XIA Configuration Administrator's Guide

Certain optional components require additional permissions.

Management Groups

If management groups are implemented for a tenant and the management groups optional component is enabled, read access may need to be assigned to the management groups.

The account or service principal must have the following access right

Microsoft.Management/managementGroups/read over scope /providers/Microsoft.Management

For more information see the Error executing the command 'Get-AzManagementGroupDetails' support article.

Storage Accounts (Access Keys)

When the Storage Accounts (Access Keys) optional component is enabled the account or service principal must also have the following access right

Microsoft.Storage/storageAccounts/listKeys/action

Storage Accounts (Containers)

When the Storage Accounts (Containers) optional component is enabled the account or service principal must also have the following access right

Microsoft.Storage/storageAccounts/listKeys/action

Web Apps (FTP Publishing Settings)

When the Web Apps (FTP Publishing Settings) optional component is enabled the account or service principal must also have the following access right

Microsoft.Web/sites/publishxml/action