Forum Discussion
Can IAM permission be given to Service Bus with Local authentication
If I have a Service Bus with queues in it and it has local authentication enabled. Can I give some users (using their on-premises synced account) the "Azure Service Bus Data Receiver" and "Azure Service Bus Data Sender" permission to allow them to see messages in the queue?
They have Reader role on the parent Resource group so they can already see the Service Bus but can't access queues.
Or IAM permissions won't work if the Service bus has local authentication enabled.
1 Reply
How about this:
1. Use Shared Access Policies
- Create a SAS key with Send or Listen rights.
- Share it securely with users or apps.
2. Use Managed Identity (Recommended for Apps)
- Assign a Managed Identity to your app or VM.
- Grant it access via Azure RBAC only if local auth is disabled.
3. Switch to Azure RBAC Auth
- If you want to use IAM roles like "Data Receiver", you must disable local authentication on the Service Bus namespace.
