Permissions for identities clarificationΒ #271
Description
Would be nice to document what the least permissions required are, in order to get the VSCode extension running, when connecting via identity to a storage account (task hub) in Aure.
I've discovered that it needs at least the following to display information and not throw an error:
- Storage Blob Data Reader
- Storage Table Data Reader
Ideally, it shouldn't need Storage Blob Data Reader unless there is a <taskhub>-largemessages container as specified here, even then it shouldn't really be required, right? Or is there more to the blob part? Would love to see that dependency gone. By the way, reading out containers is not a dataAction so that can be a simple Reader-role if you're going to check on that.