Adding Azure service principals
To allow a specific service principal to perform all operations on an Azure target, you must first add the service principal to R‑Cloud, and then specify it when setting up the target.
For details on how to specify an Azure service principal when setting up an Azure target, see Setting up an Azure target.
Prerequisite
A service principal must be created in Azure and it must have the following roles assigned:
-
Storage Blob Data Contributor
-
Storage Blob Data Owner
-
A custom role that contains the following permissions:
-
Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/tags/read -
Microsoft.Storage/storageAccounts/blobServices/containers/
blobs/tags/write -
Microsoft.Storage/storageAccounts/blobServices/read
-
Microsoft.Storage/storageAccounts/managementPolicies/read
-
Microsoft.Storage/storageAccounts/read
-
Microsoft.Storage/storageAccounts/write
-
Procedure
-
In the Cloud Accounts dialog box, click New.
-
Select Add Azure Service Principal, and then click Next.
-
In the Name field, enter a name for your service principal.
-
From the Protection Set drop-down menu, select the protection set to which you want to add your service principal.
-
In the Tenant ID field, enter your tenant ID.
-
In the Application ID field, enter the ID of the service principal.
-
In the Client Secret field, enter the client secret value.
- Click Save.
The service principal is added to the list of cloud accounts in R‑Cloud.
You can at any time edit any of the service principals (click Edit and make the required modifications) or delete the ones that you do not need anymore (click Delete). Keep in mind that deleting the service principal from R‑Cloud does not remove it from Azure.