无法以编程方式获取 Azure 存储帐户的密钥
[英]Unable to programmatically get the keys for Azure Storage Account
问题描述
I am trying to get the keys for all the Storage Accounts in my subscription.
我正在尝试获取订阅中所有存储帐户的密钥。 But I am getting this exception on one of the Storage Account using Azure Java SDK.但是我在一个使用 Azure Java SDK 的存储帐户上遇到了这个异常。
com.microsoft.azure.CloudException: Status code 403, {"error":{"code":"AuthorizationFailed","message":"The client '5c79ee27-#########-######91f8e3' with object id '5c79ee27-###########-#####91f8e3' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'."}}: The client '5c79ee27-###########-#####91f8e3' with object id '5c79ee27-###########-#####91f8e3' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag'.
For most of the Storage Accounts I manage to get the keys.对于大多数存储帐户,我设法获得了密钥。 But for some of them the same error gets repeated.但对于其中一些人来说,同样的错误会重复出现。 What does this mean?这是什么意思?
2 个解决方案
解决方案1
3 已采纳 2017-08-01 22:49:13
From the error you encountered, the server responded to your requests with HTTP 403 status code indicates that your request is Forbidden by the server.从您遇到的错误来看,服务器以 HTTP 403状态码响应您的请求表明您的请求被服务器禁止。
HTTP 403 Status Code
A server that receives valid credentials that are not adequate to gain access ought to respond with the 403 (Forbidden) status code
(Section 6.5.3 of [RFC7231]).
This is most probably caused by some Role-Based Access Control s that are in place to prevent your account to perform the list storage account key actions for certain storage accounts based on your assigned role.这很可能是由一些基于角色的访问控制引起的,这些访问控制是为了防止您的帐户根据您分配的角色对某些存储帐户执行列表存储帐户密钥操作。
You can use the Azure PowerShell cmdlet below to verify whether the role assigned to your specific object under the specific scope has the permission to list the storage account keys.你可以使用下面的 Azure PowerShell cmdlet 来验证在特定范围内分配给你的特定对象的角色是否有权列出存储帐户密钥。
Get-AzureRmRoleAssignment -Scope "/subscriptions/758ad253-#######f07/resourceGroups/spcwestus/providers/Microsoft.Storage/storageAccounts/grsstorag" -ObjectId 5c79ee27-###########-#####91f8e3
More information please refer to the link below:更多信息请参考以下链接:
Use Role-Based Access Control to manage access to your Azure subscription resources 使用基于角色的访问控制来管理对 Azure 订阅资源的访问
解决方案2
0 2022-05-18 17:55:39
Maybe as addition above.也许就像上面的补充。 Azure has the Storage Account Key Operator Service Role which is describes at the following: Azure 具有存储帐户密钥操作员服务角色,如下所述:
- Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts存储帐户密钥操作员可以列出和重新生成存储帐户上的密钥
Granting you this role should allow to list the keys.授予您此角色应该允许列出密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.