You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/event-hubs/authorize-access-azure-active-directory.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,11 +2,11 @@
2
2
title: Authorize access with Microsoft Entra ID
3
3
description: This article provides information on authorizing access to Event Hubs resources using Microsoft Entra ID.
4
4
ms.topic: conceptual
5
-
ms.date: 10/25/2022
5
+
ms.date: 12/11/2023
6
6
---
7
7
8
8
# Authorize access to Event Hubs resources using Microsoft Entra ID
9
-
Azure Event Hubs supports using Microsoft Entra ID to authorize requests to Event Hubs resources. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which may be a user, or an application service principal. To learn more about roles and role assignments, see [Understanding the different roles](../role-based-access-control/overview.md).
9
+
Azure Event Hubs supports using Microsoft Entra ID to authorize requests to Event Hubs resources. With Microsoft Entra ID, you can use Azure role-based access control (Azure RBAC) to grant permissions to a security principal, which can be a user, or an application service principal. To learn more about roles and role assignments, see [Understanding the different roles](../role-based-access-control/overview.md).
10
10
11
11
## Overview
12
12
When a security principal (a user, or an application) attempts to access an Event Hubs resource, the request must be authorized. With Microsoft Entra ID, access to a resource is a two-step process.
@@ -23,7 +23,7 @@ Native applications and web applications that make requests to Event Hubs can al
23
23
## Assign Azure roles for access rights
24
24
Microsoft Entra authorizes access rights to secured resources through [Azure role-based access control (Azure RBAC)](../role-based-access-control/overview.md). Azure Event Hubs defines a set of Azure built-in roles that encompass common sets of permissions used to access event hub data and you can also define custom roles for accessing the data.
25
25
26
-
When an Azure role is assigned to a Microsoft Entra security principal, Azure grants access to those resources for that security principal. Access can be scoped to the level of subscription, the resource group, the Event Hubs namespace, or any resource under it. A Microsoft Entra security principal may be a user, or an application service principal, or a [managed identity for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
26
+
When an Azure role is assigned to a Microsoft Entra security principal, Azure grants access to those resources for that security principal. Access can be scoped to the level of subscription, the resource group, the Event Hubs namespace, or any resource under it. A Microsoft Entra security principal can be a user, or an application service principal, or a [managed identity for Azure resources](../active-directory/managed-identities-azure-resources/overview.md).
27
27
28
28
## Azure built-in roles for Azure Event Hubs
29
29
Azure provides the following Azure built-in roles for authorizing access to Event Hubs data using Microsoft Entra ID and OAuth:
@@ -42,13 +42,13 @@ Before you assign an Azure role to a security principal, determine the scope of
42
42
The following list describes the levels at which you can scope access to Event Hubs resources, starting with the narrowest scope:
43
43
44
44
-**Consumer group**: At this scope, role assignment applies only to this entity. Currently, the Azure portal doesn't support assigning an Azure role to a security principal at this level.
45
-
-**Event hub**: Role assignment applies to the Event Hub entity and the consumer group under it.
45
+
-**Event hub**: Role assignment applies to event hubs and their consumer groups.
46
46
-**Namespace**: Role assignment spans the entire topology of Event Hubs under the namespace and to the consumer group associated with it.
47
47
-**Resource group**: Role assignment applies to all the Event Hubs resources under the resource group.
48
48
-**Subscription**: Role assignment applies to all the Event Hubs resources in all of the resource groups in the subscription.
49
49
50
50
> [!NOTE]
51
-
> - Keep in mind that Azure role assignments may take up to five minutes to propagate.
51
+
> - Keep in mind that Azure role assignments might take up to five minutes to propagate.
52
52
> - This content applies to both Event Hubs and Event Hubs for Apache Kafka. For more information on Event Hubs for Kafka support, see [Event Hubs for Kafka - security and authentication](azure-event-hubs-kafka-overview.md#security-and-authentication).
53
53
54
54
@@ -59,7 +59,7 @@ For more information about how built-in roles are defined, see [Understand role
These samples use the old**Microsoft.Azure.EventHubs** library, but you can easily update it to using the latest **Azure.Messaging.EventHubs** library. To move the sample from using the old library to new one, see the [Guide to migrate from Microsoft.Azure.EventHubs to Azure.Messaging.EventHubs](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/eventhub/Azure.Messaging.EventHubs/MigrationGuide.md).
62
+
These samples use the legacy**Microsoft.Azure.EventHubs** library, but you can easily update it to using the latest **Azure.Messaging.EventHubs** library. To move the sample from using the legacy library to new one, see the [Guide to migrate from Microsoft.Azure.EventHubs to Azure.Messaging.EventHubs](https://github.com/Azure/azure-sdk-for-net/blob/master/sdk/eventhub/Azure.Messaging.EventHubs/MigrationGuide.md).
0 commit comments