Azure Permissions
Table of contents
Overview
To use Team Edition with Azure, certain permissions are required for different actions. Below is a summary of the necessary permissions and their purposes.
Required permissions
| Action | Permission | Description |
|---|---|---|
| Login | No additional permissions required | Allows users to authenticate in Team Edition. |
| Cloud Explorer | Azure Service Management (user_impersonation) | Grants access to retrieve a list of available user resources using the https://management.azure.com//.default scope. |
| Database authentication - Azure SQL, MySQL | Azure SQL Database (user_impersonation) | Enables database authentication (Azure SQL, MySQL) using the https://database.windows.net//.default scope. |
| Database authentication - PostgreSQL, MySQL | Azure OSSRDBMS Database (user_impersonation) | Enables database authentication (PostgreSQL, MySQL) using the https://ossrdbms-aad.database.windows.net/.default scope. |
| User provisioning | User.ReadBasic.All or User.Read.All | Allows importing users from Azure AD. |
| User provisioning - license role mapping by groups | Group.Read.All | Grants access to retrieve a list of groups and automatically assign roles to users during provisioning. |
| Auto-assigned user teams | No additional permissions required, but groups claim must be included in the access or ID token. | Automatically assigns users to teams based on their Azure AD group memberships. |