如何使用azure rm资源提供者创建自定义角色
问题描述 投票:0回答:1
要求:创建一个名为VM CUSTOM CONTRIBUTOR的自定义角色模板,该模板除了具有注册Azure RM资源提供程序的能力(提示:“ * / register / action”)之外,还包含虚拟机贡献者的所有操作。将此角色分配给用户。
任何人都可以提出想法吗? (同时使用Powershell和Azure门户)
1个回答
投票
customrole.json文件保存在本地,将<subscription-id>修改为您的文件。{
"Name": "VM CUSTOM CONTRIBUTOR",
"Id": "9a9a5eb5-5532-49db-a8f7-fd892d1183bb",
"IsCustom": true,
"Description": "Can do VM custom operations.",
"Actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*",
"*/Register/Action"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/<subscription-id>"
]
}
2。在您的订阅中创建自定义角色。
New-AzRoleDefinition -InputFile C:\Users\joyw\Desktop\customrole.json
3。将此角色分配给组范围内的用户,其他用法请参见New-AzRoleAssignment。
New-AzRoleAssignment
New-AzRoleAssignment -ResourceGroupName joyRG -SignInName [email protected] -RoleDefinitionName "VM CUSTOM CONTRIBUTOR"
最新问题
- 减少最大值的 Numpy 索引 - numpy.argmax.reduceat
- 使用多个网络时,在单独的 docker-compose 文件中提供服务的 Traefik 停止工作
- 如何在ubuntu启动时使用终端窗口启动python程序
- 使用 MutationObserver 监听变化?
- 安装 pycryptodome 后缺少加密模块
- Spring JPA:如何获取多对多关系,将连接表作为单独的实体,而不需要无限递归
- ggcoef_model 未显示所有交互比较
- Vue 组件上的 MutationObserver
- Firestore 代码中的随机文档偶尔会破坏 Firebase 函数
- 有没有办法让 Flutter 应用程序与 SQL Server 进行通信?
- 使用onclick时什么也没有出现
- 一个表可以引用另一个在 ERD 中具有相同关系的表吗?
- 如何在 Vue 3 中观察 div 内的变化
- Opensearch 异常检测器自定义表达式
- 将 pm2 与 Django 一起使用
- 如何为包装组件构建 React 元素树?
- 如何使用MutationObserver?
- 使用Python进行心电图QRS检测
- 深色模式IOS覆盖UserInterfaceStyle未应用
- 新手尝试使用 Android Studio 创建应用程序