堆栈内存溢出
  简体   繁体   English

如何使用资源管理API和Azure Java SDK向AD应用程序分配读写权限以管理资源

[英]How to assign read write permissions to an AD application to manage resources using resource management api with Azure java sdk

 原文  2015-11-26 04:51:11       java/ azure/ azure-java-sdk

问题描述

I am trying to connect to Azure Resource Manager API using java sdk. 我正在尝试使用java sdk连接到Azure Resource Manager API I have an AD application which has "Windows Service Management API" permissions enabled. 我有一个启用了“ Windows服务管理API”权限的AD应用程序。 When running the test samples, I am hitting the following error when performing get call on a specific resource group. 运行测试样本时,在特定资源组上执行get调用时遇到以下错误。 

Exception in thread "main" com.microsoft.windowsazure.exception.ServiceException: AuthorizationFailed: The client '1111-5a7b-4384-9fee-3a593a8c6875' with object id '1111115-5a7b-4384-9fee-3a593a8c6875' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/zzzzzzzzzzzz-ae67-ed0926abfe0d/resourcegroups/Group'.
at com.microsoft.windowsazure.exception.ServiceException.createFromJson

How to assign read write permissions to the application in an AD which is used to connect to resource management API ? 如何在用于连接到资源管理API的AD中为应用程序分配读写权限?

2 个解决方案

解决方案1
 3  2015-11-27 14:12:04

As @Gaurav Mantri said, the easiest way for assigning reader role for your ad app is using Azure Preview Portal if runing the sample ServicePrincipalExample at https://github.com/Azure/azure-sdk-for-java/blob/master/azure-mgmt-samples/src/main/java/com/microsoft/azure/samples/authentication/ServicePrincipalExample.java . 正如@Gaurav Mantri所说,如果在https://github.com/Azure/azure-sdk-for-java/blob/master/运行示例ServicePrincipalExample ,则为广告应用分配读者角色的最简单方法是使用Azure预览门户。 azure-mgmt-samples / src / main / java / com / microsoft / azure / samples / authentication / ServicePrincipalExample.java

For complete details to do it, please see below. 有关执行此操作的完整详细信息,请参见下文。

在此处输入图片说明

According to the picture above, the steps as follow: 根据上图,步骤如下:

  1. Click the Resource groups . 单击Resource groups
  2. Input the resource group name in the filter items field, and click the selected resource group. 在过滤器项目字段中输入资源组名称,然后单击选定的资源组。
  3. Click the settings button. 点击settings按钮。
  4. Click the Users button. 单击Users按钮。
  5. Click the Add button. 单击Add按钮。 在此处输入图片说明
  6. Click the Select a role and select the Reader role. 单击“ Select a role然后选择“ Reader角色。 在此处输入图片说明
  7. Click the Add users botton, input the ad app name in the search field and select the ad app to click the select button. 单击Add users按钮,在搜索字段中输入广告应用名称,然后选择广告应用以单击select按钮。
  8. Click the OK button in the Add access tab page. 在“ Add access选项卡页面中,单击OK按钮。

Now, you can run the sample again that return the correct result without errors. 现在,您可以再次运行该示例,该示例将返回正确的结果而不会出现错误。

Beside Azure PowerShell, you can also use the Azure CLI to do it. 除了Azure PowerShell,您还可以使用Azure CLI来执行此操作。

  1. Login the azure cli with your username & password, run azure login 使用您的用户名和密码登录azure cli,运行azure login
  2. Switch the arm mode, run azure config mode arm 切换手臂模式,运行azure config mode arm
  3. Role assignment, run azure role assignment create --objectId <objectId> -o Reader -c /subscriptions/<subscriptionId>/> . 角色分配,运行azure role assignment create --objectId <objectId> -o Reader -c /subscriptions/<subscriptionId>/>

Note: For the object Id, you can run azure ad sp show --search <ad-app-name> to show it. 注意:对于对象ID,您可以运行azure ad sp show --search <ad-app-name>进行显示。

Then, run the sample again without errors. 然后,再次运行该示例,而不会出现错误。

解决方案2
 0  2015-11-26 06:42:17

What you would need to do is assign your application Reader role in your Azure Subscription. 您需要做的是在Azure订阅中分配应用程序Reader角色。 This you could do programmatically using ARM API or you could use Azure PowerShell to do that. 您可以使用ARM API以编程方式进行此操作,也可以使用Azure PowerShell进行此操作。

However the easiest for you would be to assign role using Azure Preview Portal . 但是,最简单的方法是使用Azure Preview Portal分配角色。 You may find this link useful for assigning roles using Preview Portal: https://azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/ . 您可能会发现此链接对于使用预览门户分配角色很有用: https : //azure.microsoft.com/en-in/documentation/articles/role-based-access-control-configure/

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何限制Java应用程序的读写权限 - How to restrict read and write permissions of Java Application 使用Microsoft Azure Java SDK资源管理API还是服务管理API? - Use Microsoft Azure java SDK Resource Management API or Service Management API? 如何使用 Java sdk 在“Azure API 管理”中导出我的已注册 API 列表及其规范? - How to export my list of registered APIs and their specs in "Azure API Management" using the Java sdk? 如何在 Azure AD 中使用 java 和 oauth2.0 阅读我的 outlook 邮件而无需应用程序注册 - How to read my outlook mail using java and oauth2.0 without application regsitration in Azure AD 如何使用Java管理AD ACL - How to manage AD ACLs using Java Java Azure SDK 使用 ADZ 访问 Z3A580F142203677F1F0BC30898 共享文件 - Java Azure SDK to access Azure File Share using AD creds Azure SDK 中的哪个 Java API 用于管理 PostgreSQL 服务器? - Which Java API from the Azure SDK to manage PostgreSQL servers? 适用于Java的Azure管理SDK的样本 - Samples for the azure management sdk for java 使用 msgraph-sdk-java 列出 azure 广告 - List azure ad using msgraph-sdk-java 具有受限文件读/写权限的Java启动应用程序 - Java launch application with restricted file read/write permissions
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM