Description Usage Arguments Details Value See Also Examples
Specify a key vault access policy
1 2 3 4 5 6 7 8 | vault_access_policy(
principal,
tenant = NULL,
key_permissions = "all",
secret_permissions = "all",
certificate_permissions = "all",
storage_permissions = "all"
)
|
principal |
The user or service principal for this access policy. Can be a GUID, or a user, app or service principal object from the AzureGraph package. |
tenant |
The tenant of the principal. |
key_permissions |
The permissions to grant for working with keys. |
secret_permissions |
The permissions to grant for working with secrets. |
certificate_permissions |
The permissions to grant for working with certificates. |
storage_permissions |
The permissions to grant for working with storage accounts. |
Client access to a key vault is governed by its access policies, which are set on a per-principal basis. Each principal (user or service) can have different permissions granted, for keys, secrets, certificates, and storage accounts.
Here are the possible permissions. The permission "all" means to grant all permissions.
Keys: "get", "list", "update", "create", "import", "delete", "recover", "backup", "restore", "decrypt", "encrypt", "unwrapkey", "wrapkey", "verify", "sign", "purge"
Secrets: "get", "list", "set", "delete", "recover", "backup", "restore", "purge"
Certificates: "get", "list", "update", "create", "import", "delete", "recover", "backup", "restore", "managecontacts", "manageissuers", "getissuers", "listissuers", "setissuers", "deleteissuers", "purge"
Storage accounts: "get", "list", "update", "set", "delete", "recover", "backup", "restore", "regeneratekey", "getsas", "listsas", "setsas", "deletesas", "purge"
An object of class vault_access_policy
, suitable for creating a key vault resource.
create_key_vault, az_key_vault
Azure Key Vault documentation, Azure Key Vault API reference
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | ## Not run:
# default is to grant full access
vault_access_policy("user_id")
# use AzureGraph to specify a user via their email address rather than a GUID
usr <- AzureGraph::get_graph_login()$get_user("username@aadtenant.com")
vault_access_policy(usr)
# grant a service principal read access to keys and secrets only
svc <- AzureGraph::get_graph_login()$
get_service_principal(app_id="app_id")
vault_access_policy(svc,
key_permissions=c("get", "list"),
secret_permissions=c("get", "list"),
certificate_permissions=NULL,
storage_permissions=NULL)
## End(Not run)
|
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.