更改订阅的AAD租户后的关键保管库访问策略 [英] Key Vault Access Policies after changing AAD tenant of subscription

问题描述

我正在阅读本文档

https://docs.microsoft.com/zh-CN/azure/key-vault/key-vault-subscription-move-fix

https://docs.microsoft.com/en-us/azure/key-vault/key-vault-subscription-move-fix

它说，一旦将订阅从租户A转移到租户B，则密钥库的租户(如果仍然是A).我们需要执行一些步骤来更改密钥库的租户ID并清理旧的访问权限政策.我的问题是，如果我们不这样做 这些步骤，旧的访问策略仍然有效吗?假设我们有一个来自租户A的服务主体SP-A，可以访问密钥保管库，那么在主机订阅转移后SP-A仍然可以访问密钥保管库吗?

It says once a subscription is transferred from tenant A to tenant B, the tenant of the key vault if still A. And we need to run a few steps to change the tenant Id of the key vault and clean up the old access policies. My question is that if we do not do these steps, does the old access policies still work? Let's say we have a service principal SP-A from tenant A that has access to a key vault, will SP-A still be able to access the key vault after the host subscription transfer?

推荐答案

否，旧的访问策略将不起作用，因为这些策略将与您的租户A绑定，并且您需要创建关联的新访问策略与租户B一起工作.

No, old access policies won't work as those will be tied to your tenant A and you need to create new access policies that are associated with tenant B to make that work.

这篇关于更改订阅的AAD租户后的关键保管库访问策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！