Home > Net >  Revoking a role from Azure User Assigned Managed Identity
Revoking a role from Azure User Assigned Managed Identity

Time:04-28

Is it possible to revoke a role from a User Assigned Managed Identity? From Azure Portal Dashboard, there seem to be no way to revoke an access once you grant it. There is only an "Add" button to extend it but nothing to revoke an existing one.

enter image description here

Also, same problem with Terraform:

resource "azurerm_user_assigned_identity" "aks-dev-identity" {
  resource_group_name = azurerm_resource_group.rg_aks.name
  location            = azurerm_resource_group.rg_aks.location

  name = "aks-dev-identity"
}

 resource "azurerm_role_assignment" "aks-dev-identity-role" {
   scope                = "Resource ID of the SQL DB"
   role_definition_name = "Reader"
   principal_id         = azurerm_user_assigned_identity.aks-dev-identity.principal_id
 }

when I comment the "azurerm_role_assignment" resource, terraform says that it is going to revoke that role, but in reality nothing happens when I look at the "Azure Role assignments" blade in the "Identity" page.

CodePudding user response:

You can remove the role assignment if you go to the resource (SQL server in this case), then its Access control (IAM) tab, and then Role assignments tab within that. Select the assignment and click Remove.

  • Related