We have discussed how we can setup system assigned identity and use it to assign roles in Azure app Config service in the post "Role Assignment with Azure Bicep". IF we are using managed identity as system assigned each of the web app, function app will have different identity and granting permissions in a service such as Azure App Config service would need to add multiple role assignement, assigning each app system assigned managed identity with the required role to read configs. However, if you use a single user assigned identity to all the app service apps, you can use single role assignment in the required service. Let's explore how to create and assign user assigned ident step by step in Azure Bicep infrastructure as code.