只允许某些地区使用托管应用程序? [英] Allowing only some regions for a Managed App?

问题描述

我正在使用托管应用程序，并且需要将应用程序的用户限制为特定位置/区域的子集.

查看https://docs.microsoft.com/zh-cn/azure/managed-applications/create-uidefinition-overview，它看起来像基础"中的3个字段，订阅"，资源组"和位置"是预定义的.所有示例均显示 仅使用createUiDefinition.json向此基础步骤添加新字段，而没有修改这三个字段.

有什么方法可以为位置"字段指定允许区域的列表吗?除非有任何方法可以更改至少更改默认位置?

解决方案

您可以使用授权进行身份验证和锁定， 发布.

包含受管应用程序一部分资源的资源组为锁定"给客户.客户对此资源具有只读访问权限 资源组.结果，客户不会意外删除或更新作为托管应用程序一部分的资源.但是，托管应用程序的发布者会获得所需的权限，从而使他能够维护，服务 并在客户的租户中升级应用程序.这些权限由典型的 Azure RBAC角色.  

有关详细信息，请参阅"

--------------- -------------------------------------------------- ------------------------------

如果此答案有帮助，请单击标记为答案"或向上" -投票".要提供有关您的论坛体验的其他反馈，请单击 在这里 >

I'm working with managed applications, and need to restrict the users of the app to particular subset of locations/regions.

Looking at https://docs.microsoft.com/en-us/azure/managed-applications/create-uidefinition-overview it looks like the 3 fields in Basics, "Subscription", "Resource group" and "location" are predefined. All of the examples show only using the createUiDefinition.json to add new fields to this Basics step, but none modifying those three. 

Is there any way to specify a list of allowed regions for the Location field? Baring that, is there any way to change at least change the default location?

解决方案

You can use Authorizations to authentication and lock while publishing.

The resource group containing the resources which are part of the Managed Application is "locked" for the customer. The customer has read-only access to the resources in this resource group. As a result, the customer cannot accidently delete or update the resources which are part of the Managed application. The publisher of the managed application, however, gets either the required permissions which enables him to maintain, service and upgrade the application in the customer’s tenant. These permissions are defined by the typical Azure RBAC roles.  

For more details, refer "Apply policy to managed resource group".

-----------------------------------------------------------------------------------------------

If this answer was helpful, click "Mark as Answer" or "Up-Vote". To provide additional feedback on your forum experience, click here

这篇关于只允许某些地区使用托管应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！