'Writer' role in RBAC roles to limit data exfiltration risk for on-premises uploading applications #1255
Description
We have an on-premises component that uploads DICOM instance to the Azure (and would like to use the DICOM service instead).
In this scenario, we need that component to have the minimum rights possible (certainly not the ability to query, retrieve, or delete any instances, for example). Any of these rights increases the risk that an on-premises breach of escape of the application secret will lead to exfiltration of the customer's data with fully-laden PHI. One the data is in Azure, all our other applications that need to access it are also in Azure and can use RBAC, subnets, etc.
Presumably, the best way to achieve this would be with a 'Writer" role in the RBAC options.
User story
As a user in a lower-security environment, I want my application to only be able to store instances.
Acceptance criteria
- Application can use STORE route
- Application cannot query
- Application cannot delete
- Application cannot retrieve
- Application cannot observe changed feed