Press "Enter" to skip to content

Category: Cloud

Creating a RunAsAccount in Azure for Azure Automation

Warning: We have three different people with three different levels of security in our Azure tenant and only one of us could create this account.

Person 1: Is the owner of a Resource group and can create items in the resource group, including the Automation Account and Runbooks, but can not create the RunAsAccount

Person 2: Is the tenant admin and can do what Person 1 can do and a lot more, but does not have permissions to create a user in Azure AD, so can not create the RunAsAccount either.

Person 3: Has all of the permissions as person 2, but is also able to create users in Azure AD, so he was the only one that was able to create the RunAsAccount.

Below are the steps that he followed to create the account

1. In the Azure portal, click All resources. In the list of resources, select the Automation account from the list of Automation accounts.

2. In the left-hand pane, select Run As Accounts under the section Account Settings.

3. Select Azure Run As Account. After selecting the Add Azure Run As Account, a pane appears and after reviewing the overview information, click Create to proceed with Run As account creation.

4. While Azure creates the Run As account, you can track the progress under Notifications from the menu. A banner is also displayed stating the account is being created. This process can take a few minutes to complete.

Since we only wanted the RunAsAccount to have permissions to certain Resource groups and not the whole subscription, we followed the steps below.

Limiting Run As account permissions – To restrict what the RunAs service principal can do, you can remove the account from the contributor role to the subscription and add it as a contributor to the resource groups you want to specify.

1. In the Azure portal, select Subscriptions and choose the subscription of your Automation Account. Select Access control (IAM) and search for the service principal for your Automation Account (it looks like _unique identifier). Select the account and click Remove to remove it from the subscription.

2. To add the service principal to a resource group, select the resource group in the Azure portal and select Access control (IAM). Select Add, this opens the Add permissions page. For Role, select Contributor. In the Select text box type in the name of the service principal for your Run As account, and select it from the list. Click Save to save the changes. Do this for the resources groups you want to give your Azure Automation Run As service principal access to.

 

 

 

Leave a Comment

2018’s list of goals

Many items peak my interest and that can sometimes make it difficult to choose a few that I would like to gain a deeper learning of, but I think my current role will guide me in 2018.

In no particular order:

SQL Server on Linux: This is a no brainer. As long as I can remember, I have preferred to work with command line over gui based tools. I’ve always felt like I have more control over what I am doing. And now that SQL Server is on Linux, I want to dig in and learn whatever I can. I think I also like the idea, that there aren’t a lot of SQL Server DBA’s that are familiar with Linux.

Cloud: I’ve played around in the cloud for years, but with little reason. Between Azure options and the Oracle Cloud, it’s time to start looking at the differences and see where each can help me.

Power BI: With Power BI Premium, I think this is a game changer for Corporate adoption.

Make it to PASS Summit: I’ve been to Oracle Open World 3 times, but do to job responsibilities or other co-workers training needs, I have unfortunately never made it to PASS. I don’t mind Open World, but more and more I can see PASS being more beneficial.

Leave a Comment

Oracle Open World and PASS Summit

A little less than a month ago I attended Oracle Open World in San Francisco. It’s been a few years since I last attended the conference. Although San Francisco seems to have changed the conference has stayed the same. Numerous days of sessions that are very informative. As I felt the last time I attended, many of the sessions seem like marketing sessions, this isn’t a bad thing, just different. I did really enjoy some sessions dealing with Oracle EBS, Oracle Cloud and DBA topics. One session “Navigating your DBA Career in the Oracle Cloud” by Craig Shallahamer from orapub.com was very eye opening. Enough so, that I have started to look more closely at my future.

PASS Summit is going on right now and unfortunately, I am not in attendance. However, thanks to PASSTV, I have been able to watch numerous days worth of keynotes and sessions. This is definitely a conference that I would like to attend in the future. I know a good amount of people that attend every year and love this conference.

Leave a Comment

Combination of Both Worlds

I just recently came back to my blog and noticed that my last post stated that I was going back to Oracle. I did, but the fit with that employer was not the best and I moved on to another company at the beginning of 2016. I couldn’t be happier with that move in 2016. I get to work with SQL Server and Oracle along with other software packages. Some items that I am working on or researching and would like to blog about in the future, Automic Scheduling software, SQL Server on Linux, Azure, Azure Analysis Services, Business Intelligence, Power BI, Oracle Data Guard, Oracle Cloud and other various items.

Leave a Comment