You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-nexus/concepts-cross-subscription-deployments-required-rbac-for-network-fabric.md
+10-12Lines changed: 10 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,27 +9,25 @@ ms.date: 09/17/2024
9
9
ms.custom: template-concept
10
10
---
11
11
12
-
# Managing Azure Network Fabric Resources Across Subscriptions
13
-
14
-
## Overview
12
+
# Managing Azure Network Fabric resources across subscriptions
15
13
16
14
This document outlines the requirements and behaviors associated with managing Nexus Network Fabric (NNF) resources in Azure when dealing with multiple subscriptions. It describes various scenarios involving different levels of access permissions that can affect operations across subscriptions. This document also covers the linked access check implementation, which ensures that proper permissions and access controls are enforced when managing Network Fabric (NNF) resources across multiple subscriptions, verifying that the required cross-subscription links have the necessary authorizations in place.
17
15
18
16
## Scenarios
19
17
20
-
### Limited access in Subscription A
18
+
### Limited access in subscription A
21
19
22
20
In this scenario, the user has access to two subscriptions: **Subscription A** and **Subscription B**. In **Subscription A**, the user has only `read` access to the Network Fabric (NNF) resources.
23
21
24
22
**Outcome:** When the user tries to create or manage any NNF resource in **Subscription B** by referencing the NNF resource from **Subscription A**, the operation fails with a `LinkedAuthorizationFailed` error. This failure occurs because the user does not have the necessary `Join` access to the NNF resource.
25
23
26
-
### Sufficient Access in Both Subscriptions
24
+
### Sufficient access in both subscriptions
27
25
28
26
In this scenario, the user has access to both **Subscription A** and **Subscription B**, with either `Contributor` or `Owner` permissions in both subscriptions.
29
27
30
28
**Outcome**: When the user tries to create or manage Network Fabric (NNF) resources in **Subscription B** by referencing NNF resources in **Subscription A**, the operation succeeds. This confirms that sufficient permissions enable successful resource management across subscriptions.
31
29
32
-
### No Access to Subscription A
30
+
### No access to subscription A
33
31
34
32
In this scenario, the user has no access to **Subscription A**, where the Network Fabric (NNF) resources are deployed, but has Contributor or Owner rights in **Subscription B**.
35
33
@@ -39,7 +37,7 @@ When the user tries to create or manage NNF resources in **Subscription B** by r
39
37
>[!NOTE]
40
38
>Network Fabric cannot be created in a different subscription than the referenced Network Fabric Controller (NFC).
41
39
42
-
## Permissions Overview
40
+
## Permissions overview
43
41
44
42
To effectively manage NNF resources across Azure subscriptions, users must have the appropriate permissions. The following permissions are essential:
45
43
@@ -53,22 +51,22 @@ To effectively manage NNF resources across Azure subscriptions, users must have
53
51
54
52
-**Join access:** Users must have Join access to the specific NNF resources they wish to reference. For example, when a user tries to create an L2 or L3 isolation domain in **Subscription B** while referencing an NNF resource in **Subscription A**, the user must have Join access on the NNF resource.
55
53
56
-
## Resource Management Considerations
54
+
## Resource management considerations
57
55
58
-
### Resource Creation
56
+
### Resource creation
59
57
60
58
- Ensure that users have the necessary subscription-level permissions before attempting to create NNF resources.
61
59
62
60
- When referencing resources from another subscription, confirm that the user has both read access to that subscription and Join access to the specific NNF resource.
63
61
64
-
### Resource Configuration
62
+
### Resource configuration
65
63
66
64
- Users with 'Contributor` or `Owner` access can configure NNF resources. However, they must have the appropriate permissions for each specific configuration action.
67
65
68
-
### Resource Deletion
66
+
### Resource deletion
69
67
70
68
- Deleting NNF resources typically requires `Contributor`, `Owner` or `Delete` access on the resource. Users should be aware of any dependencies that may prevent deletion.
71
69
72
-
### Cross-Subscription Management
70
+
### Cross-Subscription management
73
71
74
72
- When managing NNF resources across multiple subscriptions, it’s crucial to maintain a clear understanding of the permissions structure to avoid `AuthorizationFailed` and `LinkedAuthorizationFailed` errors.
0 commit comments