Saturday, January 23, 2021

Accessing an Azure Function as a contributor

(Written on January 24th and posted back to the 23rd.  I am behind, but catching up!)

We have our new user assigned as a contributor on our Azure Function.  What can we do with it?  Log into the portal using the guest email address and click on you Azure Function under the Recent resources banner

Click on the <stop> button and then on <yes>
And the function stops.
No real surprise there. Now click on the elipses (the three dots) and then on <delete>
Type in the name of your function and click <delete>
And the function is gone, just like that.  Did you expect that?  A contributor has a lot of power.
It still shows up in our Recent resources but it is really gone.  Can we create a new one to put in it's place?  Click <+ create a resource>
Type function in the search box and click on <function app>
Click <create>
Looking good so far!  The dropdown for the resource groups is empty so click on <create new> and start typing in your new resource name and BAM! you are stopped cold
Surprised?  When we granted rights to this account, we only granted contributor rights to the Azure Function.  We didn't grant any global rights for the user.  In fact, click on home and then our <all resources>
And look at the juicy error we see
We don't even have enough rights to list the available resources!  Pretty good.