使用 Powershell 将角色分配给多个用户和系统标识?
[英]Assign Roles to multiple users and System Identity using Powershell?
问题描述
I have requirement to assign Azure Roles to multiple users on subscription scope and Reader role to Managed Identity-Storage Account.
我需要将 Azure 角色分配给订阅 scope 上的多个用户,并将读者角色分配给托管身份存储帐户。
1.Assign Azure RBAC roles to multiple users 1.将Azure RBAC角色分配给多个用户
2.Assign system assigned managed identity to existing Virtual Machine, Role Reader 2.Assign system assigned managed identity to existing Virtual Machine, 角色读取器
Here is the script.这是脚本。
$vm-(Get-Azum-ResourceGroupName <Resourcegrpupname> -Name <VMName>),identity.principalid
New-AzRoleAssignment -Objectid <Objectid> -RoleDefinitionName "Reader" -Scope "/subscriptions/<Id>/resourceGroups/VResourcregroup Name>/providers/Microsoft.Storage/StoragrAccounts/<storageaccoumt>
New-AzRoleAssignment -ObjectId <ID> -RoleDefinationName <RBACRule> -Scope '/Subscription/<I'D>`
`
Script is working,butneed to assign same roles to multiple users.脚本正在运行,但需要将相同的角色分配给多个用户。
1 个解决方案
解决方案1
0 已采纳 2022-12-08 15:18:35
Assign Azure RBAC roles to multiple users":
To assign roles to multiple users at the same time, simply form a group by adding users who need the "reader" role assignments.要同时将角色分配给多个用户,只需通过添加需要“读者”角色分配的用户来组成一个组。
Created a group under AzureAD -> Groups :在AzureAD -> Groups下创建了一个组:
new-azroleassignment -objectID <ObjectId of group> -Roledefinitionname "Reader" -scope "/subscriptions/<subscriptionID>/resourceGroups/xxxxRG/..." #Give scope of the resource as per the requirements.
Output: Output:
- Assign system assigned managed identity to existing Virtual Machine:
Previously, System assigned identity status is Off :以前,系统分配的身份状态为Off :
If not for any particular roles, You can directly update VM configurations/identities by using below commands :如果不是针对任何特定角色,您可以使用以下命令直接更新 VM 配置/身份:
$vminfo = Get-AzVM -ResourceGroupName xxxxxxRG -Name xxxxVM
Update-AzVM -ResourceGroupName xxxxxxRG -VM $vminfo -IdentityType SystemAssigned
System assigned identity status is "ON" now:系统分配的身份状态现在是“ON” :
- Assign system assigned managed identity to existing Virtual Machine, Role Reader :
Using PowerShell, you may configure identities for the appropriate app roles under App services.使用 PowerShell,您可以在应用服务下为适当的应用角色配置身份。 To work with VMs, use AzCLI command az vm identity to assign the system-assigned identity as shown here:要使用 VM,请使用AzCLI命令az vm identity来分配系统分配的标识,如下所示:
az vm identity assign -g xxxxResourceGroup -n xxxxVirtualMachineName --role Reader --scope /subscriptions/<subscriptionID>/resourceGroups/xxxxRG
Assigned :分配:
Updated:更新:
- Assigning 'reader' role from VM managed identity to access a storage account:从VM 托管标识分配“读者”角色以访问存储帐户:
SID=$(az resource list -n newVM --query [*].identity.principalId --out tsv)
az role assignment create --assignee $SID --role 'Reader' --scope /subscriptions/<subscriptionID>/resourceGroups/xxxxRG/providers/Microsoft.Storage/storageAccounts/<storageaccount>
- Assigning Azure RBAC roles with scope as storage account:使用 scope 作为存储帐户分配 Azure RBAC角色:
new-azroleassignment -objectID <ObjectId of group> -Roledefinitionname "Reader" -scope "/subscriptions/<subscriptionID>/resourceGroups/xxxxRG/providers/Microsoft.Storage/storageAccounts/<storageaccount>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.