Support Granular Permission for Subnet for ARO SPNs during install
uday31in opened this issue · 0 comments
uday31in commented
Instead or checking for vNet scope for Network contributor role, support subnet level scope to allow fine grained permission for cluster install.
Microsoft.Network/virtualNetworks/subnets/*
Risk with vNet level permission is when multiple cluster operator share the same vNet, all of them needed to be a contributor and have higher privileges then what is necessary.
ARO-RP/python/az/aro/azext_aro/custom.py
Line 330 in 2fac92d