vault_access_policy: Specify a key vault access policy

Description Usage Arguments Details Value See Also Examples

View source: R/az_vault.R

Description

Specify a key vault access policy

Usage

1
2
3
4
5
6
7
8
vault_access_policy(
  principal,
  tenant = NULL,
  key_permissions = "all",
  secret_permissions = "all",
  certificate_permissions = "all",
  storage_permissions = "all"
)

Arguments

principal

The user or service principal for this access policy. Can be a GUID, or a user, app or service principal object from the AzureGraph package.

tenant

The tenant of the principal.

key_permissions

The permissions to grant for working with keys.

secret_permissions

The permissions to grant for working with secrets.

certificate_permissions

The permissions to grant for working with certificates.

storage_permissions

The permissions to grant for working with storage accounts.

Details

Client access to a key vault is governed by its access policies, which are set on a per-principal basis. Each principal (user or service) can have different permissions granted, for keys, secrets, certificates, and storage accounts.

Here are the possible permissions. The permission "all" means to grant all permissions.

Value

An object of class vault_access_policy, suitable for creating a key vault resource.

See Also

create_key_vault, az_key_vault

Azure Key Vault documentation, Azure Key Vault API reference

Examples

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
## Not run: 

# default is to grant full access
vault_access_policy("user_id")

# use AzureGraph to specify a user via their email address rather than a GUID
usr <- AzureGraph::get_graph_login()$get_user("username@aadtenant.com")
vault_access_policy(usr)

# grant a service principal read access to keys and secrets only
svc <- AzureGraph::get_graph_login()$
    get_service_principal(app_id="app_id")
vault_access_policy(svc,
    key_permissions=c("get", "list"),
    secret_permissions=c("get", "list"),
    certificate_permissions=NULL,
    storage_permissions=NULL)


## End(Not run)

cloudyr/AzureKeyVault documentation built on Sept. 19, 2021, 8:49 a.m.