Skip to content

Commit b0698a0

Browse files
spelluruspelluru
committed
RBAC updates
1 parent 18cee62 commit b0698a0

File tree

1 file changed

+23
-1
lines changed

1 file changed

+23
-1
lines changed

articles/event-hubs/event-hubs-managed-service-identity.md

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.service: event-hubs
1010
ms.devlang: na
1111
ms.topic: article
1212
ms.custom: seodec18
13-
ms.date: 12/06/2018
13+
ms.date: 05/20/2019
1414
ms.author: shvija
1515

1616
---
@@ -26,6 +26,28 @@ Once it is associated with a managed identity, an Event Hubs client can do all a
2626
## Event Hubs roles and permissions
2727

2828
You can only add a managed identity to the "Owner" or "Contributor" roles of an Event Hubs namespace, which grants the identity full control on all entities in the namespace. However, management operations that change the namespace topology are initially supported only though Azure Resource Manager. It's not through the native Event Hubs REST management interface. This support also means that you cannot use the .NET Framework client [NamespaceManager](/dotnet/api/microsoft.servicebus.namespacemanager) object within a managed identity.
29+
30+
31+
## Event Hubs roles and permissions
32+
33+
You can add a managed identity to the "Service Bus Data Owner" role of a Service Bus namespace. It grants the identity, full control (for management and data operations) on all entities in the namespace.
34+
35+
>[!IMPORTANT]
36+
> We earlier supported adding managed identity to the **"Owner"** or **"Contributor"** role.
37+
>
38+
> However, data access privileges for **"Owner"** and **"Contributor"** role will no longer be honored. If you were using the **"Owner"** or **"Contributor"** role, then those will need to be adapted to utilize the **"Service Bus Data Owner"** role.
39+
40+
To use the new built-in role, please complete the below steps -
41+
42+
1. proceed to the [Azure portal](https://portal.azure.com)
43+
2. Navigate to the Service Bus namespace where you have currently setup the "Owner" or "Contributor" role.
44+
3. Click on "Access Control(IAM)" from the left pane menu.
45+
4. Proceed to add a new role assignment as below
46+
47+
![Service Bus RBAC Data Owner](./media/service-bus-role-based-access-control/ServiceBus_RBAC_SBDataOwner.png)
48+
49+
5. Hit "Save" to save the new role assignment.
50+
2951

3052
## Use Event Hubs with managed identities for Azure Resources
3153

0 commit comments

Comments
 (0)