Azure RBAC权限树?
[英]Azure RBAC Permissions Tree?
问题描述
Is there a way to query Azure (via REST or CLI) to see which permissions are required/granted for certain actions? 
有没有一种方法(通过REST或CLI)查询Azure以查看某些操作需要/授予哪些权限?
For example, if I wanted to assign an SPN with Microsoft.Compute/virtualMachines/write permissions so it could create a VM, I would want to review what other permissions are granted/required before assigning it to said SPN. 例如,如果我想分配一个具有Microsoft.Compute/virtualMachines/write权限的SPN,以便它可以创建VM,则我想在将其分配给上述SPN之前查看授予/要求的其他权限。
2 个解决方案
解决方案1
1 2017-12-01 12:16:14
As far as I know there is no way to list dependencies in the way you describe. 据我所知,没有办法以您描述的方式列出依赖性。 The Powershell cmdlet Get-AzureRmProviderOperation gives some good information on what permissions needed. Powershell cmdlet Get-AzureRmProviderOperation提供有关所需权限的一些良好信息。 https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermprovideroperation?view=azurermps-5.0.0 https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermprovideroperation?view=azurermps-5.0.0
解决方案2
1 已采纳 2017-12-01 13:44:41
The Actions property of a custom role specifies the Azure operations to which the role grants access. 自定义角色的Actions属性指定该角色授予访问权限的Azure操作。 It is a collection of operation strings that identify securable operations of Azure resource providers. 它是用于标识Azure资源提供程序的安全操作的操作字符串的集合。 Operation strings follow the format of 操作字符串遵循以下格式
Microsoft.<ProviderName>/<ChildResourceType>/<action>
Use Get-AzureRmProviderOperation (in PowerShell) or azure provider operations show (in Azure CLI) to list operations of Azure resource providers. 使用Get-AzureRmProviderOperation (在PowerShell中)或azure provider operations show (在Azure CLI中)列出Azure资源提供程序的操作。
For more details, refer " Create custom roles for Azure Role-Based Access Control ". 有关更多详细信息,请参阅“ 为基于Azure角色的访问控制创建自定义角色 ”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.