Skip to content

Update FinOps Hub deployment ADF Role Assignment from UAA to RBAC Admin #1351

New issue
New issue
Open
Task
Open
Update FinOps Hub deployment ADF Role Assignment from UAA to RBAC Admin#1351
Task
Labels
OKR: 1.1 SecurityIssues that increase our security postureTool: FinOps hubsData pipeline solution
Milestone
v14
@ankurshukla03

Description

@ankurshukla03
ankurshukla03
opened on Feb 28, 2025

⚠️ Problem

TODO: Add a clear and concise description of what the problem is and why you feel the change is needed. Is it always required or only in some situations? If this is about docs, include a link to the doc that needs to change.

Currently during the deployment of the finops hub the ADF managed identity tries to assign UAA role on the hub storage account. UAA has more action roles than RBAC Admin.

🛠️ Solution

TODO: Add a clear and concise description of what you want to happen. Focus on the outcome, not the implementation details.

There is a new role in Azure platform that can be used instead of UAA is RBAC Admin. Please update the role assignment that ADF MI tries to assign on the hub storage account to be RBAC Adminstrator instead of UAA.

ℹ️ Additional context

TODO: Add any other context or screenshots about the change request, including alternative solutions you considered and why you ruled them out.

🙋‍♀️ Ask for the community

We could use your help:

  1. Please vote this issue up (👍) to prioritize it.
  2. Leave comments to help us solidify the vision.

Metadata

Metadata

Assignees

No one assigned

    Labels

    OKR: 1.1 SecurityIssues that increase our security postureTool: FinOps hubsData pipeline solution

    Type

    Task

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions