[英]What Azure RBAC permissions are required to backup and restore an Azure SQL Managed Instance?
As a baseline, my role currently looks like this.作为基准,我目前的角色是这样的。 Are there any permissions that are overloaded or unnecessary for these tasks?这些任务是否有任何超载或不必要的权限?
{
"Name": "Azure SQL Managed Instance Restore and Backup",
"IsCustom": true,
"Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
"Actions": [
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<subscription-id>"
]
}
Just to the specific operations backup and restore an Azure SQL Managed Instance
, the Microsoft.Sql/managedInstances/*
action should be enough.只是对于backup and restore an Azure SQL Managed Instance
的具体操作, Microsoft.Sql/managedInstances/*
操作应该就足够了。
But from my experience, the actions may be used mixed sometimes, eg when you navigate to the SQL Managed Instance in the portal, you click the resource groups -> select the resouce group -> select the SQL Managed Instance, actually you used Microsoft.Resources/subscriptions/resourceGroups/read
and Microsoft.Sql/managedInstances/*
actions.但是根据我的经验,有时可能会混合使用这些操作,例如,当您导航到门户中的 SQL 托管实例时,您单击资源组 -> 选择资源组 -> 选择 SQL 托管实例,实际上您使用的是Microsoft.Resources/subscriptions/resourceGroups/read
和Microsoft.Sql/managedInstances/*
操作。
So in your case, I recommend you to use the role like below.因此,在您的情况下,我建议您使用如下所示的角色。
{
"Name": "Azure SQL Managed Instance Restore and Backup",
"IsCustom": true,
"Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
"Actions": [
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<subscription-id>"
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.