Backport of secrets/azure: update minimal permissions recommendation …

…into release/1.14.x (#21917) * no-op commit due to failed cherry-picking * secrets/azure: update minimal permissions recommendation (#21897) --------- Co-authored-by: temp <[email protected]> Co-authored-by: Austin Gebauer <[email protected]>
hashicorp · Jul 18, 2023 · a323e5e · a323e5e
1 parent f757dc0
commit a323e5e
Showing 1 changed file with 13 additions and 2 deletions.
diff --git a/website/content/docs/secrets/azure.mdx b/website/content/docs/secrets/azure.mdx
@@ -226,12 +226,23 @@ in the configuration or environment variables.
 ### MS Graph API Permissions
 
 The following MS Graph [API permissions](https://learn.microsoft.com/en-us/azure/active-directory/develop/permissions-consent-overview#types-of-permissions)
-must be assigned to the service principal provided to Vault for managing Azure:
+must be assigned to the service principal provided to Vault for managing Azure. The permissions
+differ depending on if you're using [dynamic or existing](#choosing-between-dynamic-or-existing-service-principals)
+service principals.
+
+#### Dynamic Service Principals
+
+| Permission Name               | Type        |
+| ----------------------------- | ----------- |
+| Application.ReadWrite.OwnedBy | Application |
+| GroupMember.ReadWrite.All     | Application |
+
+#### Existing Service Principals
 
 | Permission Name               | Type        |
 | ----------------------------- | ----------- |
 | Application.ReadWrite.All     | Application |
-| Group.ReadWrite.All           | Application |
+| GroupMember.ReadWrite.All     | Application |
 
 ### Role Assignments