客户Azure RBAC角色限制用户功能 [英] Customer Azure RBAC role to limit user functionality
问题描述
您好;
我正在寻找创建自定义Azure RBAC角色。 Essentiality希望允许访问权限查看他们管理的虚拟机的所有信息,并允许停止/启动等任务。 - 这已经完成
I'm looking to create an custom Azure RBAC role. Essentiality were looking to allow access to see all of the information for the virtual machines they manage and allowing tasks such as stop / start. - This is complete
但是,我们还希望他们管理附加到
虚拟机的管理磁盘的快照。当我们去创建快照时,我们得到了错误。 - 不信任发布图片。
We however we also want them to mange snapshots of the manage disks attached to the virtual machines. When we go to create a snapshot we get the error. - Not trusted to post image.
错误 - 您没有 Microsoft.deployments
我不想让这些用户能够部署azure资源,但我们确实想要给他们管理某些虚拟机及其快照的所有方面。
I don't want to give these users the ability to deploy azure resource, but we do want to give them to manage all aspects of certain virtual machine and their snapshots.
有没有允许写入访问 Microsoft.deployments资源提供者?
Is there way of doing this without allowing write access to the Microsoft.deployments resource provider ?
推荐答案
Hello Hodgkinson,
Hello Hodgkinson,
我使用Power Shell创建了一个自定义角色定义,如下所示遵循
I have created a custom Role Definition using Power Shell as below with the capabilities as follows
1。允许访问以查看虚拟机的所有详细信息并允许停止/启动。
1. Allow access to see all of the details for the virtual machines and allowing to stop/start.
2。管理连接到虚拟机的管理磁盘的快照。
2. Manage snapshots of the manage disks attached to the virtual machines.
创建PS脚本并在Azure PowerShell中运行脚本。这将在Azure订阅中创建一个名为"虚拟机操作员"的自定义角色定义。
Create a PS script and run the script in Azure PowerShell. This will create a custom role definition named as 'Virtual Machine Operator' in your Azure subscription.
注意:请记住在以下行的脚本中替换您的azure订阅ID
Note: Please remember to substitute your azure subscription ID in the script in the following line
role.AssignableScopes.Add(" / subscriptions / 11111111-1111-1111-1111-111111111111")
role.AssignableScopes.Add("/subscriptions/11111111-1111-1111-1111-111111111111")
完整PS脚本如下:
role = Get-AzureRmRoleDefinition" Virtual Machine Contributor"
role = Get-AzureRmRoleDefinition "Virtual Machine Contributor"
这篇关于客户Azure RBAC角色限制用户功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
