Azure Question posted in
The official documentation to get you started can be found here.

Azure – roleDefinitions for Bing resource

I want to grant AppService access to a Bing resource (Microsoft.Bing/accounts@2020-06-10).
Which role (Microsoft.Authorization/roleDefinitions) should I set in Bing’s IAM (Microsoft.Authorization/roleAssignments)?

In detail, I need to know the following xxx.

var role = subscriptionResourceId(
  'Microsoft.Authorization/roleDefinitions',
  'xxx-xxx-xxx-xxx-xxx'
)

resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(bingSearch.id, webApp.name, role)
  scope: bingSearch
  properties: {
    principalId: webApp.identity.principalId
    principalType: 'ServicePrincipal'
    roleDefinitionId: role
  }
}
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    I found the article(https://learn.microsoft.com/en-us/answers/questions/1578934/can-i-use-azure-bing-search-resource-with-managed) which says we need to use the key to access to a Bing resource. So it's meaningless to grant the role to the WebApp's managed id. We can't avoid using the key by using the managed id.


  2. 0

    roleDefinitions for Bing search services using bicep

    As following up with Github the Bing search we need to use the MSDoc which helps to achieve the requirement you mentioned in the requirement.

    The role required to assign the role is user access administrator which helps in providing the role to webapp and we need search service contributor or contributor
    based on the privilege we need to get by the webapp over the search service.

    Bicep File:

    param location string = resourceGroup().location
param appServicePlanName string = 'vkkAppServicePlan'
param webAppName string = 'vkkWebApp'
param bingSearchName string = 'vkkbingsearch'

resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
  name: appServicePlanName
  location: location
  sku: {
    name: 'B1'
    capacity: 1
  }
  properties: {
    reserved: false
  }
}

resource webApp 'Microsoft.Web/sites@2021-02-01' = {
  name: webAppName
  location: location
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    serverFarmId: appServicePlan.id
  }
  kind: 'app'
}

resource bingSearch 'Microsoft.Search/searchServices@2024-03-01-preview' = {
  name: bingSearchName
  location: location
  sku: {
    name: 'standard'
  }
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    hostingMode: 'default'
    partitionCount: 1
    replicaCount: 1
    publicNetworkAccess: 'Enabled'
    authOptions: {
      aadOrApiKey: {
        aadAuthFailureMode: 'http401WithBearerChallenge' 
      }
    }
    disabledDataExfiltrationOptions: ['All'] 
    encryptionWithCmk: {
      enforcement: 'Unspecified' 
    }
  }
}

var roleDefinitionId = subscriptionResourceId(
  'Microsoft.Authorization/roleDefinitions',
  'role_ID'
)

resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
  name: guid(bingSearch.id, webApp.name, roleDefinitionId)
  scope: bingSearch
  properties: {
    principalId: webApp.identity.principalId
    principalType: 'ServicePrincipal'
    roleDefinitionId: roleDefinitionId
  }
}

    Deployment succeeded:

    enter image description here

    enter image description here

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search