You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/stream-analytics/service-bus-managed-identity.md
+3-7Lines changed: 3 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: enkrumah
5
5
ms.author: ebnkruma
6
6
ms.service: stream-analytics
7
7
ms.topic: how-to
8
-
ms.date: 08/09/2022
8
+
ms.date: 08/10/2022
9
9
ms.custom: subject-rbac-steps
10
10
---
11
11
@@ -37,14 +37,10 @@ First, you create a managed identity for your Azure Stream Analytics job.
37
37
38
38
## Grant the Stream Analytics job permissions to access Azure Service Bus
39
39
40
-
For the Stream Analytics job to access your Service Bus using managed identity, the service principal you created must have special permissions to your Azure Service Bus resource. In this step, you can assign a role to your stream analytics job's system-assigned managed identity. Azure provides the below Azure built-in roles for authorizing access to a Service Bus namespace. For Azure Stream Analytics you would need these:
40
+
For the Stream Analytics job to access your Service Bus using managed identity, the service principal you created must have special permissions to your Azure Service Bus resource. In this step, you can assign a role to your stream analytics job's system-assigned managed identity. Azure provides the below Azure built-in roles for authorizing access to a Service Bus namespace. For Azure Stream Analytics you would need this role:
41
41
42
-
-[Azure Service Bus Data Owner](../role-based-access-control/built-in-roles.md#azure-service-bus-data-owner): Enables data access to Service Bus namespace and its entities (queues, topics, subscriptions, and filters)
43
42
-[Azure Service Bus Data Sender](../role-based-access-control/built-in-roles.md#azure-service-bus-data-sender): Use this role to give send access to Service Bus namespace and its entities.
44
43
45
-
> [!TIP]
46
-
> When you assign roles, assign only the needed access. For more information about the importance of least privilege access, see the [Lower exposure of privileged accounts](../security/fundamentals/identity-management-best-practices.md#lower-exposure-of-privileged-accounts) article.
47
-
48
44
1. Select **Access control (IAM)**.
49
45
50
46
2. Select **Add** > **Add role assignment** to open the **Add role assignment** page.
@@ -53,7 +49,7 @@ For the Stream Analytics job to access your Service Bus using managed identity,
53
49
54
50
| Setting | Value |
55
51
| --- | --- |
56
-
| Role | Azure Service Bus Data Owner or Azure Service Bus Data Sender |
52
+
| Role | Azure Service Bus Data Sender |
57
53
| Assign access to | User, group, or service principal |
0 commit comments