Azure 数据工厂 - 只读自定义角色
[英]Azure Data Factory - read only custom role
问题描述
我们想授予支持人员对 Azure 数据工厂的只读访问权限,以便他们可以解决问题。 按照本指南,我能够创建一个自定义角色,该角色主要起到了作用,但在进一步审查后,我发现授予此角色的用户仍然可以添加/删除/保存管道,这对我们来说是禁忌。 这里有什么建议吗? 下面的模板是我们使用的:
{
"Name": "MGB Data Factory Reader",
"Id": "88888888-8888-8888-8888-888888888888",
"IsCustom": true,
"Description": "Read Only Access to Data Factories ",
"Actions": [
"Microsoft.DataFactory/datafactories/read",
"Microsoft.DataFactory/datafactories/activitywindows/read",
"Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.DataFactory/datafactories/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.DataFactory/datafactories/datasets/read",
"Microsoft.DataFactory/datafactories/datasets/activitywindows/read",
"Microsoft.DataFactory/datafactories/datasets/sliceruns/read",
"Microsoft.DataFactory/datafactories/datasets/slices/read",
"Microsoft.DataFactory/datafactories/tables/read",
"Microsoft.DataFactory/datafactories/gateways/read",
"Microsoft.DataFactory/datafactories/linkedServices/read",
"Microsoft.DataFactory/datafactories/datapipelines/read",
"Microsoft.DataFactory/datafactories/datapipelines/activities/activitywindows/read",
"Microsoft.DataFactory/datafactories/datapipelines/activitywindows/read",
"Microsoft.DataFactory/datafactories/runs/loginfo/read",
"Microsoft.DataFactory/factories/read",
"Microsoft.DataFactory/factories/adfcdcs/read",
"Microsoft.DataFactory/factories/adflinkconnections/read",
"Microsoft.DataFactory/factories/getDataPlaneAccess/read",
"Microsoft.DataFactory/factories/getFeatureValue/read",
"Microsoft.DataFactory/factories/operationResults/read",
"Microsoft.DataFactory/factories/pipelineruns/read",
"Microsoft.DataFactory/factories/pipelineruns/activityruns/read",
"Microsoft.DataFactory/factories/pipelineruns/queryactivityruns/read",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.DataFactory/factories/queryFeaturesValue/read",
"Microsoft.DataFactory/factories/querypipelineruns/read",
"Microsoft.DataFactory/factories/querytriggerruns/read",
"Microsoft.DataFactory/factories/triggerruns/read",
"Microsoft.DataFactory/factories/dataflows/read",
"Microsoft.DataFactory/factories/dataMappers/read",
"Microsoft.DataFactory/factories/datasets/read",
"Microsoft.DataFactory/factories/sandboxpipelineruns/read",
"Microsoft.DataFactory/factories/sandboxpipelineruns/sandboxActivityRuns/read",
"Microsoft.DataFactory/factories/globalParameters/read",
"Microsoft.DataFactory/factories/integrationruntimes/read",
"Microsoft.DataFactory/factories/integrationruntimes/getstatus/read",
"Microsoft.DataFactory/factories/integrationruntimes/monitoringdata/read",
"Microsoft.DataFactory/factories/integrationruntimes/nodes/read",
"Microsoft.DataFactory/factories/integrationruntimes/outboundNetworkDependenciesEndpoints/read",
"Microsoft.DataFactory/factories/linkedServices/read",
"Microsoft.DataFactory/factories/managedVirtualNetworks/read",
"Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints/read",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/read",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationresults/read",
"Microsoft.DataFactory/factories/privateEndpointConnectionProxies/operationstatuses/read",
"Microsoft.DataFactory/factories/privateEndpointConnections/read",
"Microsoft.DataFactory/factories/privateLinkResources/read",
"Microsoft.DataFactory/factories/pipelines/read",
"Microsoft.DataFactory/factories/pipelines/pipelineruns/read",
"Microsoft.DataFactory/factories/pipelines/pipelineruns/activityruns/progress/read",
"Microsoft.DataFactory/factories/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.DataFactory/factories/triggers/read",
"Microsoft.DataFactory/factories/triggers/triggerruns/read",
"Microsoft.DataFactory/locations/getFeatureValue/read",
"Microsoft.DataFactory/checkazuredatafactorynameavailability/read",
"Microsoft.DataFactory/operations/read"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": [
"/subscriptions/{subscriptionId1}",
"/subscriptions/{subscriptionId2}",
"/providers/Microsoft.Management/managementGroups/{groupId1}"
]
}
2 个解决方案
解决方案1
0 2022-09-27 17:24:12
为什么不为用户提供数据工厂资源上的内置读取器角色。为什么要创建自定义角色
解决方案2
0 2022-10-02 17:15:10
在资源和资源组级别测试授予只读权限后,开箱即用的标准读者角色可以正常工作。 乍一看,它似乎让用户可以访问添加/删除管道,但实际上没有任何变化,除非它已发布,function,只读用户无权访问。 感谢您的答复。
如何在 Azure 数据工厂的 Lookup 活动中只读取几行数据
[英]How to read only a few lines of data in Lookup activity in Azure data factory
Azure 数据工厂 - 如何只读取由 Databricks 构建的 Delta 格式 Parquet 中的最新数据集?
[英]Azure Data Factory - How to read only the latest dataset in a Delta format Parquet built from Databricks?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Azure 数据工厂和 Azure Databricks 中的自定义脚本
如何在 Azure 数据工厂的 Lookup 活动中只读取几行数据
无法读取 Azure 数据工厂中的数组值
Azure 数据工厂 - 读取二进制字节内容
如何读取Azure数据工厂中的*.txt文件?
如何读取Azure数据工厂中的.BAK文件?
如何通过 Azure 数据工厂读取 ODS 文件
如何在 Azure 数据工厂中读取 .xlsb 文件
在 Azure 数据工厂中读取 excel 文件
Azure 数据工厂 - 如何只读取由 Databricks 构建的 Delta 格式 Parquet 中的最新数据集?
相关标签