Skip to content

Commit 9117cf4

Browse files
greg-lindsaygreg-lindsay
committed
replace incorrect merge
1 parent ed8524d commit 9117cf4

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

articles/application-gateway/configuration-infrastructure.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ services: application-gateway
55
author: greg-lindsay
66
ms.service: application-gateway
77
ms.topic: conceptual
8-
ms.date: 04/18/2024
8+
ms.date: 04/25/2024
99
ms.author: greglin
1010
---
1111

@@ -70,7 +70,9 @@ The virtual network resource supports [DNS server](../virtual-network/manage-vir
7070

7171
The Application Gateway resource is deployed inside a virtual network, so checks are also performed to verify the permission on the virtual network resource. This validation is performed during both creation and management operations and also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
7272

73-
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.yml) to verify that the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the virtual network or subnet. This validation also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).
73+
Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify that the users and service principals that operate application gateways have at least the following permissions on the virtual network or subnet:
74+
- **Microsoft.Network/virtualNetworks/subnets/join/action**
75+
- **Microsoft.Network/virtualNetworks/subnets/read**
7476

7577
You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support these permissions. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).
7678

0 commit comments

Comments
 (0)