Azure保留的VM实例(reservationOrders)是否可以正常工作? [英] Does the Azure Reserved VM Instances (reservationOrders) work at all?
问题描述
我有一个正在使用Azure REST API的应用程序,并且想对其进行扩展以收集有关Azure RI(预留实例)的信息.无论我是否使用文档页面上的尝试"链接( https://docs.microsoft.com/zh-cn/rest/api/reserved-vm-instances/reservationorder/list ),或者通过我的应用程序中的API调用,同样的错误.有问题的用户是该帐户的全局管理员.
I have a working app using the Azure REST API, and would like to extend it to gather information on Azure RI's (Reserved Instances). Regardless of whether I use the "Try It" link on the doc page (https://docs.microsoft.com/en-us/rest/api/reserved-vm-instances/reservationorder/list), or via API call from my app, I get the same error. The user in question is the global admin for the account.
{
"error": {
"code": "AuthorizationFailed",
"message": "The client 'admin-user@domain.com' with object id 'e127xxxx-f0b7-4b52-802f-yyyyb171zzzz' does not have authorization to perform action 'Microsoft.Capacity/reservationOrders/read' over scope '/providers/Microsoft.Capacity'."
}
}
想法?如果这是RBAC的问题,那么提供一个"Try It"链接,其中没有有关使该链接正常工作的先决条件的信息,似乎是没有意义的.
Ideas? If this is an RBAC issue, it seems kind of pointless to provide a "Try It" link with no information about pre-reqs for getting this to work.
谢谢.
推荐答案
好,全局管理员角色仅适用于Azure AD,您需要owner \ contributor角色才能执行该调用(您特别需要 Microsoft.Capacity/reservationOrders/read 权限).
Well, global admin role only works for Azure AD, you need owner\contributor role to perform that call (you specifically need Microsoft.Capacity/reservationOrders/read permission).
您还可以创建一个自定义角色以应用最低特权原则
You can also create a custom role to apply least privilege principle
https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
https://docs.microsoft.com/zh-cn/azure/role-based-access-control/custom-roles
这篇关于Azure保留的VM实例(reservationOrders)是否可以正常工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
