Azure Inherited roles, but still access denied

Question

Hi,&nbsp;In e.g. Key Vault, when looking for the Access Control I can see that user account have custom contributor role inherited from the subscription level. When looking for the role more deeply it shows:"Showing 500 of 15937 permissions View all (will take a moment to load)"E.g. having the following permissions: Read Secret Properties and Write Secret. So all should be kind of okay..? 🙂&nbsp;But when I'm looking for the e.g. secrets in the key vault, it gives me back "The operation is not allowed by RBAC." and "You are unauthorized to view these contents.". I thought there could be a "deny" rules, but nothing in there either.&nbsp;&nbsp;What could be the trick on here? What might be blocking or missing the access to the resources.&nbsp;Btw, I just tested, I was able to create the Key Vault by myself.

kidd_ip · Answer

Petri-X&nbsp;
&nbsp;
May refer this:
&nbsp;
Grant permission to applications to access an Azure key vault using Azure RBAC | Microsoft Learn
&nbsp;

balasubramanim · Answer

It seems like your custom role has the necessary permissions, but Azure Key Vault might be blocking access due to missing Access Policies. Key Vault has its own access control separate from RBAC. Check the Access Policies in the Key Vault and ensure your user or group has the required secret permissions. Also, confirm if the role covers data plane actions like "read" and "write" secrets.

Forum Discussion

Azure Inherited roles, but still access denied

Share

Resources