如何使用Powershell脚本为AAD中的所有数据(包括用户,组,分配的角色,所有资源)提供应用程序读取权限? [英] How to provide an application read permissions to all the data in AAD (including user, groups, assigned roles , all resources) using powershell script?
问题描述
使用Powershell脚本,我现在能做的是创建一个新应用程序,并分配角色以读取预订中的所有资源数据.我为此使用了Azure RM Powershell 6.8.1,我已阅读选择程序包Azure Active Directory" PowerShell 2.0"; 选择 Packag
What i am able to do for now, using the powershell script is create a new application and assign the role to read all resource data in a subscription. I am using Azure RM Powershell 6.8.1 for this, I have read "Select Package Azure Active Directory PowerShell 2.0" documents and found how to give administrative roles to a service principle but i want to limit the role to read only.Select Packag
推荐答案
内置 角色 文章.
Correct me if I’m wrong, if you are trying to set permissions read only to manage user and service principles. Then the Azure Role-Based Access Control (RBAC) is a model for defining and managing roles for user and service principals. Roles have sets of permissions associated with them, which determine the resources a principal can read, access, write, or manage. For this, you may refer the built-in roles article.
如果内置角色不能满足您的特定需求需求,您可以创建自己的 自定义角色.就像内置角色一样,您可以在订阅,资源组和资源范围内为用户,组和服务主体分配自定义角色.自定义角色存储在Azure Active Directory(Azure AD)租户中,可以跨多个共享 订阅.
If the built-in role don't meet the specific needs of your requirement, you can create your own custom roles. Just like built-in roles, you can assign custom roles to users, groups, and service principals at subscription, resource group, and resource scopes. Custom roles are stored in an Azure Active Directory (Azure AD) tenant and can be shared across subscriptions.
我建议您参考以下文档,以获取有关以下内容的信息: 使用Azure PowerShell管理基于角色的访问控制.看看是否有帮助.
I would recommend you to refer the following document for information on Manage Role Based Access Control with Azure PowerShell. See if this helps.
--------------- -------------------------------------------------- ------------------------------
如果此答案有帮助,请单击标记为答案"或投票.要提供有关您的论坛经历的其他反馈,请单击
If this answer was helpful, click "Mark as Answer" or Up-Vote. To provide additional feedback on your forum experience, click here.
这篇关于如何使用Powershell脚本为AAD中的所有数据(包括用户,组,分配的角色,所有资源)提供应用程序读取权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
