Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PowerShell] Grant-FinOpsHubBlobAccess #146

Open
Tracked by #123
flanakin opened this issue May 16, 2023 · 0 comments
Open
Tracked by #123

[PowerShell] Grant-FinOpsHubBlobAccess #146

flanakin opened this issue May 16, 2023 · 0 comments
Labels
Tool: FinOps hubs Data pipeline solution Tool: PowerShell PowerShell scripts and automation Type: Feature 💎 Idea to improve the product

Comments

@flanakin
Copy link
Collaborator

flanakin commented May 16, 2023
edited
Loading

📝 Scenario

As a hub admin, I need to grant users access to blob storage in order to connect to Power BI reports

💎 Solution

Create an Grant-FinOpsHubBlobAccess command that assigns access to read/update storage blob data.

Synopsis

Grants storage blob access to a user, group, or service principal.

Syntax

# Grant access to an object ID
Grant-FinOpsHubBlobAccess `
    [-HubName] <string> `
    [-ResourceGroupName <string>] `
    -ObjectId <string> `
    [-Access <string>]

# Grant access via an email address lookup
Grant-FinOpsHubBlobAccess `
    [-HubName] <string> `
    [-ResourceGroupName <string>] `
    -Mail <string> `
    [-Access <string>]

# Grant access to the current user
Grant-FinOpsHubBlobAccess `
    [-HubName] <string> `
    [-ResourceGroupName <string>] `
    -CurrentUser `
    [-Access <string>]

Description

The Grant-FinOpsHubBlobAccess command grants the specified user, group, or service principal access to the storage account in the hub instance. Access is only granted using the built-in Storage Blob Data roles.

Parameters

Parameter Description
-HubName Required. Name of the hub instance.
-ResourceGroupName Optional. Name of the resource group where the hub is deployed.
-ObjectId Optional. Unique ID of the user, group, or service principal to grant access to.
-Mail Optional. Email address to look up the user's object ID. Ignored if ObjectId is specified.
-CurrentUser Optional. Indicates that the current user should be granted access. Ignored if ObjectId is specified.
-Access Optional. Level of blob data access to grant to the specified user, group, or service principal. Allowed values: Reader, Contributor, Owner. Default: Reader.

ℹ️ Additional info

Each -Access value maps to the corresponding storage blob data role:

🙋‍♀️ Ask for the community

We could use your help:

  1. Please vote this issue up (👍) to prioritize it.
  2. Do you feel this is needed given it's a fairly standard RBAC operation (albeit hard to discover)?
  3. Do we need an -ObjectType parameter? Description: "Indicates the type of the object ID specified. Allowed values: User, Group, ServicePrincipal. Default: User."
  4. Leave comments to help us solidify the vision.
@flanakin flanakin mentioned this issue May 16, 2023
Closed
@flanakin flanakin added Tool: PowerShell PowerShell scripts and automation Tool: FinOps hubs Data pipeline solution Type: Feature 💎 Idea to improve the product labels May 16, 2023
@flanakin flanakin changed the title [PowerShell] Add-FinOpsHubBlobUser function [Hubs] Add-FinOpsHubBlobUser function Jul 14, 2023
@flanakin flanakin mentioned this issue Jul 28, 2023
Closed
@flanakin flanakin changed the title [Hubs] Add-FinOpsHubBlobUser function [Hubs] Grant-FinOpsHubBlobUser function Aug 17, 2023
@flanakin flanakin changed the title [Hubs] Grant-FinOpsHubBlobUser function [Hubs] Grant-FinOpsHubBlobAccess function Aug 17, 2023
@flanakin flanakin changed the title [Hubs] Grant-FinOpsHubBlobAccess function [PowerShell] Grant-FinOpsHubBlobAccess Aug 17, 2023
@flanakin flanakin moved this from 🆕 New to 📋 Backlog in FinOps toolkit – PowerShell module Aug 28, 2023
@flanakin flanakin moved this from 📋 Backlog to 🔖 Ready in FinOps toolkit – PowerShell module Aug 28, 2023
@flanakin flanakin added this to the Toolkit 0.0.1.3 milestone Aug 29, 2023
@flanakin flanakin removed this from the 0.4.1 milestone Jan 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Tool: FinOps hubs Data pipeline solution Tool: PowerShell PowerShell scripts and automation Type: Feature 💎 Idea to improve the product
Projects
FinOps toolkit – PowerShell module
Status: 🔖 Ready
Milestone
No milestone
Development

No branches or pull requests
1 participant
@flanakin