I want to grant AppService access to a Bing resource (Microsoft.Bing/accounts@2020-06-10
).
Which role (Microsoft.Authorization/roleDefinitions
) should I set in Bing’s IAM (Microsoft.Authorization/roleAssignments
)?
In detail, I need to know the following xxx
.
var role = subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'xxx-xxx-xxx-xxx-xxx'
)
resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(bingSearch.id, webApp.name, role)
scope: bingSearch
properties: {
principalId: webApp.identity.principalId
principalType: 'ServicePrincipal'
roleDefinitionId: role
}
}
2
Answers
I found the article(https://learn.microsoft.com/en-us/answers/questions/1578934/can-i-use-azure-bing-search-resource-with-managed) which says we need to use the key to access to a Bing resource. So it's meaningless to grant the role to the WebApp's managed id. We can't avoid using the key by using the managed id.
As following up with Github the Bing search we need to use the MSDoc which helps to achieve the requirement you mentioned in the requirement.
The role required to assign the role is user access administrator which helps in providing the role to webapp and we need search service contributor or contributor
based on the privilege we need to get by the webapp over the search service.
Bicep File:
Deployment succeeded: