Hero Banner

Microsoft AppSource and Azure Marketplace

Learn how to grow your business by publishing your cloud solution on Microsoft AppSource and Azure Marketplace

Reply
FlorOtero
Level 1 Contributor
‎09-14-2020 09:01 AM
Level 1 Contributor
‎09-14-2020 09:01 AM

Create new resources manually on managed resource groups

I'd like to know if its possible to make changes on a manged resource group - meaning the customer being able to deploy new resources on the managed resource group? I know that the managed applications have a deny asssignment.

 

Additionally, it is possible to get the managed resource group name and application name as output on the createUiDefinition?

 

Thanks in advance

0 Kudos
8 REPLIES 8
scseely
Microsoft
‎09-15-2020 04:28 PM
Microsoft
‎09-15-2020 04:28 PM

By default, a ManagedApplication only gives the user read access to the managed resource group. This permission is defined as */read. You can give additional permissions via AllowedActions (eg. give access to all Storage options via Microsoft.Storage/storageAccounts/*).

 

The Managed Resource Group name and location are available to the ARM template via the resourceGroup() function. 

 

The application name is available post deployment. You can also simply ask the user for the name to display in a separate box, allowing them to duplicate the string as necessary.

0 Kudos
FlorOtero
Level 1 Contributor
‎09-15-2020 05:42 PM
Level 1 Contributor
In response to scseely
‎09-15-2020 05:42 PM

Hi @scseely thanks for your answer

I've added on the Customer Allowed actions `/write` permissions but when I try to deploy something I receive the following error:

The client ... with object id '.. has permission to perform action '*/write' on scope '/resourceGroups/mrg**/'; however, the access is denied because of the deny assignment with name 'System deny assignment created by managed application

 

It's possible that the deny assignment overrides the permission?

thanks!

0 Kudos
brian_levenson
Microsoft
‎09-15-2020 03:38 PM
Microsoft
‎09-15-2020 03:38 PM

Hi Florencia - I don't believe this is possible; however, I'm confirming with our architect team.

 

It is possible to define allowed control actions and data actions, though.

Andra
Microsoft
‎09-15-2020 05:56 AM
Microsoft
‎09-15-2020 05:56 AM

Hi @FlorOtero ,

 

thank you for the additional details!

I moved your query in the Microsoft AppSource and Azure Marketplace forum for more visibility.

While I don`t have this level of information, hopefully partners and SMEs on this forum can advise.

 

Thanks,

Andra

Andra
Microsoft
‎09-15-2020 12:01 AM
Microsoft
‎09-15-2020 12:01 AM

Hi @FlorOtero ,

 

Thanks for your query!

This documentation might help.

💡 Tip: you might want to check this information with the Tech Community as well. 😊

 

Have a great day ahead,

Andra

0 Kudos
FlorOtero
Level 1 Contributor
‎09-15-2020 05:29 AM
Level 1 Contributor
In response to Andra
‎09-15-2020 05:29 AM

Hi @Andra, thanks for your answer

 

My need is to publish managed applications on the commertial marketplace, but I need for the clients to be able to deploy extra resources on the managed resource group created by the managed application. Is there a way to enable this on the partner center? Or any configuration? I'm aware that the resource group is by default created with a System Deny Assignment policy.

 

Thanks!

santhosh
Microsoft
‎09-15-2020 04:16 PM
Microsoft
In response to FlorOtero
‎09-15-2020 04:16 PM

Hi @FlorOtero ,

Can you try providing more permissions on Allowed customer actions?

santhosh_0-1600211668829.png

 

FlorOtero
Level 1 Contributor
‎09-15-2020 05:38 PM
Level 1 Contributor
In response to santhosh
‎09-15-2020 05:38 PM

Hi @santhosh, thanks for your answer

I've added `/write` permissions but when I try to deploy something I receive the following error

 

 

The client ... with object id '.. has permission to perform action '*/write' on scope '/resourceGroups/mrg****/'; however, the access is denied because of the deny assignment with name 'System deny assignment created by managed application

 

0 Kudos
Follow Us
    Share