我们有多个订阅,包含数十个资源组,每个 RG 包含第 2 代存储帐户。我们需要从每个存储帐户(即 Gen2)中所有子文件夹的所有容器导出 ACL 权限。我编写了 1 个脚本,该脚本仅授予我父文件夹的 ACL 权限,而不授予子文件夹的 ACL 权限。有什么建议也可以导出子文件夹的 ACL 权限吗?
Connect-AzAccount
$storageAccounts = Get-AzStorageAccount
$results = foreach ($storageAccount in $storageAccounts)
{
$containers = Get-AzStorageContainer -Context $storageAccount.Context
foreach ($container in $containers)
{
$filesystem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem
$container.Name
$s = $storageAccount.storageaccountname
$r = $storageAccount.ResourceGroupName
$filesystemname = $container.Name
$aclpermission = $filesystem.ACL.Permissions -join ","
$aclaccesscontroltype=$filesystem.ACL.AccessControlType -join ","
[PSCustomObject]@{
StorageAccountName = $s
ResourceGroupName = $r
ContainerName = $filesystemname
ACLpermission = $aclpermission
ACLaccesscontroltype=$aclaccesscontroltype
}
}
}
$results | Export-Csv -Path "output.csv" -NoTypeInformation
如何编写一个 PowerShell 脚本,从订阅中的所有 GEn2 存储帐户的所有容器中导出 ACL 权限?有什么建议也可以导出子文件夹的 ACL 权限吗?
您可以使用以下 PowerShell 脚本导出
Container
和 subfolders.
的 ACL 权限
脚本:
Connect-AzAccount
$storageAccounts = Get-AzStorageAccount
$results = foreach ($storageAccount in $storageAccounts) {
$containers = Get-AzStorageContainer -Context $storageAccount.Context
foreach ($container in $containers) {
$filesystem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem $container.Name
$subfolders = Get-AzDataLakeGen2ChildItem -Context $storageAccount.Context -FileSystem $container.Name -Path "/"
foreach ($subfolder in $subfolders) {
$subfolderitem = Get-AzDataLakeGen2Item -Context $storageAccount.Context -FileSystem $container.Name -Path $subfolder.Name
$s = $storageAccount.storageaccountname
$r = $storageAccount.ResourceGroupName
$filesystemname = $container.Name
$subfoldername = $subfolder.Name
$aclpermission = $filesystem.ACL.Permissions -join ","
$subfolderaclpermission = $subfolderitem.ACL.Permissions -join ","
$aclaccesscontroltype = $filesystem.ACL.AccessControlType -join ","
$subfolderaccesscontroltype = $subfolderitem.ACL.AccessControlType -join ","
[PSCustomObject]@{
StorageAccountName = $s
ResourceGroupName = $r
ContainerName = $filesystemname
Subfoldername = $subfoldername
ACLpermission = $aclpermission
ACLaccesscontroltype = $aclaccesscontroltype
SubfolderACLpermission = $subfolderaclpermission
SubfolderaccessControlType = $subfolderaccesscontroltype
}
}
}
}
$results | Export-Csv -Path "output.csv" -NoTypeInformation
上述 PowerShell 脚本检索有关
Azure Data Lake Gen2 items
的信息并将结果导出到 CSV 文件。它迭代每个 storage account
、container,
和 subfolder
,并检索每个项目的 ACL 信息。最后,它创建一个包含相关信息的自定义对象并将其导出到 CSV 文件。
输出: