[英]Service principal or Managed Identity
I have a client that can only give me full access to one or two resource groups.我有一个客户端,只能让我完全访问一个或两个资源组。
I need to deliver some prescripted terraform resources that contain the need for a service principal.我需要提供一些规定的 terraform 资源,其中包含对服务主体的需求。
Can you lock an SP to a resource group?您可以将 SP 锁定到资源组吗? The subscription itself is a production subscription so they want to know if you can tie down using role base access just to that group.订阅本身是一个生产订阅,因此他们想知道您是否可以使用仅对该组的角色库访问来绑定。
Or should I be create a MI account?或者我应该创建一个 MI 帐户?
Can you lock an SP to a resource group?您可以将 SP 锁定到资源组吗?
You most certainly can.你当然可以。 Azure Role-based access control is very granular and you can apply access control at any level (management group, subscription, resource group or even at individual resource). Azure 基于角色的访问控制非常精细,您可以在任何级别(管理组、订阅、资源组甚至单个资源)应用访问控制。
Please see this for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps .有关更多详细信息,请参阅此内容: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.