无法以编程方式获取Azure存储帐户的密钥 [英] Unable to programmatically get the keys for Azure Storage Account

问题描述

我正在尝试获取订阅中所有存储帐户的密钥.但是我在使用Azure Java SDK的一个存储帐户上遇到了此异常.

I am trying to get the keys for all the Storage Accounts in my subscription. But I am getting this exception on one of the Storage Account using Azure Java SDK.

com.microsoft.azure.CloudException:状态代码403，{错误":{代码":"AuthorizationFailed"，消息":客户端'5c79ee27-#########-#对象ID为'5c79ee27-###########-###### 91f8e3'的#### 91f8e3'无权执行操作'Microsoft.Storage/storageAccounts/listKeys/action'超出范围'/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'.}}:客户端'5c79ee27-#########具有对象ID'5c79ee27-############-##### 91#8f3'的##-#### 91f8e3'无权执行操作'Microsoft.Storage/storageAccounts/listKeys/action'作用域'/subscriptions/758ad253-####### f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'.

com.microsoft.azure.CloudException: Status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '5c79ee27-#########-######91f8e3' with object id '5c79ee27-###########-#####91f8e3' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'."}}: The client '5c79ee27-###########-#####91f8e3' with object id '5c79ee27-###########-#####91f8e3' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'.

对于大多数存储帐户，我设法获取密钥.但是对于其中的某些错误，重复同样的错误.这是什么意思?

For most of the Storage Accounts I manage to get the keys. But for some of them the same error gets repeated. What does this mean?

推荐答案

从遇到的错误中，服务器使用HTTP 403 状态码响应了您的请求，指示您的请求被禁止.

From the error you encountered, the server responded to your requests with HTTP 403 status code indicates that your request is Forbidden by the server.

HTTP 403状态代码

HTTP 403 Status Code

服务器接收的有效凭据不足以获得访问权限应使用403(禁止访问)状态码进行响应
([RFC7231]第6.5.3节).

A server that receives valid credentials that are not adequate to gain access ought to respond with the 403 (Forbidden) status code
(Section 6.5.3 of [RFC7231]).

这很可能是由于某些基于角色的访问控制引起的，这些控制措施可防止您的帐户根据您分配的角色对某些存储帐户执行列表存储帐户的关键操作.

This is most probably caused by some Role-Based Access Controls that are in place to prevent your account to perform the list storage account key actions for certain storage accounts based on your assigned role.

您可以使用下面的Azure PowerShell cmdlet来验证在特定作用域下分配给特定对象的角色是否有权列出存储帐户密钥.

You can use the Azure PowerShell cmdlet below to verify whether the role assigned to your specific object under the specific scope has the permission to list the storage account keys.

Get-AzureRmRoleAssignment -Scope "/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag" -ObjectId 5c79ee27-###########-#####91f8e3

更多信息，请参见下面的链接:

More information please refer to the link below:

使用基于角色的访问控制以管理对您的Azure订阅资源的访问

这篇关于无法以编程方式获取Azure存储帐户的密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！