[英]What are the required permissions for the Azure Backup Service?
I am met with the following error details when investigating why an Azure encrypted VM backup failed, but the link provided with the error ( https://docs.microsoft.com/en-in/azure/backup/backup-azure-vms-encryption ) doesn't resolve my question: exactly which permissions should I grant?在调查 Azure 加密 VM 备份失败的原因时,我遇到了以下错误详细信息,但提供了错误链接 ( https://docs.microsoft.com/en-in/azure/backup/backup-azure-vms-加密)不能解决我的问题:我应该授予哪些权限? All it says is that "The required permissions are prefilled for Key permissions and Secret permissions."
它只是说“已为密钥权限和秘密权限预填充了所需的权限。” Well, that's not a lot of help!
嗯,这没有多大帮助! I had those permissions already set as default I thought, because I do have lots of backups/snapshots;
我认为这些权限已经设置为默认值,因为我确实有很多备份/快照; obviously backups have been working in the past.
显然,备份过去一直在工作。 If I am missing some permission now, is it a Key permission, or a Secret permission?
如果我现在缺少某些权限,是 Key 权限还是 Secret 权限? It's not clear!
不清楚! I do see I have the following set up right now:
我确实看到我现在有以下设置:
Key permissions:关键权限:
Key Management Operations密钥管理操作
Get (checked)获取(选中)
List (checked)清单(已勾选)
Cryptographic Operations:加密操作:
Decrypt解密
Encrypt加密
Unwrap Key打开钥匙
Wrap Key包裹钥匙
Verify核实
Sign标志
Privileged Key Operations特权密钥操作
Secret permissions:秘密权限:
Secret Management Operations秘密管理操作
Get (checked)获取(选中)
List (checked)清单(已勾选)
Set放
Delete删除
Recover恢复
Backup备份
Restore恢复
Privileged Secret Operations特权秘密行动
Certificate permissions:证书权限:
Certificate Management Operations证书管理操作
Get得到
List列表
Privileged Certificate Operations特权证书操作
Below is the error I see for my backup:以下是我在备份中看到的错误:
Error Code错误代码
UserErrorKeyVaultPermissionsNotConfigured UserErrorKeyVaultPermissionsNotConfigured
Error Message错误信息
Azure Backup Service does not have sufficient permissions to Key Vault for Backup of Encrypted Virtual Machines. Azure 备份服务对用于加密虚拟机备份的 Key Vault 没有足够的权限。
Recommended Action推荐办法
Please grant the required permissions to the Azure Backup Service.请授予 Azure 备份服务所需的权限。 Refer https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption/
请参阅https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption/
Related Links相关链接
https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption https://azure.microsoft.com/en-in/documentation/articles/backup-azure-vms-encryption
It looks you missed the Backup
permission of the Secret permissions
.看起来您错过了
Secret permissions
的Backup
Secret permissions
。
In step 6 of the link ,在链接的第 6 步中,
I suppose you give the permissions manually instead of selecting Azure Backup
of the Configure from template (optional)
, if you select it, the permissions will be chosen automatically, that is the The required permissions are prefilled for Key permissions and Secret permissions
means.我想您手动授予权限,而不是
Configure from template (optional)
中选择Configure from template (optional)
Azure Backup
Configure from template (optional)
,如果选择它,将自动选择权限,即为The required permissions are prefilled for Key permissions and Secret permissions
意味着。
Here are the steps I took to correct this via http://portal.azure.com (I realize step 6 might be overkill as the Restore permission might be unnecessary here--but hey, this worked):以下是我通过http://portal.azure.com纠正此问题所采取的步骤(我意识到第 6 步可能有点矫枉过正,因为这里可能不需要恢复权限——但是,嘿,这行得通):
Search for "Key vaults".搜索“密钥保管库”。
Click on my key vault.单击我的密钥保管库。
Click "Access policies".单击“访问策略”。
Click "Backup Management Service".单击“备份管理服务”。
Click on the Key permissions dropdown and uncheck all checkboxes.单击密钥权限下拉列表并取消选中所有复选框。
Click on the Secret permissions dropdown and choose the Get, List, Backup, and Restore checkboxes.单击“秘密权限”下拉列表并选择“获取”、“列出”、“备份”和“还原”复选框。
Click OK.单击确定。
Click Save back on the "Access policies" screen.在“访问策略”屏幕上单击“保存”。
The last step above is important as missing it will cause your changes NOT to be saved.上面的最后一步很重要,因为缺少它会导致您的更改不被保存。 I wrote these steps up and followed them as influenced by a statement I found at https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-encryption that says, "If your VM is encrypted using BEK only, remove the selection for Key permissions since you only need permissions for secrets."
我写了这些步骤并遵循了它们,因为我在https://docs.microsoft.com/en-us/azure/backup/backup-azure-vms-encryption上找到了一条声明,该声明说:“如果您的 VM 已加密仅使用 BEK,删除密钥权限的选择,因为您只需要机密权限。” It seems I have BEK--at least that's what my Secret Types are.
看来我有 BEK——至少那是我的秘密类型。 And indeed, the above worked.
事实上,上述工作。 The backups began to work again as of July 11th!
备份从 7 月 11 日起再次开始工作!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.