Skip to content

Commit 1e81b1f

Browse files
Prajwal-MicrosoftPrajwal-Microsoft
authored
Merge pull request #641 from microsoft/KM-25966-dashboard-not-loading-admin
fix: dashboard not loading when user is set as Admin
2 parents 6f03144 + 9358db4 commit 1e81b1f

File tree

1 file changed

+32
-11
lines changed

1 file changed

+32
-11
lines changed

infra/main.bicep

Lines changed: 32 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -506,11 +506,11 @@ module userAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-id
506506

507507
// ========== SQL Operations User Assigned Identity ========== //
508508
// Dedicated identity for backend SQL operations with limited permissions (db_datareader, db_datawriter)
509-
var sqlUserAssignedIdentityResourceName = 'id-sql-${solutionSuffix}'
510-
module sqlUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
511-
name: take('avm.res.managed-identity.user-assigned-identity.${sqlUserAssignedIdentityResourceName}', 64)
509+
var backendUserAssignedIdentityResourceName = 'id-backend-${solutionSuffix}'
510+
module backendUserAssignedIdentity 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.1' = {
511+
name: take('avm.res.managed-identity.user-assigned-identity.${backendUserAssignedIdentityResourceName}', 64)
512512
params: {
513-
name: sqlUserAssignedIdentityResourceName
513+
name: backendUserAssignedIdentityResourceName
514514
location: location
515515
tags: tags
516516
enableTelemetry: enableTelemetry
@@ -767,6 +767,11 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = if (aiFoundryAIservices
767767
principalId: userAssignedIdentity.outputs.principalId
768768
principalType: 'ServicePrincipal'
769769
}
770+
{
771+
roleDefinitionIdOrName: '53ca6127-db72-4b80-b1b0-d745d6d5456d' // Azure AI User
772+
principalId: backendUserAssignedIdentity.outputs.principalId
773+
principalType: 'ServicePrincipal'
774+
}
770775
{
771776
roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' // Azure AI Developer
772777
principalId: userAssignedIdentity.outputs.principalId
@@ -777,6 +782,16 @@ module aiFoundryAiServices 'modules/ai-services.bicep' = if (aiFoundryAIservices
777782
principalId: userAssignedIdentity.outputs.principalId
778783
principalType: 'ServicePrincipal'
779784
}
785+
{
786+
roleDefinitionIdOrName: '64702f94-c441-49e6-a78b-ef80e0188fee' // Azure AI Developer
787+
principalId: backendUserAssignedIdentity.outputs.principalId
788+
principalType: 'ServicePrincipal'
789+
}
790+
{
791+
roleDefinitionIdOrName: '5e0bd9bd-7b93-4f28-af87-19fc36ad61bd' // Cognitive Services OpenAI User
792+
principalId: backendUserAssignedIdentity.outputs.principalId
793+
principalType: 'ServicePrincipal'
794+
}
780795
]
781796
// WAF aligned configuration for Monitoring
782797
diagnosticSettings: enableMonitoring ? [{ workspaceResourceId: logAnalyticsWorkspaceResourceId }] : null
@@ -946,6 +961,11 @@ module searchSearchServices 'br/public:avm/res/search/search-service:0.11.1' = {
946961
principalId: userAssignedIdentity.outputs.principalId
947962
principalType: 'ServicePrincipal'
948963
}
964+
{
965+
roleDefinitionIdOrName: '1407120a-92aa-4202-b7e9-c0e197c71c8f'
966+
principalId: backendUserAssignedIdentity.outputs.principalId
967+
principalType: 'ServicePrincipal'
968+
}
949969
{
950970
roleDefinitionIdOrName: '1407120a-92aa-4202-b7e9-c0e197c71c8f' // Search Index Data Reader
951971
principalId: !useExistingAiFoundryAiProject ? aiFoundryAiServices.outputs.aiProjectInfo.aiprojectSystemAssignedMIPrincipalId : existingAiFoundryAiServicesProject!.identity.principalId
@@ -1182,7 +1202,7 @@ module cosmosDb 'br/public:avm/res/document-db/database-account:0.15.0' = {
11821202
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/*'
11831203
'Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/items/*'
11841204
]
1185-
assignments: [{ principalId: userAssignedIdentity.outputs.principalId }]
1205+
assignments: [{ principalId: backendUserAssignedIdentity.outputs.principalId }]
11861206
}
11871207
]
11881208
// WAF aligned configuration for Monitoring
@@ -1278,6 +1298,7 @@ module sqlDBModule 'br/public:avm/res/sql/server:0.20.1' = {
12781298
systemAssigned: true
12791299
userAssignedResourceIds: [
12801300
userAssignedIdentity.outputs.resourceId
1301+
backendUserAssignedIdentity.outputs.resourceId
12811302
]
12821303
}
12831304
primaryUserAssignedIdentityResourceId: userAssignedIdentity.outputs.resourceId
@@ -1396,8 +1417,8 @@ module createSqlUserAndRole 'br/public:avm/res/resources/deployment-script:0.5.1
13961417
[
13971418
'-SqlServerName \'${sqlServerResourceName}\''
13981419
'-SqlDatabaseName \'${sqlDbModuleName}\''
1399-
'-ClientId \'${sqlUserAssignedIdentity.outputs.clientId}\''
1400-
'-DisplayName \'${sqlUserAssignedIdentity.outputs.name}\''
1420+
'-ClientId \'${backendUserAssignedIdentity.outputs.clientId}\''
1421+
'-DisplayName \'${backendUserAssignedIdentity.outputs.name}\''
14011422
'-DatabaseRoles \'${join(databaseRoles, ',')}\''
14021423
],
14031424
' '
@@ -1513,7 +1534,7 @@ module webSiteBackend 'modules/web-sites.bicep' = {
15131534
managedIdentities: {
15141535
systemAssigned: true
15151536
userAssignedResourceIds: [
1516-
userAssignedIdentity.outputs.resourceId
1537+
backendUserAssignedIdentity.outputs.resourceId
15171538
]
15181539
}
15191540
siteConfig: {
@@ -1539,7 +1560,7 @@ module webSiteBackend 'modules/web-sites.bicep' = {
15391560
AZURE_COSMOSDB_ENABLE_FEEDBACK: 'True'
15401561
SQLDB_DATABASE: 'sqldb-${solutionSuffix}'
15411562
SQLDB_SERVER: '${sqlDBModule.outputs.name }${environment().suffixes.sqlServerHostname}'
1542-
SQLDB_USER_MID: sqlUserAssignedIdentity.outputs.clientId
1563+
SQLDB_USER_MID: backendUserAssignedIdentity.outputs.clientId
15431564
AZURE_AI_SEARCH_ENDPOINT: 'https://${aiSearchName}.search.windows.net'
15441565
AZURE_AI_SEARCH_INDEX: 'call_transcripts_index'
15451566
AZURE_AI_SEARCH_CONNECTION_NAME: aiSearchName
@@ -1549,7 +1570,7 @@ module webSiteBackend 'modules/web-sites.bicep' = {
15491570
DUMMY_TEST: 'True'
15501571
SOLUTION_NAME: solutionSuffix
15511572
APP_ENV: 'Prod'
1552-
AZURE_CLIENT_ID: userAssignedIdentity.outputs.clientId
1573+
AZURE_CLIENT_ID: backendUserAssignedIdentity.outputs.clientId
15531574
}
15541575
// WAF aligned configuration for Monitoring
15551576
applicationInsightResourceId: enableMonitoring ? applicationInsights!.outputs.resourceId : null
@@ -1685,7 +1706,7 @@ output SQLDB_DATABASE string = 'sqldb-${solutionSuffix}'
16851706
output SQLDB_SERVER string = sqlDBModule.outputs.name
16861707

16871708
@description('Contains SQL database user managed identity client ID.')
1688-
output SQLDB_USER_MID string = sqlUserAssignedIdentity.outputs.clientId
1709+
output SQLDB_USER_MID string = backendUserAssignedIdentity.outputs.clientId
16891710

16901711
@description('Contains AI project client usage setting.')
16911712
output USE_AI_PROJECT_CLIENT string = 'False'

0 commit comments

Comments
 (0)