備份和還原 Azure SQL 托管實例需要哪些 Azure RBAC 權限？

Question

作為基准，我目前的角色是這樣的。 這些任務是否有任何超載或不必要的權限？

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}

Answer 1

只是對於backup and restore an Azure SQL Managed Instance的具體操作， Microsoft.Sql/managedInstances/*操作應該就足夠了。

但是根據我的經驗，有時可能會混合使用這些操作，例如，當您導航到門戶中的 SQL 托管實例時，您單擊資源組 -> 選擇資源組 -> 選擇 SQL 托管實例，實際上您使用的是Microsoft.Resources/subscriptions/resourceGroups/read和Microsoft.Sql/managedInstances/*操作。

因此，在您的情況下，我建議您使用如下所示的角色。

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}