06/02/2023, 7:44 PM
Hi everyone! I would like to have users make clusters that contain federated ident credentials. However, these users don’t have Application.ReadWrite.all (or equiv) rights in Azure (creation of fed creds on an app rego or user assigned ID requires this). Is it possible to use delegated rights in Azure to make this happen? I’ve never done this so I’m looking for some documentation on how I might apply it - in the end I’m interesting in the Azure API rights being restricted to either a resource group or another resource, probably via an SPN. Thank you!