A colleague created a Run as account in an azure automation account. I don't see this Run as account although i have owner rights on this automation account. I have given myself Owner rights on the subscription, after that i have started to see it. With Contributor rights on the subscription level, it is not seen as well.
I want to use least privilege permission principle. So what is the minimum permissions to see a Run as account in an azure automation account?
If we want to create Run as account in Azure automation account, we need to do some steps. Every step needs different permissions.
Create Azure AD Application. When we complete the step, we need Azure AD role Application Developer
Add a credential to the application. With this step, we need Azure AD role Application Administrator
Create and get an Azure AD service principal. Doing the step, we need Azure AD role Application Administrator
Assign or get the Azure role for the specified principal. We need have these Azure RABC permissions
Create or remove an Automation certificate. Completing the step, we need to be Contributor on the resource group.
For more details, please refer to the official document
