Hey everyone! I'm trying to wrap my head around why Microsoft limits access to the SCM/Kudu tool for their app services. Essentially, I'm looking to allow our developers read-only access to our production applications, so they can support their apps without being able to make manual changes. The default "Reader" role doesn't provide access to Kudu, and there aren't any custom role permissions that fit this need. The next role, "Website Contributor," would allow them to make changes, which isn't what I want. Even with Privileged Identity Management, that feels too risky. It doesn't really make sense to me why Microsoft wouldn't permit read access to Kudu since it seems like a valuable resource for troubleshooting, and I haven't found any sensitive data there—everything important is stored in a key vault. Can someone explain why Microsoft restricts this level of access?
2 Answers
I’ve faced the same issue, and it really is confusing! It feels like there should be a better solution.
Accessing Kudu gives users shell access, which can lead to write operations. That’s probably why Microsoft avoids granting read access. It sounds like the system is meant to prevent potential exposure of sensitive data that could be mishandled by users with Kudu access.
They could definitely restrict the console access and still allow Kudu as read-only. But maybe Microsoft is just playing it safe because some customers might have secrets in environment variables that aren’t stored properly.