Forum Discussion
nickorossa
Apr 17, 2024Copper Contributor
KeyVault - Using Python, how to determine what permissions a user has?
Writing some code in Python to perform some actions in KeyVault.
Authenticating with InteractiveBrowserCredential and I can perform actions in the keyvault. That is all good.
However; in order to prevent certain users have access to features that won't work for them; how can I determine upfront (i.e. just after logon) whether a user that has authenticated actually has the get/list/create permissions on a specific keyvault from within Python.
Thanks.
Nick.
- doria786Copper Contributor
Authenticate the user using InteractiveBrowserCredential. After authentication, retrieve the access policies for the key vault. Check if the user has the required permissions (e.g., get, list, or create) based on their access policy.
- nickorossaCopper ContributorIs that with the AuthorizationManagementClient class and the permissions attribute ?
If so I can get data for the resource group using "list_for_resource_group"; however any calls using "list_for_resource" returns InvalidResourceType; even though I've tried a number of variations on the following.
- resource_provider_namespace="Microsoft.KeyVault"
- resource_type="vaults"
Thanks.
Nick.