I have an event grid domain. It has multiple topics like topic 1, topic 2 etc. I have event publishers called publisher 1, publisher 2 etc. I want to restrict publisher 1 to topic 1, i.e. publisher 1 can only publish event to Topic 1. Similarly publisher 2 should be able to publish only to Topic 2. I thought I can achieve this by using Topic level Rbac, but this does not seem to work. Even though I have given publisher 1 event grid data sender permission at the Topic 1 level, i am getting error stating i need permission for the entire domain - The principal associated with access token presented with the incoming request does not have permission to send data to ...providers/Microsoft.EventGrid/domains/

I have an event grid domain. It has multiple topics like topic 1, topic 2 etc. I have event publishers called publisher 1, publisher 2 etc. I want to restrict publisher 1 to topic 1, i.e. publisher 1 can only publish event to Topic 1. Similarly publisher 2 should be able to publish only to Topic 2. I thought I can achieve this by using Topic level Rbac, but this does not seem to work. Even though I have given publisher 1 event grid data sender permission at the Topic 1 level, i am getting error stating i need permission for the entire domain - The principal associated with access token presented with the incoming request does not have permission to send data to ...providers/Microsoft.EventGrid/domains/

• azure-eventgrid
• azure-rbac
• azure-eventhub-client

Share Improve this question Follow edited Mar 25 at 14:10 Azure Dev asked Mar 24 at 17:42 Azure DevAzure Dev 10733 silver badges1414 bronze badges 1

• This is from Azure Event Grid documentation: "Access management With a domain, you get fine grain authorization and authentication control over each topic via Azure role-based access control (Azure RBAC). You can use these roles to restrict each tenant in your application to only the topics you wish to grant them access to. Azure RBAC in event domains works the same way managed access control works in the rest of Event Grid and Azure. Use Azure RBAC to create and enforce custom role definitions in event." – Azure Dev Commented Mar 25 at 14:31

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

I had to give the sender permission at the Event Grid Domain level to resolve this issue. I was myself expecting the granular permissions to be at domain topic level as per the docs. However this does not seem to be the case. With the top level permissions in place i was expecting it to fail when i removed the topic level permissions but it didn't.

Apologies this is only answer, I know of at this time.