使用Python SDK部署ARM模板的权限不足
我有一个简单的Scirpt可以部署ARM模板:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
当我尝试运行它时,我会收到此错误:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
我创建的应用程序注册确实具有USER_IMPRENATION许可,这应该可以解决问题。
我在这里错过了一些权限吗?
感谢您的帮助!
I've got a simple scirpt that should deploy an ARM template:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
When I try to run it, I get this error:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
The app registration I created, does have user_impersonation permission, which should do the trick.
Am I missing some permissions here?
Thanks for the help!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您不需要执行部署的权限,则错误“ 部署ARM模板的权限不足 ”通常会发生。
从上面的代码行中,我假设您在订阅级别部署ARM模板。
请检查您是否有权限在范围的订阅级别上。
要在订阅级别上执行任何操作,您需要
全局管理角色或所有者角色才能订阅。如果仍然存在问题,请检查以下选项是否已启用。如果禁用,请像以下内容一样启用它:
转到Azure Portal - &gt; Azure Active Directory-&GT;属性 - &gt; Azure Resources的访问管理
请参阅下面的 links 有关更多信息:
用户无权在azure中创建部署臂模板 - microsoft q&amp; a q&amp; a q&amp; a q&amp; a
infifficprivilegeprivilegegergesmanavedServicerSoursourceSource github
The error "Insufficient permissions for deploying ARM template" usually occurs if you don't have required permissions to perform the deployment.
From above line of code, I assume you are deploying the ARM template at subscription level.
Please check whether you have permissions at subscription level of scope.
To perform any action at subscription level you need either
Global Admin RoleorOwner Rolefor your subscription.If still the issue persists, please check if the below option is enabled or not. If disabled, enable it like below:
Go to Azure Portal -> Azure Active Directory -> Properties -> Access management for Azure resources
Please refer the below links for more information:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A
InsufficientPrivilegesForManagedServiceResource · Issue #39 · Azure/Azure-Lighthouse-samples · GitHub