我们想对 Azure 数据工厂施加以下限制
我们能够使用以下策略实现#1 功能
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DataFactory/factories"
},
{
"field": "name",
"equals": "adfproject-dev-df1"
},
{
"field": "Microsoft.DataFactory/factories/repoConfiguration.collaborationBranch",
"notEquals": "develop"
}
]
},
"then": {
"effect": "deny"
}
},"参数": {}}
但是,以下规则(在#2 的 allOf 条件/数组中不起作用。任何指针都会有很大帮助。
"field": "Microsoft.Authorization/roleAssignments/principalRole",
"notEquals": "Owner"
谢谢, 普拉文