[英]Azure RBAC Permissions Tree?
Is there a way to query Azure (via REST or CLI) to see which permissions are required/granted for certain actions? 有没有一种方法(通过REST或CLI)查询Azure以查看某些操作需要/授予哪些权限?
For example, if I wanted to assign an SPN with Microsoft.Compute/virtualMachines/write
permissions so it could create a VM, I would want to review what other permissions are granted/required before assigning it to said SPN. 例如,如果我想分配一个具有
Microsoft.Compute/virtualMachines/write
权限的SPN,以便它可以创建VM,则我想在将其分配给上述SPN之前查看授予/要求的其他权限。
As far as I know there is no way to list dependencies in the way you describe. 据我所知,没有办法以您描述的方式列出依赖性。 The Powershell cmdlet Get-AzureRmProviderOperation gives some good information on what permissions needed.
Powershell cmdlet Get-AzureRmProviderOperation提供有关所需权限的一些良好信息。 https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermprovideroperation?view=azurermps-5.0.0
https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/get-azurermprovideroperation?view=azurermps-5.0.0
The Actions property of a custom role specifies the Azure operations to which the role grants access. 自定义角色的Actions属性指定该角色授予访问权限的Azure操作。 It is a collection of operation strings that identify securable operations of Azure resource providers.
它是用于标识Azure资源提供程序的安全操作的操作字符串的集合。 Operation strings follow the format of
操作字符串遵循以下格式
Microsoft.<ProviderName>/<ChildResourceType>/<action>
Use Get-AzureRmProviderOperation
(in PowerShell) or azure provider operations show
(in Azure CLI) to list operations of Azure resource providers. 使用
Get-AzureRmProviderOperation
(在PowerShell中)或azure provider operations show
(在Azure CLI中)列出Azure资源提供程序的操作。
For more details, refer " Create custom roles for Azure Role-Based Access Control ". 有关更多详细信息,请参阅“ 为基于Azure角色的访问控制创建自定义角色 ”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.