File tree Expand file tree Collapse file tree 1 file changed +3
-2
lines changed
articles/governance/blueprints/concepts Expand file tree Collapse file tree 1 file changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -26,8 +26,9 @@ takes the following high-level steps:
2626The Azure Blueprints service principal is granted owner rights to the assigned subscription or
2727subscriptions when a [ system-assigned managed
2828identity] ( ../../../active-directory/managed-identities-azure-resources/overview.md ) managed identity
29- is used. The granted role allows Blueprints to create, and later revoke, the ** system-assigned** .
30- The Azure Blueprints service principal only requires owner rights.
29+ is used. The granted role allows Blueprints to create, and later revoke, the ** system-assigned**
30+ managed identity. If using a ** user-assigned** managed identity, the Azure Blueprints service
31+ principal doesn't get and doesn't need owner rights on the subscription.
3132
3233The rights are granted automatically if the assignment is done through the portal. However, if the
3334assignment is done through the REST API, granting the rights needs to be done with a separate API
You can’t perform that action at this time.
0 commit comments