Required permissions
edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.
Required permissions
editWhen using client_secret authentication, the service principal needs the following Azure RBAC permissions:
For Azure Event Hubs:
-
Azure Event Hubs Data Receiverrole on the Event Hubs namespace or Event Hub - Alternatively, a custom role with the following permissions:
-
Microsoft.EventHub/namespaces/eventhubs/read -
Microsoft.EventHub/namespaces/eventhubs/consumergroups/read
For Azure Storage Account:
-
Storage Blob Data Contributorrole on the Storage Account or container - Alternatively, a custom role with the following permissions:
-
Microsoft.Storage/storageAccounts/blobServices/containers/read -
Microsoft.Storage/storageAccounts/blobServices/containers/write -
Microsoft.Storage/storageAccounts/blobServices/containers/delete -
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action
For detailed instructions on how to set up an Azure AD service principal and configure permissions, refer to the official Microsoft documentation: