Requirements & preflight
- A subscription for sprig (a dedicated subscription is recommended: cleanest budget and policy boundary).
- The installing operator holds Owner on that subscription.
- Region supporting Linux consumption Function Apps and Static Web Apps (most do;
westeuropeis the tested default).
The installing operator can, at install time:
- create app registrations,
- grant admin consent / Graph app roles (Global Administrator, or Privileged Role Administrator + Application Administrator).
This is needed once. Day-to-day operation requires only the Ops app role that the installer assigns.
Workstation (the operator’s machine)
Section titled “Workstation (the operator’s machine)”azCLI (logged in),python3, Node.js ≥ 20,npm,zip,curl.
Data side (for Fabric-backed apps)
Section titled “Data side (for Fabric-backed apps)”- A Microsoft Fabric workspace with an API for GraphQL item exposing the data your builders should reach.
- Builders and viewers get Fabric permissions through your normal data-governance process — sprig does not grant data access.
Preflight checklist
Section titled “Preflight checklist”- Subscription chosen and quota sane (each builder adds one resource group; each app one Static Web App).
- Operator can run
az loginand reach both Azure and Graph. - Decided who holds the Ops role (share approvals) — one or more named people.
- Budget amount and alert email chosen.
- Read Exact permissions granted — your security team will ask.