无法从功能应用程序中删除虚拟网络集成
问题描述 投票:0回答:1
我尝试通过在 Azure 中创建 RBAC 规则来使用最低要求的访问权限向我帐户中的某人提供访问权限,该规则使该人员能够管理、创建和删除网络资源。
但是,当他们尝试删除现有函数应用的 VNet 集成时,断开 VNet 集成的选项会显示为灰色。当他们具有贡献者访问权限时,他们可以选择删除它,但不能使用我的自定义角色。我找不到他们缺少什么许可。我可以自己删除它,或者给他们贡献者。但为了让正确的 RBAC 策略发挥作用,我不想做其中任何一个。
我的自定义角色有很多权限,包括:
Microsoft.Network/*
Microsoft.ClassicNetwork/*
Microsoft.Network/virtualNetworks/*
Microsoft.Web/sites/networkConfig/read, write, delete
etc.
我显然遗漏了一些东西,但我不知道缺少什么权限会导致这种情况。
我一直在为该角色添加越来越多的权限。任何带有描述甚至提到专用端点或虚拟网络的内容。没有一个有效。
完整权限列表:
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/delete",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/write",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnections/read",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/read",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/write",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/delete",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/privateEndpointConnectionProxies/validate/action",
"Microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Storage/storageAccounts/privateEndpoints/*",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/*",
"Microsoft.Storage/storageAccounts/privateEndpointConnectionProxies/*",
"Microsoft.ApiManagement/gateways/read",
"Microsoft.ApiManagement/gateways/write",
"Microsoft.ApiManagement/gateways/delete",
"Microsoft.ApiManagement/gateways/configConnections/read",
"Microsoft.ApiManagement/gateways/configConnections/write",
"Microsoft.ApiManagement/gateways/configConnections/delete",
"Microsoft.ApiManagement/service/write",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/getssotoken/action",
"Microsoft.ApiManagement/service/applynetworkconfigurationupdates/action",
"Microsoft.ApiManagement/service/scheduledMaintenance/action",
"Microsoft.ApiManagement/service/users/action",
"Microsoft.ApiManagement/service/validatePolicies/action",
"Microsoft.ApiManagement/operations/read",
"Microsoft.ApiManagement/locations/operationsStatuses/read",
"Microsoft.ApiManagement/checkNameAvailability/read",
"Microsoft.ApiManagement/reports/read",
"Microsoft.ApiManagement/service/privateEndpointConnectionProxies/read",
"Microsoft.ApiManagement/service/privateEndpointConnectionProxies/write",
"Microsoft.ApiManagement/service/privateEndpointConnectionProxies/delete",
"Microsoft.ApiManagement/service/privateEndpointConnectionProxies/validate/action",
"Microsoft.ApiManagement/service/privateEndpointConnectionProxies/operationresults/read",
"Microsoft.ApiManagement/service/privateEndpointConnections/read",
"Microsoft.ApiManagement/service/privateEndpointConnections/write",
"Microsoft.ApiManagement/service/privateEndpointConnections/delete",
"Microsoft.ApiManagement/service/privateLinkResources/read",
"Microsoft.ApiManagement/service/tenants/apis/products/read",
"Microsoft.ApiManagement/service/tenants/apis/diagnostics/read",
"Microsoft.ApiManagement/service/tenants/apis/operations/read",
"Microsoft.ApiManagement/service/tenants/apis/operations/write",
"Microsoft.ApiManagement/service/tenants/apis/operations/policies/read",
"Microsoft.ApiManagement/service/tenants/apis/operations/policies/write",
"Microsoft.ApiManagement/service/tenants/apis/operations/tags/read",
"Microsoft.ApiManagement/service/tenants/apis/operations/tags/write",
"Microsoft.ApiManagement/service/tenants/apis/operations/tags/delete",
"Microsoft.ApiManagement/service/tenants/apis/policies/read",
"Microsoft.ApiManagement/service/tenants/apis/policies/write",
"Microsoft.ApiManagement/service/tenants/apis/tags/read",
"Microsoft.ApiManagement/service/tenants/apis/tags/write",
"Microsoft.ApiManagement/service/tenants/apis/tags/delete",
"Microsoft.ApiManagement/service/apis/read",
"Microsoft.ApiManagement/service/apis/write",
"Microsoft.Web/sites/Read",
"microsoft.web/sites/networkConfig/read",
"microsoft.web/sites/networkConfig/write",
"microsoft.web/sites/networkConfig/delete",
"microsoft.web/sites/analyzecustomhostname/read",
"microsoft.web/sites/providers/Microsoft.Insights/diagnosticSettings/read",
"microsoft.web/sites/hostruntime/functions/keys/read",
"microsoft.web/sites/hostruntime/host/read",
"Microsoft.Web/sites/hostruntime/host/_master/read",
"microsoft.web/sites/hostruntime/webhooks/api/workflows/runs/read",
"Microsoft.Web/sites/config/Read",
"Microsoft.Web/sites/config/list/Action",
"Microsoft.Web/sites/config/Write",
"microsoft.web/sites/config/delete",
"microsoft.web/sites/config/web/appsettings/read",
"microsoft.web/sites/config/web/appsettings/write",
"microsoft.web/sites/config/web/appsettings/delete",
"microsoft.web/sites/config/web/connectionstrings/read",
"microsoft.web/sites/config/web/connectionstrings/write",
"microsoft.web/sites/config/web/connectionstrings/delete",
"microsoft.web/sites/config/appsettings/read",
"Microsoft.Web/sites/privateEndpointConnections/Write",
"Microsoft.Web/sites/privateEndpointConnections/Read",
"Microsoft.Web/sites/privateEndpointConnections/Delete",
"Microsoft.Web/sites/privateLinkResources/Read",
"Microsoft.Web/sites/sourcecontrols/Read",
"Microsoft.Web/sites/sourcecontrols/Write",
"Microsoft.Web/sites/sourcecontrols/Delete",
"Microsoft.Web/sites/privateEndpointConnectionProxies/Read",
"Microsoft.Web/sites/privateEndpointConnectionProxies/Write",
"Microsoft.Web/sites/privateEndpointConnectionProxies/Delete",
"Microsoft.Web/sites/privateEndpointConnectionProxies/validate/action",
"Microsoft.Web/sites/privateEndpointConnectionProxies/operations/Read",
"microsoft.web/sites/slots/networkConfig/read",
"microsoft.web/sites/slots/networkConfig/write",
"microsoft.web/sites/slots/config/appsettings/read",
"microsoft.web/sites/slots/config/web/appsettings/delete",
"microsoft.web/sites/slots/config/web/connectionstrings/read",
"microsoft.web/sites/slots/config/web/connectionstrings/write",
"microsoft.web/sites/slots/config/web/connectionstrings/delete",
"Microsoft.StorageActions/operations/read",
"Microsoft.Storage/register/action",
"Microsoft.Storage/locations/checknameavailability/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/privateEndpoints/move/action",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/delete",
"Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
"Microsoft.Storage/storageAccounts/privateEndpointConnectionProxies/read",
"Microsoft.Storage/storageAccounts/privateEndpointConnectionProxies/updatePrivateEndpointProperties/action",
"Microsoft.Storage/storageAccounts/privateEndpointConnectionProxies/write",
"Microsoft.Storage/storageAccounts/privateEndpointConnectionProxies/delete",
"Microsoft.Storage/storageAccounts/blobServices/read",
"Microsoft.Storage/locations/deleteVirtualNetworkOrSubnets/action",
"Microsoft.Storage/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action",
"Microsoft.Storage/locations/previewActions/action",
"Microsoft.Storage/locations/usages/read",
"Microsoft.Storage/checknameavailability/read",
"Microsoft.Storage/operations/read",
"Microsoft.Storage/skus/read",
"microsoft.web/sites/functions/action",
"Microsoft.Web/staticSites/functions/Read",
"Microsoft.Web/staticSites/builds/userProvidedFunctionApps/Delete",
"Microsoft.Web/serverfarms/Read",
"Microsoft.Web/serverfarms/Delete",
"Microsoft.Web/serverfarms/Write",
"Microsoft.Web/serverfarms/Join/Action",
"Microsoft.Web/serverfarms/restartSites/Action",
"microsoft.web/serverfarms/virtualnetworkconnections/read",
"microsoft.web/serverfarms/virtualnetworkconnections/gateways/write",
"microsoft.web/serverfarms/virtualnetworkconnections/routes/delete",
"microsoft.web/serverfarms/virtualnetworkconnections/routes/read",
"microsoft.web/serverfarms/sites/read",
"microsoft.web/serverfarms/virtualnetworkconnections/routes/write",
"Microsoft.Web/sites/start/Action",
"Microsoft.Web/sites/restart/Action",
"Microsoft.Web/sites/publish/Action",
"Microsoft.Web/sites/PrivateEndpointConnectionsApproval/action",
"microsoft.web/sites/deployWorkflowArtifacts/action",
"microsoft.web/sites/listworkflowsconnections/action",
"microsoft.web/sites/slots/networkConfig/delete",
"Microsoft.Web/sites/slots/config/Read",
"Microsoft.Web/sites/slots/config/list/Action",
"Microsoft.Web/sites/slots/config/Write",
"microsoft.web/sites/slots/config/delete",
"microsoft.web/sites/slots/config/validateupgradepath/action",
"microsoft.web/locations/deleteVirtualNetworkOrSubnets/action",
"microsoft.web/locations/validateDeleteVirtualNetworkOrSubnets/action",
"microsoft.web/sites/slots/virtualnetworkconnections/delete",
"microsoft.web/sites/slots/virtualnetworkconnections/read",
"microsoft.web/sites/slots/virtualnetworkconnections/write",
"microsoft.web/sites/slots/virtualnetworkconnections/gateways/write",
"microsoft.web/sites/virtualnetworkconnections/delete",
"microsoft.web/sites/virtualnetworkconnections/read",
"microsoft.web/sites/virtualnetworkconnections/write",
"microsoft.web/sites/virtualnetworkconnections/gateways/read",
"microsoft.web/sites/virtualnetworkconnections/gateways/write",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicNetwork/virtualNetworks/write",
"Microsoft.ClassicNetwork/virtualNetworks/delete",
"Microsoft.ClassicNetwork/virtualNetworks/peer/action",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/checkIPAddressAvailability/action",
"Microsoft.ClassicNetwork/virtualNetworks/validateMigration/action",
"Microsoft.ClassicNetwork/virtualNetworks/prepareMigration/action",
"Microsoft.ClassicNetwork/virtualNetworks/commitMigration/action",
"Microsoft.ClassicNetwork/virtualNetworks/abortMigration/action",
"Microsoft.ClassicNetwork/virtualNetworks/capabilities/read",
"Microsoft.ClassicNetwork/virtualNetworks/subnets/associatedNetworkSecurityGroups/read",
"Microsoft.ClassicNetwork/virtualNetworks/subnets/associatedNetworkSecurityGroups/write",
"Microsoft.ClassicNetwork/virtualNetworks/subnets/associatedNetworkSecurityGroups/delete",
"Microsoft.ClassicNetwork/virtualNetworks/subnets/associatedNetworkSecurityGroups/operationStatuses/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/write",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/delete",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/startDiagnostics/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/stopDiagnostics/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/downloadDiagnostics/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/listCircuitServiceKey/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/downloadDeviceConfigurationScript/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/listPackage/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/connections/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/connections/connect/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/connections/disconnect/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/connections/test/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRootCertificates/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRootCertificates/write",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRootCertificates/delete",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRootCertificates/download/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRootCertificates/listPackage/action",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRevokedCertificates/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRevokedCertificates/write",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/clientRevokedCertificates/delete",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/packages/read",
"Microsoft.ClassicNetwork/virtualNetworks/gateways/operationStatuses/read",
"Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings/read",
"Microsoft.ClassicNetwork/virtualNetworks/operationStatuses/read",
"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies/read",
"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies/write",
"Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies/delete",
"Microsoft.HybridNetwork/locations/vendors/networkFunctions/read",
"Microsoft.Authorization/policyAssignments/privateLinkAssociations/read",
"Microsoft.Authorization/policyAssignments/privateLinkAssociations/write",
"Microsoft.Authorization/policyAssignments/privateLinkAssociations/delete",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/read",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/write",
"Microsoft.Authorization/policyAssignments/resourceManagementPrivateLinks/delete",
"Microsoft.Storage/storageAccounts/write",
"Microsoft.Storage/storageAccounts/blobServices/write"
1个回答
0
投票
投票
删除 VNet 集成所需的最低权限是:
Microsoft.Web/sites/networkConfig/*Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/join/action
您的自定义角色可以显着改进,例如,因为您有
Microsoft.Network/*由于您的角色似乎以一种或另一种方式包含这些内容,因此请确保为用户分配了涵盖应用服务计划/功能应用、和当前集成的 VNet 的范围内的角色。
最新问题
- TFLite 模型在 Android 中给出的输出与 Kivy App 中的输出不同
- 在Django中添加模型级别权限的步骤
- 如何使用 lambda 和过滤器简化此代码
- 使用 ansible 检查缩放调速器
- “npx cypress-ntlm open”Cypress 未加载
- 导入 React 连接组件
- 如何将 JSON 导入到谷歌地图样式编辑器中?
- Google 表单“根据答案转到部分”
- 动态删除 org.hibernate.Criteria 中结果集的排序
- 标头中的哪些关键字会进入 cpp 文件?
- 向QTimer传递参数超时信号?
- 在 Ubuntu 上运行 VSCode
- Spring Boot 应用程序中的依赖注入问题
- ZooKeeper zkCli 不使用配置的日志目录
- 创建一个`MemberMacro`来创建一个具有注入一致性的嵌入结构
- tanstack v8 React 表 - 如何使用手动排序在服务器端排序
- 在 Laravel 中按数据透视表 create_at 进行排序
- 如何从 ArchUnit 的分层架构测试中排除基本 Java 功能?
- 使用 dplyr 以多个列作为值来计算相对于基线的变化
- 你可以像String.fromCharCode一样使用String.fromCodePoint吗
© www.soinside.com 2019 - 2024. All rights reserved.