Skip to content

Commit 210a464

Browse files
mjpytlakmjpytlak
committed
OSDOCS#8239: Added Required Azure roles back to docs
1 parent 83c3edc commit 210a464

File tree

2 files changed

+6
-9
lines changed

2 files changed

+6
-9
lines changed

installing/installing_azure/installing-azure-account.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ include::modules/installation-azure-subscription-tenant-id.adoc[leveloffset=+1]
3232

3333
include::modules/installation-azure-identities.adoc[leveloffset=+1]
3434

35+
include::modules/installation-azure-permissions.adoc[leveloffset=+2]
3536
include::modules/minimum-required-permissions-ipi-azure.adoc[leveloffset=+2]
3637
include::modules/installation-using-azure-managed-identities.adoc[leveloffset=+2]
3738
include::modules/installation-creating-azure-service-principal.adoc[leveloffset=+2]

modules/installation-azure-permissions.adoc

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,11 @@
77
[id="installation-azure-permissions_{context}"]
88
= Required Azure roles
99

10-
{product-title} needs a service principal so it can manage Microsoft Azure resources. Before you can create a service principal, review the following information:
10+
An {product-title} cluster requires an Azure identity to create and manage Azure resources. Before you create the identity, verify that your environment meets the following requirements:
1111

12-
Your Azure account subscription must have the following roles:
13-
14-
* `User Access Administrator`
15-
* `Contributor`
16-
17-
Your Azure Active Directory (AD) must have the following permission:
18-
19-
* `"microsoft.directory/servicePrincipals/createAsOwner"`
12+
* The Azure account that you use to create the identity is assigned the `User Access Administrator` and `Contributor` roles. These roles are required when:
13+
** Creating a service principal or user-assigned managed identity.
14+
** Enabling a system-assigned managed identity on a virtual machine.
15+
* If you are going to use a service principal to complete the installation, verify that the Azure account that you use to create the identity is assigned the `microsoft.directory/servicePrincipals/createAsOwner` permission in Azure Active Directory.
2016

2117
To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal[Manage access to Azure resources using RBAC and the Azure portal] in the Azure documentation.

0 commit comments

Comments
 (0)