Skip to content

Commit d9a294b

Browse files
authored
Merge pull request #118371 from JoeyC-Dev/patch-3
Add note and fix links in manage-azure-rbac.md
2 parents 09f2a3b + bf96613 commit d9a294b

File tree

1 file changed

+23
-13
lines changed

1 file changed

+23
-13
lines changed

articles/aks/manage-azure-rbac.md

Lines changed: 23 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,13 @@ az role assignment create --role "Azure Kubernetes Service RBAC Admin" --assigne
103103
> az role assignment create --role "Azure Kubernetes Service RBAC Reader" --assignee <AAD-ENTITY-ID> --scope $AKS_ID/namespaces/<namespace-name>
104104
> ```
105105
106+
> [!NOTE]
107+
> In Azure portal, after creating role assignments scoped to a desired namespace, you won't be able to see "role assignments" for namespace [at a scope][list-role-assignments-at-a-scope-at-portal]. You can find it by using the [`az role assignment list`][az-role-assignment-list] command, or [list role assignments for a user or group][list-role-assignments-for-a-user-or-group-at-portal], which you assigned the role to.
108+
>
109+
> ```azurecli-interactive
110+
> az role assignment list --scope $AKS_ID/namespaces/<namespace-name>
111+
> ```
112+
106113
## Create custom roles definitions
107114
108115
The following example custom role definition allows a user to only read deployments and nothing else. For the full list of possible actions, see [Microsoft.ContainerService operations](../role-based-access-control/resource-provider-operations.md#microsoftcontainerservice).
@@ -215,19 +222,22 @@ To learn more about AKS authentication, authorization, Kubernetes RBAC, and Azur
215222
<!-- LINKS - Internal -->
216223
[aks-support-policies]: support-policies.md
217224
[aks-faq]: faq.md
218-
[az-extension-add]: /cli/azure/extension#az_extension_add
219-
[az-extension-update]: /cli/azure/extension#az_extension_update
220-
[az-feature-list]: /cli/azure/feature#az_feature_list
221-
[az-feature-register]: /cli/azure/feature#az_feature_register
222-
[az-aks-install-cli]: /cli/azure/aks#az_aks_install_cli
223-
[az-aks-create]: /cli/azure/aks#az_aks_create
224-
[az-aks-show]: /cli/azure/aks#az_aks_show
225-
[az-role-assignment-create]: /cli/azure/role/assignment#az_role_assignment_create
226-
[az-provider-register]: /cli/azure/provider#az_provider_register
227-
[az-group-create]: /cli/azure/group#az_group_create
228-
[az-aks-update]: /cli/azure/aks#az_aks_update
225+
[az-extension-add]: /cli/azure/extension#az-extension-add
226+
[az-extension-update]: /cli/azure/extension#az-extension-update
227+
[az-feature-list]: /cli/azure/feature#az-feature-list
228+
[az-feature-register]: /cli/azure/feature#az-feature-register
229+
[az-aks-install-cli]: /cli/azure/aks#az-aks-install-cli
230+
[az-aks-create]: /cli/azure/aks#az-aks-create
231+
[az-aks-show]: /cli/azure/aks#az-aks-show
232+
[list-role-assignments-at-a-scope-at-portal]: ../role-based-access-control/role-assignments-list-portal.md#list-role-assignments-at-a-scope
233+
[list-role-assignments-for-a-user-or-group-at-portal]: ../role-based-access-control/role-assignments-list-portal.md#list-role-assignments-for-a-user-or-group
234+
[az-role-assignment-create]: /cli/azure/role/assignment#az-role-assignment-create
235+
[az-role-assignment-list]: /cli/azure/role/assignment#az-role-assignment-list
236+
[az-provider-register]: /cli/azure/provider#az-provider-register
237+
[az-group-create]: /cli/azure/group#az-group-create
238+
[az-aks-update]: /cli/azure/aks#az-aks-update
229239
[managed-aad]: ./managed-azure-ad.md
230240
[install-azure-cli]: /cli/azure/install-azure-cli
231-
[az-role-definition-create]: /cli/azure/role/definition#az_role_definition_create
232-
[az-aks-get-credentials]: /cli/azure/aks#az_aks_get-credentials
241+
[az-role-definition-create]: /cli/azure/role/definition#az-role-definition-create
242+
[az-aks-get-credentials]: /cli/azure/aks#az-aks-get-credentials
233243
[kubernetes-rbac]: /azure/aks/concepts-identity#azure-rbac-for-kubernetes-authorization

0 commit comments

Comments
 (0)