How to get Add(or modify) AccessPolicy to Azure-Keyvault - caller user information in the REST APIs
Currently, given a keyvault, one can retrieve the Access Policies for the given KeyVault through REST apis(or Azure Powershell), but not the information about the creation of the access policies itself. So, is there a way to get the ObjectId (or the user) that added the Access Policy to the Keyvault along with the time of creation?
This information, about the calling user, is available when an alert is configured to trigger whenever there is an administrative change to the Keyvault in the Caller field. So, I am assuming this information is available.
This information will be very handy to track security incidents when we see suspicious principals added to the Access policies.
azure-keyvault azure-security
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
add a comment |
Currently, given a keyvault, one can retrieve the Access Policies for the given KeyVault through REST apis(or Azure Powershell), but not the information about the creation of the access policies itself. So, is there a way to get the ObjectId (or the user) that added the Access Policy to the Keyvault along with the time of creation?
This information, about the calling user, is available when an alert is configured to trigger whenever there is an administrative change to the Keyvault in the Caller field. So, I am assuming this information is available.
This information will be very handy to track security incidents when we see suspicious principals added to the Access policies.
azure-keyvault azure-security
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
add a comment |
Currently, given a keyvault, one can retrieve the Access Policies for the given KeyVault through REST apis(or Azure Powershell), but not the information about the creation of the access policies itself. So, is there a way to get the ObjectId (or the user) that added the Access Policy to the Keyvault along with the time of creation?
This information, about the calling user, is available when an alert is configured to trigger whenever there is an administrative change to the Keyvault in the Caller field. So, I am assuming this information is available.
This information will be very handy to track security incidents when we see suspicious principals added to the Access policies.
azure-keyvault azure-security
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
Currently, given a keyvault, one can retrieve the Access Policies for the given KeyVault through REST apis(or Azure Powershell), but not the information about the creation of the access policies itself. So, is there a way to get the ObjectId (or the user) that added the Access Policy to the Keyvault along with the time of creation?
This information, about the calling user, is available when an alert is configured to trigger whenever there is an administrative change to the Keyvault in the Caller field. So, I am assuming this information is available.
This information will be very handy to track security incidents when we see suspicious principals added to the Access policies.
azure-keyvault azure-security
azure-keyvault azure-security
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
asked Nov 19 '18 at 22:21
bsoundrabsoundra
5282725
5282725
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383491%2fhow-to-get-addor-modify-accesspolicy-to-azure-keyvault-caller-user-informati%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53383491%2fhow-to-get-addor-modify-accesspolicy-to-azure-keyvault-caller-user-informati%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
