locked
Access Permissions used by Azure Portal RRS feed

  • Question

  • Good afternoon!

    I modified permissions of the keys for IoT Hub and I noticed when I lower the permissions for the iothubowner key (removing services) it looks like the Azure portal itself actually loses access to the resources the permission grants access to. Does the portal use the key?

    Error appearing after removing servicesConnect from iothubowner (does not have to do with quota):

    There was an error querying for your Device Twins and the grid cannot be populated. This may be due to an exhaustion of your daily message quota. You can still create new devices.

    If I add servicesConnect permission back my devices and device twins show again and there is no error. Is this intended? Can iothubowner permissions not be manipulated?

    serviceConnect permissions:

    Grants access to cloud service-facing communication and monitoring endpoints. 
    Grants permission to receive device-to-cloud messages, send cloud-to-device messages, and retrieve the corresponding delivery acknowledgments. 
    Grants permission to retrieve delivery acknowledgements for file uploads. 
    Grants permission to access twins to update tags and desired properties, retrieve reported properties, and run queries. 
    This permission is used by back-end cloud services.


    • Edited by Marie_Shell Saturday, July 28, 2018 3:10 AM
    Friday, July 27, 2018 10:46 PM

All replies

  • Hello Marie,

    I reproduced your issue.

    About issue of Azure Portal you can open an new support request like this:

    Best regards,

    Rita


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, July 30, 2018 1:59 AM
  • Hello Marie,

    Was your question answered through the Azure Support Ticket?

    If you do not have access to a support plan, please reach out @ AZCommunity@microsoft.com with a link to this Issue as well as your subscription ID and we can help get the support ticket opened for this issue.

    Thank you.


    Wednesday, August 29, 2018 12:38 PM
  • Hello again Marie,

    I did some research internally and I found that the ticket was opened and your problem solved :). Sharing with others the solution:

    • Devices were using as SharedAccessKey the Primary Key from iothubowner. In order to overcome the issue the iothubowner key was reset and devices started using their own Primary Keys to connect to IotHub.

    Thank you!


    Wednesday, August 29, 2018 12:56 PM