Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

How can we improve Azure Active Directory?

← Azure Active Directory

Service Principal RBAC simulator

When handling shared subscriptions and deploying certain third party services we require to have a Service Principal that follows the principle of least privilege.
Nevertheless, after creating this intricate granular Service Principal, there is no proper way to test out it's functionality. The only way to see if your SP works is by actually deploying your service and see where it fails, update the SP and repeat.

AWS offers IAM policy simulator that does the job in their case. Something similar would be very helpful to have to improve the deployment experience.

29 votes

Bruno Medina shared this idea · May 14, 2018 · Flag idea as inappropriate… · Admin →

under review ·

AdminAzure AD Team (Product Manager, Microsoft Azure) responded · Oct 29, 2018

We are investigating adding tools for understanding a security principal’s effective permissions. Stay tuned for updates.

Cheers,
/Stuart and Balaji

2 comments

An error occurred while saving the comment

Mark commented · December 1, 2020 8:21 AM · Flag as inappropriate

any updates?

Submitting...
Eden commented · November 9, 2020 1:38 AM · Flag as inappropriate

any updates?

Submitting...

Azure Active Directory: Role-based Access Control

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 8,335 ideas
- Additional Services 353 ideas
- Analytics Platform System 21 ideas
- API Apps 0 ideas
- API Management 700 ideas
- Automation 543 ideas
- Azure Active Directory 6,313 ideas
- Azure Active Directory Application Requests 297 ideas
- Azure Advisor 38 ideas
- Azure Analysis Services 191 ideas
- Azure API for FHIR 17 ideas
- Azure App Configuration 54 ideas
- Azure Arc 27 ideas
- Azure Automanage 4 ideas
- Azure Backup 775 ideas
- Azure Blockchain Service 12 ideas
- Azure Bot Service 36 ideas
- Azure Certified Device 16 ideas
- Azure Cloud Shell 376 ideas
- Azure Cognitive Services 97 ideas
- Azure Communication Services 38 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 180 ideas
- Azure Container Registry 103 ideas
- Azure Cosmos DB 292 ideas
- Azure CycleCloud 5 ideas
- Azure Data Explorer 250 ideas
- Azure Data Share 14 ideas
- Azure Database for MariaDB 19 ideas
- Azure Database for MySQL 78 ideas
- Azure Database for PostgreSQL 177 ideas
- Azure Database Migration Service 85 ideas
- Azure Databricks 338 ideas
- Azure Dev Spaces 11 ideas
- Azure Digital Twins 22 ideas
- Azure Event Grid 69 ideas
- Azure FarmBeats 14 ideas
- Azure Functions 261 ideas
- Azure FXT Edge Filer 1 idea
- Azure Governance 219 ideas
- Azure HPC Cache 0 ideas
- Azure IoT (Hub, DPS, SDKs) 342 ideas
- Azure IoT Central 167 ideas
- Azure IoT Edge 100 ideas
- Azure IoT Security 0 ideas
- Azure IoT Solution Accelerators 46 ideas
- Azure Key Vault 185 ideas
- Azure Kinect DK 72 ideas
- Azure Kubernetes Service (AKS) 333 ideas
- Azure Lighthouse 36 ideas
- Azure Management Groups 24 ideas
- Azure Maps 83 ideas
- Azure Marketplace 467 ideas
- Azure Media Services 266 ideas
- Azure Migrate 86 ideas
- Azure mobile app 378 ideas
- Azure Monitor 278 ideas
- Azure Monitor- Alert Management 166 ideas
- Azure Monitor-Application Insights 844 ideas
- Azure Monitor-Log Analytics 1,030 ideas
- Azure NetApp Files (ANF) 37 ideas
- Azure Object Anchors 0 ideas
- Azure Pack 298 ideas
- Azure Portal 2,296 ideas
- Azure Purview 236 ideas
- Azure Quantum 0 ideas
- Azure Red Hat OpenShift 17 ideas
- Azure Remote Rendering 10 ideas
- Azure Reservations 193 ideas
- Azure Resource Manager 568 ideas
- Azure Search 312 ideas
- Azure Security Center 345 ideas
- Azure Sentinel 149 ideas
- Azure Service Health 48 ideas
- Azure SignalR Service 19 ideas
- Azure Spatial Anchors 32 ideas
- Azure Sphere 81 ideas
- Azure Spring Cloud 3 ideas
- Azure Stack HCI 10 ideas
- Azure Stack Hub 206 ideas
- Azure Synapse Analytics 553 ideas
- Azure TCO Calculator 30 ideas
- Azure Time Series Insights 38 ideas
- Azure Web PubSub service 3 ideas
- Batch 44 ideas
- Batch AI 10 ideas
- Biztalk Services 14 ideas
- Blockchain 57 ideas
- Cache 45 ideas
- Change Tracking 14 ideas
- Cloud Services (Web and Worker Role) 277 ideas
- Cost Management 384 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 181 ideas
- Data Factory 1,407 ideas
- Data Lake 358 ideas
- Data Science VM 24 ideas
- Diagnostics and Monitoring 206 ideas
- Event Hubs 58 ideas
- Global Infrastructure 44 ideas
- HDInsight 140 ideas
- Lab Services 397 ideas
- Logic Apps 2,029 ideas
- Machine Learning 258 ideas
- Mobile Engagement 19 ideas
- Networking 1,562 ideas
- Notification Hubs 38 ideas
- Project Bonsai 31 ideas
- Scheduler 44 ideas
- Scripting and Command Line Tools 104 ideas
- SDK and Tools 157 ideas
- Security and Compliance 112 ideas
- Service Bus 186 ideas
- Service Fabric 306 ideas
- Signup and Billing 1,833 ideas
- Site Recovery 307 ideas
- SQL Data Sync 70 ideas
- SQL Database 927 ideas
- SQL Managed Instance 163 ideas
- SQL Server 10,963 ideas
- SQL Server - Big Data Clusters 49 ideas
- Storage 1,081 ideas
- StorSimple 26 ideas
- Stream Analytics 276 ideas
- Support Feedback 281 ideas
- System Center Data Protection Manager 152 ideas
- Update Management 193 ideas
- Virtual Machines 1,743 ideas
- Web Apps 751 ideas
Microsoft Azure