如何通過 ARM 模板在單個 azure 資源上添加多個 RBAC 角色

Question

我正在嘗試為單個資源中的用戶/組創建多個 RBAC 角色。我可以將單個組或用戶添加到資源中，但無法提供多個用戶（一個具有所有者權限，另一個組/用戶具有貢獻者權限）在同一資源上。 我開始知道“名稱”應該不同，但是當我提供不同的名稱時，它會顯示“無法找到資源。

我已將 principalid 和 rolegroup 聲明為 arrays。 我正在嘗試創建 Azure 分析服務。 下面是代碼。 我通過運行以下代碼得到的錯誤是“部署模板驗證失敗： '資源 Microsoft.AnalysisServices/servers/aascmigqa/providers/Microsoft.Authorization/roleAssignments/40ba7757-1e75-5eb7-b6ca-ea5a9ca77ce3'在第 1 行' 和列 '2237' 在模板中定義了多次。有關使用詳細信息，請參閱https://aka.ms/arm-template/#resources 。'。

{
   "$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
   "contentVersion":"1.0.0.0",
   "parameters":{
      "environment":{
         "type":"string",
         "defaultValue":"qa",
         "metadata":{
            "description":"Environment name."

         }
      },
      "subscriptionId":{
         "type":"string",
         "defaultValue":"xxx"   
      },         
      "location":{
         "type":"string",
         "defaultValue":"east us",
         "metadata":{
            "description":"Location of the Analysis Services."
         }
      },
      "skuName":{
         "type":"string",
         "defaultValue":"S0",
         "metadata":{
            "description":"SKU name of the service."
         }
      },
      "tier":{
         "type":"string",
         "defaultValue":"Basic",
         "metadata":{
            "description":"Tier name of the service"
         }
      },
      "capacity":{
         "type":"int",
         "defaultValue":1,
         "metadata":{
            "description":"Capacity of the service"
         }
      },
      "aasAdministrators":{
         "type":"object",
         "defaultValue":{

         }
      },
      "aasTags":{
         "defaultValue":{

         },
         "type":"Object"
      },
      "principalId":{
         "type":"array",
         "metadata":{
            "description":"The principal to assign the role to"
         }
      },
      "count": {
      "type": "int",
      "defaultValue": 2,
      "metadata": {
        "description": "Size of array"
      }
    },
      "builtInRoleType":{
         "type":"array",
         "allowedValues":[
            "Owner",
            "Contributor",
            "Reader"
         ],
         "metadata":{
            "description":"Built-in role to assign"
         }
      }
    },
   "variables":{
      "server_name":"[concat('aascmig', parameters('environment'))]",
      "Owner": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
      "Contributor": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
      "Reader": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]"
   },
   "resources":[
        {
         "type":"Microsoft.AnalysisServices/servers",
         "apiVersion":"2017-08-01",
         "name":"[variables('server_name')]",
         "location":"[parameters('location')]",
         "tags":"[parameters('aasTags')]",
         "sku":{
            "name":"[parameters('skuName')]",
            "tier":"[parameters('tier')]",
            "capacity":"[parameters('capacity')]"
         },
         "properties":{
            "managedMode":1,
            "asAdministrators":"[parameters('aasAdministrators')]",
            "querypoolConnectionMode":"All",
            "serverMonitorMode":1
         }
       },
       {
         "type": "Microsoft.AnalysisServices/servers/providers/roleAssignments",
         "apiVersion": "2018-09-01-preview",
         "name": "[concat(variables('server_name'), '/Microsoft.Authorization/', guid(uniqueString(variables('server_name'))))]",
         "copy": {
            "name": "anyname",
            "count":"[length(parameters('principalId'))]"
         }, 
         "dependsOn": [
            "[variables('server_name')]"
            ],
           "properties": {
             "roleDefinitionId": "[variables(parameters('builtInRoleType'))[copyIndex()]]",
             "principalId": "[parameters('principalId')[copyIndex()]]"
           }
        } 
        }

這是語法錯誤還是不可能的事情。
提前致謝！

Answer 1

您需要為每個作業生成唯一的名稱 \ guid，您可以這樣做：

guid(uniqueString(variables('server_name'), copyIndex()))

這將確保每個資源都有自己的 guid

如何通過 ARM 模板在單個 azure 資源上添加多個 RBAC 角色

問題描述

1 個解決方案

解決方案1
0 2020-06-19 15:39:21

如何通過 ARM 模板在單個 azure 資源上添加多個 RBAC 角色

問題描述

1 個解決方案

解決方案1 0 2020-06-19 15:39:21

解決方案1
0 2020-06-19 15:39:21