无法在 Azure 中使用 ServicePrincipal 凭据获取应用程序
[英]Unable to get Application using ServicePrincipal Credentials in Azure
问题描述
I have a Service Principal created which has contributor access.
我创建了一个具有贡献者访问权限的服务主体。 I have a user which also has contributor access.我有一个用户也有贡献者访问权限。
When i login to powershel using ServicePrincipal credentials and run this command i am getting insufficient privileges error.当我使用 ServicePrincipal 凭据登录到 powershel 并运行此命令时,出现权限不足错误。
Get-AzADApplication|Select-Object DisplayName, ObjectId
When i login to powershel using User Credentials and run the same command i am getting the results.当我使用用户凭据登录 powershel 并运行相同的命令时,我得到了结果。
DisplayName ObjectId
----------- --------
App1 XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
App2 XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXX
1 个解决方案
解决方案1
0 2020-10-07 13:24:04
in azure there are two kind of roles:在 azure 中有两种角色:
- Cloud resources roles ( contributor, owner, reader, etc...)云资源角色(贡献者、所有者、读者等...)
- Azure AD roles ( https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/ ) Azure AD 角色 ( https://learn.microsoft.com/en-us/azure/active-directory/users-groups-roles/ )
I guess that to run your command you need the second category and your principal is currently, as you said, only a contributor.我猜想要运行您的命令,您需要第二类,而您的委托人目前正如您所说,只是一个贡献者。
So you should assign an AD role to your principal based on what you need to do and retry.因此,您应该根据需要执行的操作为委托人分配一个 AD 角色,然后重试。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.