DurableFunctionsMonitor icon indicating copy to clipboard operation
DurableFunctionsMonitor copied to clipboard
verified publisher icon microsoft

Permissions for identities clarification

Open erwinkramer opened this issue 5 months ago • 1 comments

Would be nice to document what the least permissions required are, in order to get the VSCode extension running, when connecting via identity to a storage account (task hub) in Aure.

I've discovered that it needs at least the following to display information and not throw an error:

  • Storage Blob Data Reader
  • Storage Table Data Reader

Ideally, it shouldn't need Storage Blob Data Reader unless there is a <taskhub>-largemessages container as specified here, even then it shouldn't really be required, right? Or is there more to the blob part? Would love to see that dependency gone. By the way, reading out containers is not a dataAction so that can be a simple Reader-role if you're going to check on that.

erwinkramer avatar Jul 30 '25 16:07 erwinkramer

👍 Agreed. I'd love to see the permissions documented.

stuart-db avatar Aug 26 '25 07:08 stuart-db