简体繁体 English

服务主体或托管标识

[英]Service principal or Managed Identity

原文 2021-05-11 15:45:17 9 1 azure/ azure-active-directory/ terraform

I have a client that can only give me full access to one or two resource groups.我有一个客户端，只能让我完全访问一个或两个资源组。

I need to deliver some prescripted terraform resources that contain the need for a service principal.我需要提供一些规定的 terraform 资源，其中包含对服务主体的需求。

Can you lock an SP to a resource group?您可以将 SP 锁定到资源组吗？ The subscription itself is a production subscription so they want to know if you can tie down using role base access just to that group.订阅本身是一个生产订阅，因此他们想知道您是否可以使用仅对该组的角色库访问来绑定。

Or should I be create a MI account?或者我应该创建一个 MI 帐户？

1 个解决方案

Can you lock an SP to a resource group?您可以将 SP 锁定到资源组吗？

You most certainly can.你当然可以。 Azure Role-based access control is very granular and you can apply access control at any level (management group, subscription, resource group or even at individual resource). Azure 基于角色的访问控制非常精细，您可以在任何级别（管理组、订阅、资源组甚至单个资源）应用访问控制。

Please see this for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps .有关更多详细信息，请参阅此内容： https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps 。

使用 Azure 服务主体/托管身份连接到 SharePoint 和 outlook - Connect to SharePoint and outlook using Azure Service principal/managed identity

如何重置为 Azure 中的系统管理标识创建的服务主体的密码？ - How to reset the password of the Service Principal created for the System Managed Identity in Azure?

Azure 服务主体与托管身份与（企业）应用程序 - Azure service principal vs managed identity vs (enterprise) application

如何使用 Service Principal/Managed Identity 访问 Azure App Configuration？ - How to use Service Principal/Managed Identity to access Azure App Configuration?

在AAD应用程序注册中显示与托管服务标识服务主体相关的应用程序 - Surface the application associated to a Managed Service Identity service principal in AAD app registrations

使用 Azure 托管标识或服务主体访问 O365 Exchange Online - Access O365 Exchange Online with an Azure Managed Identity or Service Principal

Azure 中服务主体和托管标识之间的区别 - Difference between Service Principal and Managed Identities in Azure

托管服务标识 (MSI) 的配置 - Configuration of Managed Service Identity(MSI)

使用 Azure 中的托管身份进行服务到服务身份验证 - Service to Service authentication with Managed Identity in Azure

在 DevOps 实施期间无法获取托管服务主体的访问令牌 - Could not fetch access token for Managed Service Principal During DevOps Implementation

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 Azure 服务主体/托管身份连接到 SharePoint 和 outlook - Connect to SharePoint and outlook using Azure Service principal/managed identity 如何重置为 Azure 中的系统管理标识创建的服务主体的密码？ - How to reset the password of the Service Principal created for the System Managed Identity in Azure? Azure 服务主体与托管身份与（企业）应用程序 - Azure service principal vs managed identity vs (enterprise) application 如何使用 Service Principal/Managed Identity 访问 Azure App Configuration？ - How to use Service Principal/Managed Identity to access Azure App Configuration? 在AAD应用程序注册中显示与托管服务标识服务主体相关的应用程序 - Surface the application associated to a Managed Service Identity service principal in AAD app registrations 使用 Azure 托管标识或服务主体访问 O365 Exchange Online - Access O365 Exchange Online with an Azure Managed Identity or Service Principal Azure 中服务主体和托管标识之间的区别 - Difference between Service Principal and Managed Identities in Azure 托管服务标识 (MSI) 的配置 - Configuration of Managed Service Identity(MSI) 使用 Azure 中的托管身份进行服务到服务身份验证 - Service to Service authentication with Managed Identity in Azure 在 DevOps 实施期间无法获取托管服务主体的访问令牌 - Could not fetch access token for Managed Service Principal During DevOps Implementation

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM