Skip to content

[Doc]: Get-AzKeyVaultCertificateContact - What is least privilege permission in both RBAC and access policy? #27911

New issue
New issue
Open
Open
[Doc]: Get-AzKeyVaultCertificateContact - What is least privilege permission in both RBAC and access policy?#27911
Assignees
notyashhh
Labels
Azure PS TeamKeyVaultcustomer-reportedquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
@o-l-a-v

Description

@o-l-a-v
o-l-a-v
opened on Jun 10, 2025

Type of issue

Other (describe below)

Feedback

What's the least privilege permissions for Key Vault to do Get-AzKeyVaultCertificateContact, both for access policies and RBAC? Is RBAC even supported?

When request to an RBAC enabled Key Vault fails, the error says action Microsoft.KeyVault/vaults/certificatecontacts/write is required. This seems overkill. But seems to be the only relevant action available:

For access policy based Key Vaults, it seems to be managecontacts, which also is a write permissions?

Page URL

No response

Content source URL

No response

Author

No response

Document Id

No response

Platform Id

No response

Metadata

Metadata

Assignees

Labels

Azure PS TeamKeyVaultcustomer-reportedquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions