流作业的托管身份 Azure 角色分配
[英]Managed Identity Azure Role Assignment for Streaming Job
问题描述
I have an event hub EH1 in "Sub1" and Streaming Job ASA1 in "Sub2".
我在“Sub1”中有一个事件中心 EH1,在“Sub2”中有一个 Streaming Job ASA1。 EH1 is the streaming input to ASA1. EH1 是 ASA1 的流输入。 For added security, I am planning to use Managed Identity to access event hub from an Streaming Analytics job.为了增加安全性,我计划使用托管身份从流分析作业访问事件中心。 https://docs.microsoft.com/en-us/azure/stream-analytics/event-hubs-managed-identity https://docs.microsoft.com/en-us/azure/stream-analytics/event-hubs-managed-identity
For doing this, an "Event Hub Data Receiver" role has to be assigned to job in event hub.为此,必须将“事件中心数据接收器”角色分配给事件中心中的作业。 Now since streaming job is in another subscription, I am not able to lookup the job while adding the role.现在由于流式传输作业在另一个订阅中,我无法在添加角色时查找作业。
How can this solution proceed?该解决方案如何进行? how can streaming job in Sub2 be visible in Sub1? Sub2 中的流式传输作业如何在 Sub1 中可见?
Appreciate your responses.感谢您的回复。
1 个解决方案
解决方案1
1 2021-06-03 10:54:09
The resources being in different subscriptions should not matter.不同订阅中的资源应该无关紧要。 I've tested this recently and I can definitely see the Managed Identity from another subscription.我最近对此进行了测试,我绝对可以从另一个订阅中看到托管标识。
What actually matters is the Azure AD tenant linked to the subscriptions.真正重要的是链接到订阅的 Azure AD 租户。 Managed Identities only work within one tenant, so both subscriptions must be linked to the same Azure AD tenant.托管身份仅在一个租户内工作,因此两个订阅必须链接到同一个 Azure AD 租户。
If they are using the same tenant, it could also be that your user does not have rights to list service principals from the Azure AD tenant.如果他们使用相同的租户,也可能是您的用户无权列出 Azure AD 租户中的服务主体。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.