in the IoT Hub
31
+
32
+
Device Update for IoT Hub uses [Automatic Device Management](https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-automatic-device-management) for deployments and uses ADM configs to perform device management operations like updates at scale. In order to enable Device Update to do this, users need to set Contributor access for Azure Device Update Service Principal in the IoT Hub permissions.
33
+
34
+
Below actions will be blocked if these permissions are not set:
35
+
* Create Deployment
36
+
* Cancel Deployment
37
+
* Retry Deployment
38
+
* Get Device
39
+
40
+
1. Go to the **IoT Hub** connected to your Device Update Instance and click **Access Control(IAM)**
41
+
2. Click **+ Add** -> **Add role assignment**
42
+
3. Under Role tab, select **Contributor**
43
+
4. Click **Next**. For **Assign access to**, select **User, group, or service principal**. Click **+ Select Members**, search for '**Azure Device Update**'
44
+
5. Click **Next** -> **Review + Assign**
45
+
46
+
30
47
## Authenticate to Device Update REST APIs
31
48
32
49
Device Update uses Azure Active Directory (AD) for authentication to its REST APIs. To get started, you need to create and configure a client application.
0 commit comments