role assignment in terraform

Simple Azure Role Assignments with Terraform

I am setting up my instance of Serverless360 to monitor my Azure environment and provide operations for my support team and this involves configuring Serverless360 with a Service Principal which has access to certain resources in Azure. A good way to configure things is to setup the service principal with just the roles that are needed. I would like to script this to be able to make it easy to add new roles and permissions.

I chose to use terraform and I started by creating a list of the roles I want to assign to a resource group.

Next up I need a reference to the service principal in Azure AD. I can use the azure ad provider for terraform and provide the application id as a variable to reference the object.

Next up I need a data reference to my resource group. Note this is just a scope id so I could point to an individual resource or a subscription but in my case I am choosing to use the resource group as the level I will set permissions.

Now I can use the for_each function in terraform and point to my locals list of roles and it will iterate over the list of roles and add a role assignment for each one for that service principal to the resource group.

If I run my terraform I can see my roles are assigned

I can now just add another role name to the list and run it again and it will add another role to my resource group which would grant permissions to my service principal if I want to let my service principal now access a queue.

I can also just copy and paste and modify the resources if I want to manage other resource groups with different roles and I can also remove a role from the list if I want it to be removed from the permissions that I have applied.

Hopefully this makes it easy to see how to manage roles with terraform and if your configuring permissions for your Serverless360 setup this will give you an easy way to apply them.

The full script is below

Share this story, choose your platform, about the author: mike stephenson.

Related Posts

Knowledge management videos for integrate 2024, cost management videos for integrate 2024, clean up non workspace app insights, how much waste is in your azure environment.

NashTech Insights

Digital solutions for your business.

Combining strategy, technology, automation and people

Technology advisory

Navigate the fast-changing world.

Cloud engineering

Transformational change at scale and speed

Data solutions

Realise the untapped potential of data.

AI and machine learning

Leverage your data assets.

Application engineering

Optimise and grow your digital investment.

Maintenance and support

End-to-end application management.

Business process solutions

Manage business processes to reduce operating costs.

Quality solutions

Independent testing for your systems and software.

We provide solutions tailored to your sector to assist you in identifying opportunities, realising value and opening up new markets.

Financial services and insurance

Insurance, risk management, banks, and fintech

Patient empowerment, Lifesciences, and pharma

Functional and emotional customer experiences online and in-store

Airlines, online travel giants, niche disruptors

Media and publishing

Content consumption for the tech-driven audience

Hi-tech and IOT

Real-time information and operational agility and flexibility to respond to market changes

Logistics and supply chain

Reimagine a supply chain that is more flexible and resilient to change

Create an exciting and engaging digital experience for students and departments

Our thinking

The latest updates to help future-focused organisations on the issues that matter most in business.

• Case studies

Managing Azure Role Assignments with Terraform

• Application Management Services , Cloud Engineering
• September 3, 2023

Atisha Shaurya

Table of contents.

Azure Role-Based Access Control (RBAC) is a powerful feature that allows you to manage access to Azure resources. With Azure RBAC , you can grant specific permissions to users, groups, or applications, ensuring they have the right level of access to Azure resources. Terraform, an Infrastructure as Code (IaC) tool, can help you automate and manage Azure RBAC role assignments efficiently. In this blog post, we’ll explore the importance of Azure RBAC and guide you through how to manage role assignments using Terraform.

Why Use Azure RBAC?

Azure RBAC offers several key benefits:

• Granular Access Control : RBAC provides fine-grained control over access to Azure resources, ensuring that users only have the permissions they need to perform their tasks.
• Security : RBAC enhances the security of your Azure environment by reducing the risk of unauthorized access and data breaches.
• Compliance : Many regulatory standards, such as HIPAA and GDPR, require strict access control. Azure RBAC helps you meet compliance requirements.
• Efficiency : Automating RBAC role assignments with Terraform streamlines the access management process and reduces manual errors.

Managing Azure RBAC Role Assignments with Terraform

To manage Azure RBAC role assignments using Terraform, follow these steps:

1. Install Terraform

If you haven’t already, install Terraform by following the official installation guide: Terraform Installation Guide

2. Authenticate Azure CLI

Ensure you are authenticated with your Azure subscription using the Azure CLI:

3. Create a Terraform Configuration

Create a new directory for your Terraform configuration and create a .tf file, e.g., rbac.tf . Add the following content to define a role assignment:

In this Terraform configuration:

• We specify the Azure provider.
• We create an azurerm_role_assignment resource, defining the principal_id , role_definition_name , and scope .

4. Initialize and Apply the Configuration

Navigate to the directory where your Terraform configuration file is located. Initialize Terraform by running:

Then, apply the configuration to create the role assignment:

Terraform will prompt you to confirm the creation of the role assignment. Enter yes to proceed.

5. Verify the Role Assignment

Once Terraform completes the deployment, you can verify the role assignment on the Azure portal or by using Azure CLI commands. For example, to list role assignments for a specific resource group:

Managing Azure RBAC role assignments using Terraform streamlines access control, enhances security, and ensures compliance with regulatory standards. By following the steps outlined in this blog post, you can efficiently assign roles to users, groups, or applications, ensuring they have the right level of access to Azure resources. This automation simplifies access management and reduces the risk of manual errors, making your Azure environment more secure and compliant.

Share this:

Suggested article, leave a comment cancel reply.

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Notify me of follow-up comments by email.

Notify me of new posts by email.

API Integration Test. How to do it right?

Scaling graphql with federation: a path to efficient microservice architecture.

Unlock Your DevOps Potential with Comprehensive DevOps maturity Assessment

Good Workaround!

Assigning PIM Azure RBAC permissions using Terraform and ARM template

Currently, Terraform does not support eligible assignments of permissions in Azure RBAC, and only active assignments using the azurerm_role_assignment resource. Continue reading if you want to be able to assign your eligible assignments using ARM or Terraform (Terraform willl use the ARM template).

With the 3rd version of the PIM APIs, we have something called Role Eligibility Schedule Request, available through documented through the API documentation and the ARM documentation . However, the documentation can be a bit difficult to understand, especially because the roleDefinitionId in the ARM template must be provided differently than the when using the API.

Let’s first define an ARM template, as below, that can be used to assign eligible permissions:

Parameter – principalId

This should be the objectid of the principal you are granting the access to. If you are assigning permissions to user [email protected], use the following value:

Parameter – roleDefinitionId

I spent way too much time to figure out the format of the value for this parameter, but it should be like this:

The first guid (1272951b-df54-45eb-9c08-a8c93ea18302) should be changed to the subscription i d of your subscription, while the second guid (b24988ac-6180-42a0-ab88-20f7382dd24) is the Azure RBAC role id, found here . The example provided is “Contributor”.

Parameter – id

All eligible schedule requests have a unique ID, defined client side, so this should basically just be a unique guid. The ARM template generates ut automatically.

Parameter – requestType

I have defaulted this to AdminUpdate, as that will also work with new assignments. However, due to how PIM works, in order to actually remove an assignment, you must deploy the ARM template with the value “AdminRemove”. This is super anoying, from a Terraform perspective. Also, when deploying with AdminRemove for a second time, it fails with RoleAssignmentDoesNotExist.

Deploying using ARM template

Here is how to deploy eligible contributor permission to a user with objectid e9176fb9-63d3-480a-a51f-e5399059b588 on subscription level:

And this is how to do the same thing on resource group level:

Now that we have things going with ARM template, let’s do it with Terraform aswell.

Deploying using Terraform

Some say it’s cheating, but we need to use the ARM template here aswell. This is because currently no Terraform resource exist for eligible role assignments.

Also, Terraform does not support comments in JSON documents, so remove them before saving the file.

Go to https://github.com/goodworkaround/terraform-az-rbac-pim-assignment and clone my Terraform example. The example uses the Azure AD provider to create groups, which is not necessary. You can get away with only the AzureRM provider, but then you need to specify the objectids of the principals you are granting access to.

There are two modules available:

PIM Assignment – Subscription

The following code will create an Azure AD group called “subscription_owner_group_1” and assign it eligible “Owner”

As an admin in PIM, you will find the following assignment:

Members of the group should see this in PIM:

It is worth noting that simply unloading the module will not remove the assignment. Instead, the module must be used with request_type = “AdminRemove”, as it will remove the permission. Then you can remove the module.

PIM Assignment – Resource Group

The following code will create an Azure AD group called “rg_contributor_group_1”, a resource group “rg1” and delegate the group eligible Contributor on the resource group:

Share this:

Published by Marius Solbakken

View all posts by Marius Solbakken

16 thoughts on “ Assigning PIM Azure RBAC permissions using Terraform and ARM template ”

Nice article, could you please tell me the Role that is assigned to the service principle doing this task?

Hi, if you mean the role of the principal that deploys the ARM template, it is either Owner or User Access Administrator. 🙂

thank you! I will try with that.

Have you tried using AdminRemove test for the same principle ID which was added by AdminAdd step? It fails every time.

I have, with success – what is your error message?

Error: removing items provisioned by this Template Deployment: `properties.OutputResources` was nil – insufficient data to clean up this Template Deployment

Ah yes, can you try to disable the delete_nested_items_during_deletion setting of the azurerm provider to see if that resolves things?

yup that worked, I don’t really use ARM deployment with TF, but your article has been quite helpful.

one more thing I noticed, after assigning az resource PIM role to principleID, If I run the same release again, it fails with error that { “code”: “Conflict”, “message”: “A role assignment request with Id: a2d47b66-96d6-16d4-5b35-29b3139cae94 already exists” } . I thought it would just pass through

Yes I know. The API expects a unique is each time. Terrible design on the Microsoft side

Will this work for ADRoles like “User Administrator” or “Application Administrator” . I am trying to work make PIM for Azure AD roles

No, this is for RBAC only. Azure AD PIM roles is a completely different api 🙂

That is right, also make sure yours SPN has the right api permissions and Rbac to do this via code for Az Resource Roles or AD roles 🙂 For Resource Roles I was able to get it working with User Access Admin on the subscription as well as Contributor Access with User.Read, PrivilegedAccess.Read.AzureResources and PrivilegedAccess.Write.AzureResources access with Grant persimmons as least .

Great solution! A couple of questions if you don’t mind!

1/ we were thinking to use ‘az rest’ to achieve the same but all of our testing using: https://docs.microsoft.com/en-us/rest/api/authorization/role-eligibility-schedule-requests/create#requesttype

with basically an identical payload it didn’t create the assignment, it left it in a strange ‘pending’ state

any thoughts on why this might be?

2/ any ideas on setting the role policy via ARM or REST? eg MFA required, 4 hours, etc… it uses PATCH method: https://docs.microsoft.com/en-us/rest/api/authorization/privileged-role-policy-rest-sample#update-a-role-management-policy

This is great solution but I am facing an issue when running AdminRemove on resource group template, it fails by saying below error:

Error: removing items provisioned by this Template Deployment: deleting Nested Resource “/subscriptions/***/resourceGroups/***/providers/Microsoft.Authorization/roleEligibilityScheduleRequests/***”: resources.Client#DeleteByID: Failure sending request: StatusCode=405 — Original Error: Code=”Failed” Message=”The async operation failed.” AdditionalInfo=[{“message”:”The requested resource does not support http method ‘DELETE’.”}]

Hi, for this you will need to disable the delete_nested_items_during_deletion feature tag. This was defaulted to true some point in the past.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment

Leave a comment Cancel reply

• Already have a WordPress.com account? Log in now.
• Subscribe Subscribed
• Copy shortlink
• Report this content
• View post in Reader
• Manage subscriptions
• Collapse this bar

azurerm_role_assignment

Assigns a given Principal (User or Application) to a given Role.

Example Usage (using a built-in Role)

Example usage (custom role & service principal), example usage (custom role & user), argument reference.

The following arguments are supported:

name - (Optional) A unique UUID/GUID for this Role Assignment - one will be generated if not specified. Changing this forces a new resource to be created.

scope - (Required) The scope at which the Role Assignment applies too, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333 , /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup , or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM . Changing this forces a new resource to be created.

role_definition_id - (Optional) The Scoped-ID of the Role Definition. Changing this forces a new resource to be created. Conflicts with role_definition_name .

role_definition_name - (Optional) The name of a built-in Role. Changing this forces a new resource to be created. Conflicts with role_definition_id .

principal_id - (Required) The ID of the Principal (User or Application) to assign the Role Definition to. Changing this forces a new resource to be created.

Attributes Reference

The following attributes are exported:

• id - The Role Assignment ID.

Role Assignments can be imported using the resource id , e.g.

© 2018 HashiCorpLicensed under the MPL 2.0 License. https://www.terraform.io/docs/providers/azurerm/r/role_assignment.html

Navigation Menu

Search code, repositories, users, issues, pull requests..., provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications You must be signed in to change notification settings

[Examples] Override Module Role Assignments

This page describes how to deploy your Azure landing zone with a custom configuration, including guidance on how to override the dynamically generated Role Assignments for a specific Policy Assignment with Managed Identity.

NOTE: This feature is available from version 0.2.2.

We will use the Deploy-HITRUST-HIPAA and Deploy-SQL-Auditing policy assignments as an example.

On deployment, the module will auto-generate the role assignments necessary for any Policy Assignment when a Managed Identity is required to support policies using Modify or DeployIfNotExists effects.

We will update the built-in configuration following these steps:

Create the policy assignment definitions Deploy-HITRUST-HIPAA and Deploy-SQL-Auditing

Create the custom archetype definition customer_online

Override the dynamically generated Role Assignments for Deploy-HITRUST-HIPAA and Deploy-SQL-Auditing Policy Assignments in a custom Landing Zone Management Group.

Enable the role assignment override with custom_policy_roles

IMPORTANT: Ensure the module version is set to the latest, and don't forget to run terraform init if upgrading to a later version of the module..

Example root module

To make the code easier to maintain when extending your configuration, we recommend splitting the root module into multiple files. For the purpose of this example, we use the following:

terraform.tf

Variables.tf, lib/policy_assignments/policy_assignment_dhh_policy_set_definition.json, lib/policy_assignments/policy_assignment_dsa_policy_set_definition.json, lib/archetype_definitions/archetype_definition_customer_online.json.

The terraform.tf file is used to set the provider configuration, including pinning to a specific version (or range of versions) for the AzureRM Provider. For production use, we recommend pinning to a specific version, and not using ranges.

The variables.tf file is used to declare a couple of example variables which are used to customize deployment of this root module. Defaults are provided for simplicity, but these should be replaced or over-ridden with values suitable for your environment.

The main.tf file contains the azurerm_client_config resource, which is used to determine the Tenant ID from your user connection to Azure. This is used to ensure the deployment will target your Tenant Root Group by default.

It also contains the module declaration for this module, containing a number of customizations as needed to meet the specification defined in the overview above. The custom_policy_roles is explained later in this example.

To allow the declaration of custom templates, you must create a custom library folder within the root module and include the path to this folder using the library_path variable within the module configuration. In our example, the directory is /lib .

NOTE: To learn more about module configuration using input variables, please refer to the Module Variables documentation.

In the /lib directory create a policy_assignments subdirectory.

In the subdirectory policy_assignments create a policy_assignment_dhh_policy_set_definition.json file. This files contains the Policy Assignment definition for Deploy-HITRUST-HIPAA

In the subdirectory policy_assignments create a policy_assignment_dsa_policy_set_definition.json file. This files contains the Policy Assignment definition for Deploy-SQL-Auditing

IMPORTANT: Please ensure you create this file in the /lib directory within your root module.

In the /lib directory create an archetype_definitions subdirectory.

In the subdirectory archetype_definitions create an archetype_definition_customer_online.json file. This file contains a custom "archetype definition" including the creation of Policy Assignments for Deploy-HITRUST-HIPAA and Deploy-SQL-Auditing

Override the dynamically generated Role Assignments

To map a Role Definition against the Policy Assignments we need to assign the role definition id(s) to the policy definition id. This is the definition of the variable custom_policy_roles and the theoretical expected values:

For this example the custom_policy_roles is this:

Override Module Role Assignments

You have successfully overridden the built-in role definitions using custom_policy_roles for your Azure landing zone.

This wiki is being actively developed

If you discover any documentation bugs or would like to request new content, please raise them as an issue or feel free to contribute to the wiki via a pull request . The wiki docs are located in the repository in the docs/wiki/ folder.

Azure landing zones Terraform module

• Getting started
• Module outputs
• Module permissions
• Module variables
• Module releases
• Module upgrade guidance
• Provider configuration
• Archetype definitions
• Core resources
• Management resources
• Connectivity resources
• Identity resources
• Video guides
• Deploy default configuration
• Deploy demo landing zone archetypes
• Deploy custom Landing Zone Archetypes
• Deploy connectivity resources (Hub and Spoke)
• Deploy connectivity resources (Virtual WAN)
• Deploy identity resources
• Deploy management resources
• Assign a built-in policy
• Create and assign custom RBAC roles
• Set parameter values for Policy Assignments
• Deploy multi region networking with custom settings (Hub and Spoke)
• Deploy multi region networking with custom settings (Virtual WAN)
• Deploy with Zero Trust network principles (Hub and Spoke)
• Deploy identity resources with custom settings
• Deploy management resources with custom settings
• Expand built-in archetype definitions
• Create custom policies, initiatives and assignments
• Override module role assignments
• Control policy enforcement mode
• Policy assignments with user assigned managed identities
• Deploy using module nesting
• Deploy using multiple module declarations with orchestration
• Deploy using multiple module declarations with remote state
• Frequently Asked Questions
• Troubleshooting
• Raising an issue
• Feature requests
• Contributing to code
• Contributing to documentation

Clone this wiki locally

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Quickstart: Create a policy assignment to identify non-compliant resources using Terraform

• 6 contributors

The first step in understanding compliance in Azure is to identify the status of your resources. This quickstart steps you through the process of creating a policy assignment to identify virtual machines that aren't using managed disks.

At the end of this process, you identify virtual machines that aren't using managed disks across subscription. They're non-compliant with the policy assignment.

When assigning a built-in policy or initiative definition, it's optional to reference a version. Policy assignments of built-in definitions default to the latest version and automatically inherit minor version changes unless otherwise specified.

Prerequisites

• If you don't have an Azure subscription, create a free account before you begin.
• Terraform version 0.12.0 or higher configured in your environment. For instructions, see Configure Terraform using Azure Cloud Shell .
• This quickstart requires that you run Azure CLI version 2.13.0 or later. To find the version, run az --version . If you need to install or upgrade, see Install Azure CLI .

Create the Terraform configuration, variable, and output file

In this quickstart, you create a policy assignment and assign the Audit VMs that do not use managed disks definition. This policy definition identifies resources that aren't compliant to the conditions set in the policy definition.

Configure the Terraform configuration, variable, and output files. The Terraform resources for Azure Policy use the Azure Provider .

Create a new folder named policy-assignment and change directories into it.

Create main.tf with the following code:

To create a Policy Assignment at a Management Group use the azurerm_management_group_policy_assignment resource, for a Resource Group use the azurerm_resource_group_policy_assignment and for a Subscription use the azurerm_subscription_policy_assignment resource.

Create variables.tf with the following code:

A scope determines what resources or grouping of resources the policy assignment gets enforced on. It could range from a management group to an individual resource. Be sure to replace {scope} with one of the following patterns based on the declared resource:

• Subscription: /subscriptions/{subscriptionId}
• Resource group: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}
• Resource: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/[{parentResourcePath}/]

Create output.tf with the following code:

Initialize Terraform and create plan

Initialize Terraform to download the necessary providers and then create a plan.

Run the terraform init command. This command downloads the Azure modules required to create the Azure resources in the Terraform configuration.

Authenticate with Azure CLI for Terraform. For more information, see Azure Provider: Authenticating using the Azure CLI .

Create the execution plan with the terraform plan command and out parameter.

For information about persisting execution plans and security, see Terraform Plan: Security Warning .

Apply the Terraform execution plan

Apply the execution plan.

Run the terraform apply command and specify the assignment.tfplan already created.

With the Apply complete! Resources: 1 added, 0 changed, 0 destroyed. message, the policy assignment is now created. Since we defined the outputs.tf file, the assignment_id is also returned.

Identify non-compliant resources

To view the resources that aren't compliant under this new assignment, use the assignment_id returned by terraform apply . With it, run the following command to get the resource IDs of the non-compliant resources that are output into a JSON file:

Your results resemble the following example:

The results are comparable to what you'd typically see listed under Non-compliant resources in the Azure portal view.

Clean up resources

To remove the assignment created, use Azure CLI or reverse the Terraform execution plan with terraform destroy .

In this quickstart, you assigned a policy definition to identify non-compliant resources in your Azure environment.

To learn more about assigning policies to validate that new resources are compliant, continue to the tutorial for:

Tutorial: Create and manage policies to enforce compliance

Was this page helpful?

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

Additional resources

• Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers
• Advertising & Talent Reach devs & technologists worldwide about your product, service or employer brand
• OverflowAI GenAI features for Teams
• OverflowAPI Train & fine-tune LLMs
• Labs The future of collective knowledge sharing
• About the company Visit the blog

Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Get early access and see previews of new features.

How do I make the scope of a custom role be Resourcegroup in azure?

I have written terraform for creating the user, resource group, and roledefinition.

I need to have the scope of resource definition be the resource group that I created.

I don't know how to do that. It would be great if someone could help on this.

Getting following error while executing above code:

Error: authorization.RoleDefinitionsClient#CreateOrUpdate: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="MissingSubscription" Message="The request did not have a subscription or a valid tenant level resource provider."

• azure-resource-manager

To create a custom role for the resource group, you need to have the permission Microsoft.Authorization/roleDefinitions/write , and to assign the custom role to a user, you need to have the permission Microsoft.Authorization/roleAssignments/write . The simplest way is that you have the Onwer role of the subscription.

And to create an Azure AD user:

To add or delete users you must be a User administrator or Global administrator.

When you have all the needed permission. Let's focus on your code. You also need to assign the custom role to the user you created with the scope of the resource group. Then you can change the code like this:

If you only want the custom available for the resource group, you can change the assignable_scopes with the resource group Id as azurerm_resource_group.terraform_rg.id .

• @MuneeshDuRaipandi Yeah, if you have any problems, please let me know. –  Charles Xu Commented Jun 22, 2020 at 6:23

Your Answer

Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more

Sign up or log in

Post as a guest.

Required, but never shown

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .

Not the answer you're looking for? Browse other questions tagged azure terraform azure-resource-manager or ask your own question .

• The Overflow Blog
• Scaling systems to manage all the metadata ABOUT the data
• Navigating cities of code with Norris Numbers
• Featured on Meta
• We've made changes to our Terms of Service & Privacy Policy - July 2024
• Bringing clarity to status tag usage on meta sites
• Tag hover experiment wrap-up and next steps

Hot Network Questions

• How am I being scammed?
• Why didn't Walter White choose to work at Gray Matter instead of becoming a drug lord in Breaking Bad?
• Can you cast a non-cantrip spell using your action, and make a bonus action melee spell attack on the same turn?
• Can light be somehow confined to create a kugelblitz?
• A burning devil shape rises into the sky like a sun
• Why does Air Force Two lack a tail number?
• How to make a case based on factual evidence that my colleague's writing style for submitted manuscripts has got to be overhauled?
• Are the US or its European allies offering Iran anything in return for de-escalation?
• In relation to the Tandy TRS-80 Model 1 and Model III, what are "ISAM" and "PDS"?
• Is it okay to mix accidentals when writing enharmonic notes in different parts?
• Variant of global failure of GCH
• Will lights plugged into cigarette lighter drain the battery to the point that the truck won't start?
• Can a Promethean's transmutation dramatic failure be used to benefit the Promethean?
• Did Newton predict the deflection of light by gravity?
• Formatting Column Headers with siunitx
• What is special about the εκκλεσια that Jesus says is 'my εκκλεσια'?
• Large scale structure/Single galaxy simulation on GPU
• Does full erase create all 0s or all 1s on the CD-RW?
• Can you continue a database log restore after putting an interim restore online?
• Unstable output C++: running the same thing twice gives different output
• Why is "a black belt in Judo" a metonym?
• GNOME Shell on Wayland was skipped because of an unmet condition
• Is there a limit to how much power could be transmitted wirelessly?
• How does an op amp amplify things in respect to its electron flow?