Reduction of high Azure 'Role' prerequisites to use Azure MP by service providers

Reduction of high Azure 'Role' prerequisites to use Azure MP by service providers

Hi,

to discover and monitor Azure resources a Service Principal is needed and the related AAD application must have a Contributor role for the monitored subscription.

https://docs.microfocus.com/itom/Management_Pack_for_Azure:2018.08/Install/Prerequisites

The customers hardly accept to give such permissions to monitoring service providers.

I would expect that for monitoring services the predefined Azure Roles 'Monitoring Reader' or 'Monitoring Contributor' are sufficient. That's easier to sell to the customers security responsible.

If for other monitoring services (e.g to access Azure Storage Account content to monitor special log files) additional permissions  are needed that should be separated by dedicated Aspect assignments.

Karsten Edel
T-Systems International GmbH

 

Tags (1)
3 Comments
Micro Focus Expert
Micro Focus Expert

tfewshe

Honored Contributor.. Richard Snader Honored Contributor..
Honored Contributor..

I agree to some extent.  Part of that privledge level is likely to facilitate full discovery of the environment.   If you can only read the monitors, you have to know what monitors you want to read, which means a lot of entry of subscriptions, tenant credentials and then services and monitors.  Not a bad thing the first time you have to do it, although in a big environment it is very time consuming.  What does make it bad, is that everytime you update the MP version, you have to do it all again for all of your customers.  That's not a good thing.

 

Richards

 

Micro Focus Expert
Micro Focus Expert
Status changed to: Waiting for Votes
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.