堆栈内存溢出
  简体   繁体   English

备份和还原 Azure SQL 托管实例需要哪些 Azure RBAC 权限?

[英]What Azure RBAC permissions are required to backup and restore an Azure SQL Managed Instance?

 原文  2020-09-07 16:30:58       azure/ azure-active-directory/ azure-rbac

问题描述

As a baseline, my role currently looks like this.作为基准,我目前的角色是这样的。 Are there any permissions that are overloaded or unnecessary for these tasks?这些任务是否有任何超载或不必要的权限?

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}

1 个解决方案

解决方案1
 0  2020-09-08 01:45:33

Just to the specific operations backup and restore an Azure SQL Managed Instance , the Microsoft.Sql/managedInstances/* action should be enough.只是对于backup and restore an Azure SQL Managed Instance的具体操作, Microsoft.Sql/managedInstances/*操作应该就足够了。

But from my experience, the actions may be used mixed sometimes, eg when you navigate to the SQL Managed Instance in the portal, you click the resource groups -> select the resouce group -> select the SQL Managed Instance, actually you used Microsoft.Resources/subscriptions/resourceGroups/read and Microsoft.Sql/managedInstances/* actions.但是根据我的经验,有时可能会混合使用这些操作,例如,当您导航到门户中的 SQL 托管实例时,您单击资源组 -> 选择资源组 -> 选择 SQL 托管实例,实际上您使用的是Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Sql/managedInstances/*操作。

So in your case, I recommend you to use the role like below.因此,在您的情况下,我建议您使用如下所示的角色。

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Azure 备份服务所需的权限是什么? - What are the required permissions for the Azure Backup Service? 将 azure sql 数据库还原到托管实例 - Restore azure sql database to managed instance Azure SQL备份和还原 - Azure SQL Backup and Restore 将 Azure SQL 托管实例备份保留期延长至 7 天以上 - Increase Azure SQL Managed Instance backup retention beyond 7 days SQL Azure备份和还原策略 - SQL Azure Backup & Restore strategy Azure Sentinel RBAC 权限 - Azure Sentinel RBAC permissions Azure RBAC权限树? - Azure RBAC Permissions Tree? 如何安排 azure sql 托管实例数据库到 azure blob 的每日备份 - How to schedule daily backup of azure sql managed instance databases to an azure blob Azure SQL 托管实例的挑战 - Challenges with Azure SQL Managed Instance 从Microsoft还原Azure SQL备份? - Azure SQL backup restore from Microsoft?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM