You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-maps/azure-maps-authentication.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -96,7 +96,7 @@ The following role definition types exist to support application scenarios.
96
96
| Azure Maps Data Contributor | Provides access to mutable Azure Maps REST APIs. Mutability is defined by the actions: write and delete. |
97
97
| Custom Role Definition | Create a crafted role to enable flexible restricted access to Azure Maps REST APIs. |
98
98
99
-
Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services which provide write or delete actions. The following table describes which services Azure Maps Data Contributor is applicable for when using write or delete actions on the given service. If only read actions are used on the service, then Azure Maps Data Reader can be used instead of Azure Maps Data Contributor.
99
+
Some Azure Maps services may require elevated privileges to perform write or delete actions on Azure Maps REST APIs. Azure Maps Data Contributor role is required for services, which provide write or delete actions. The following table describes what services Azure Maps Data Contributor is applicable when using write or delete actions. When only read actions are required, the Azure Maps Data Reader role can be used in place of the Azure Maps Data Contributor role.
100
100
101
101
| Azure Maps Service | Azure Maps Role Definition |
@@ -108,7 +108,7 @@ For information about viewing your Azure RBAC settings, see [How to configure Az
108
108
109
109
#### Custom role definitions
110
110
111
-
One aspect of application security is to apply the principle of least privilege. This principle implies that the security principal should only be allowed the access which is required, and have no additional access. Creating custom role definitions can support use cases which require further granularity to access control. To create a custom role definition, you can select specific data actions to include or exclude for the definition.
111
+
One aspect of application security is the principle of least privilege, the practice of limiting access rights to only those needed to do the job at hand. To accomplish this, create custom role definitions that support use cases, which require further granularity to access control. To create a custom role definition, select specific data actions to include or exclude for the definition.
112
112
113
113
The custom role definition can then be used in a role assignment for any security principal. To learn more about Azure custom role definitions, see [Azure custom roles](../role-based-access-control/custom-roles.md).
114
114
@@ -117,9 +117,9 @@ Here are some example scenarios where custom roles can improve application secur
| A public facing or interactive sign-in web page with base map tiles and no other REST APIs. |`Microsoft.Maps/accounts/services/render/read`|
120
-
| An application which only requires reverse geocoding and no other REST APIs. |`Microsoft.Maps/accounts/services/search/read`|
121
-
| A role for a security principal which requests reading of Azure Maps Creator based map data and base map tile REST APIs. |`Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/render/read`|
122
-
| A role for a security principal which requires reading, writing, and deleting of Creator based map data. This can be defined as a map data editor role but does not allow access to other REST APIs like base map tiles. |`Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/data/write`, `Microsoft.Maps/accounts/services/data/delete`|
120
+
| An application, which only requires reverse geocoding and no other REST APIs. |`Microsoft.Maps/accounts/services/search/read`|
121
+
| A role for a security principal, which requests reading of Azure Maps Creator based map data and base map tile REST APIs. |`Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/render/read`|
122
+
| A role for a security principal, which requires reading, writing, and deleting of Creator based map data. This can be defined as a map data editor role, but does not allow access to other REST APIs like base map tiles. |`Microsoft.Maps/accounts/services/data/read`, `Microsoft.Maps/accounts/services/data/write`, `Microsoft.Maps/accounts/services/data/delete`|
0 commit comments