Create a detailed documentation on permissions for AAD/subscription

[cdennig]

We need a new section in the corresponding setup challenges of Day 2 / 7 for participants to be able to setup the Azure environment upfront:

• What permissions are needed to complete all challenges?
• How to test if a user has the correct setup?

CC: @AndreasM009

[waeltken]

To my knowledge we need:

Subscription: Owner or Contributor + User Access Administrator
Active Directory: Azure Application Administrator Role

For Active Directory the Application Developer role might also be enough?

[cdennig]

Is this also sufficient for the k8s stuff?

[AndreasM009]

For day5 we need Application Administrator Role in AAD. This role is needed to consent OAuth2 Permissions. Application Developer role is only enough if users are allowed to grant consent to OAuth2 permissions. It is a setting that can be configured under AAD-> Enterprise Applications -> User settings.
There is also a setting under AAD -> App Registration -> User Settings to allow non Administrators to register applications. But we have to test that, if the configuration in User settings would be enough.