When working with the Service Bus Explorer in the Azure portal, you may want to grant different permissions to different users, depending on their role and responsibility. For example, you may want to allow some users to send messages to a queue, but not receive them. Or you may want to restrict access to a specific queue, topic, or subscription, but not the entire namespace.
To address this challenge, we are excited to announce granular permissions for Service Bus Explorer. To use granular permissions, you need to use Microsoft Entra authentication, and assign one of the following roles, either on the namespace level or on the entity level.
- Service Bus Data Owner; Allows to execute both send and receive operations.
- Service Bus Data Sender; Allows to execute send operations.
- Service Bus Data Receiver; Allows to execute peek, receive, and purge operations.
In case you use a role which doesn’t have send or receive permissions, or you do not have permissions on the specific entity, the unavailable operations will be disabled. Furthermore, a notification will be shown showing which permissions are missing.
For more information on using the Service Bus Explorer, you can check our documentation.
Microsoft
