What permissions I need to set for the following scenario:
I want to use Azure service bus in order to be able to connect a windows service agent running on premise and a worker role running in azure. The agent itself is a software that will run on different customers premises and communicate with my worker role via service bus. The worker role once per day will send a message to specific (maybe all, maybe few only) customers agent on premise, asking for some data. The agent will return the data to the worker role via service bus. In order to send custom message to specific customer agent I will use topics and subscriptions where every customer agent will lessen to it's specific subscription.
Now in order to build that agent and access service bus I have to make use of the namesapece, issuer name, issuer key which by default it's owner. Well owner has full control everywhere on that service bus therefore I don't want to give the owner credentials and secret key to each customer agent service. That means I have to build custom identity for each customer or a common one for all.
My questions: what do you recommend:
- one common service identity for all agents or generate one identity for each agent service?
- what is the minimum access I should give to them? I guess
ListenandSendright?
We use the Service Bus Relay to expose internal services to third parties. We secure the services using SAS and create a new Shared Access Policy with the appropriate permissions (typically Send, Listen) for each client. On the "Configure" tab in the portal, add a "new policy name" then "save". You can then retrieve the Shared Access Key in the bottom section of the portal.
We found this method easier than generating IDs under ACS.