[英]What Azure RBAC permissions are required to backup and restore an Azure SQL Managed Instance?
作為基准,我目前的角色是這樣的。 這些任務是否有任何超載或不必要的權限?
{
"Name": "Azure SQL Managed Instance Restore and Backup",
"IsCustom": true,
"Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
"Actions": [
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<subscription-id>"
]
}
只是對於backup and restore an Azure SQL Managed Instance
的具體操作, Microsoft.Sql/managedInstances/*
操作應該就足夠了。
但是根據我的經驗,有時可能會混合使用這些操作,例如,當您導航到門戶中的 SQL 托管實例時,您單擊資源組 -> 選擇資源組 -> 選擇 SQL 托管實例,實際上您使用的是Microsoft.Resources/subscriptions/resourceGroups/read
和Microsoft.Sql/managedInstances/*
操作。
因此,在您的情況下,我建議您使用如下所示的角色。
{
"Name": "Azure SQL Managed Instance Restore and Backup",
"IsCustom": true,
"Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
"Actions": [
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/<subscription-id>"
]
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.