Add credential and role assignment warning for creating service principal#2400
Add credential and role assignment warning for creating service principal#2400dbradish-microsoft merged 2 commits intoMicrosoftDocs:masterfrom
Conversation
jiasli
requested review from
chenlomis,
dbradish-microsoft,
rolyon and
yonzhan
|
Docs Build status updates of commit b54a2bb: ✅ Validation status: passed
For more details, please refer to the build report. Note: Broken links written as relative paths are included in the above build report. For broken links written as absolute paths or external URLs, see the broken link report. For any questions, please:
|
| There are two types of authentication available for service principals: Password-based authentication, and certificate-based authentication. | ||
|
|
There was a problem hiding this comment.
Just want to put [!NOTE] and [!WARNING] together, hence the change.
|
Docs Build status updates of commit 70d30be: ✅ Validation status: passed
For more details, please refer to the build report. Note: Broken links written as relative paths are included in the above build report. For broken links written as absolute paths or external URLs, see the broken link report. For any questions, please:
|
| > | ||
| > By default, `az ad sp create-for-rbac` assigns the [Contributor](/azure/role-based-access-control/built-in-roles#contributor) role to the service principal at the subscription scope. To reduce your risk of a compromised service principal, assign a more specific role and narrow the scope to a resource or resource group. See [Steps to add a role assignment](/azure/role-based-access-control/role-assignments-steps) for more information. | ||
| > | ||
| > In a future release, `az ad sp create-for-rbac` will NOT create a **Contributor** role assignment by default. If needed, use the `--role` argument to explicitly create a role assignment. |
There was a problem hiding this comment.
According to the preview, hyperlink Contributor is rendered as bold text, so mark the second Contributor as bold text too.
Meanwhile, az ad sp create-for-rbac uses single quotes as it will be shown in az ad sp create-for-rbac --help when run in a terminal.
WARNING: In a future release, this command will NOT create a 'Contributor' role assignment by default.
|
@jiasli, I'm not sure who you are talking to in your comments. :-) Is this PR ready to merge? |
I am not talking to anyone. Just some comment. 😉 |
4 participants
Context
The credential and role assignment warning currently only exists in the command help of
az ad sp create-for-rbac, but not in Create an Azure service principal with the Azure CLI.Azure PowerShell has this warning in both docs:
New-AzADServicePrincipal(Added by [Azure PowerShell] New service principal warning Azure/azure-powershell#13408)Changes