Azure-更新服务主范围
我创建了一个应用程序并添加了一个资源组。如何更新服务主体并添加第二个资源组?还可以使IT订阅广泛访问而不是基于资源组的订阅访问权限吗?
az ad sp create-for-rbac --name "MyApp" --role contributor --scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroup1}
我找不到任何描述如何执行此操作的文章。
I've created a App and added a resource group. How can I update service principal and add a second resource group? Also is it possible to make it subscription wide access instead of just resource group based?
az ad sp create-for-rbac --name "MyApp" --role contributor --scopes /subscriptions/{SubID}/resourceGroups/{ResourceGroup1}
I can't find any article describing how to do this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
要添加附加资源组,您可以做到这一点:
范围是访问使用的一组资源。在Azure中,您可以在四个级别上指定一个范围:管理组,订阅, Resource Group 和 Resource 。范围是在亲子关系中结构的。每个层次结构的每个级别都使范围更具体。您可以在任何这些范围的范围中分配角色。您选择的级别确定角色的应用程度。较低的水平从较高级别继承了角色权限。
角色分配的范围
https://lealen.microsoft.com/en-us/azure/role-case--coces--access-control/role-role-assignments-signments-stepsumps-steps#step-step-3 - 识别需要的scope
To add an additional resource group you can do this:
Scope is the set of resources that the access applies to. In Azure, you can specify a scope at four levels: management group, subscription, resource group, and resource. Scopes are structured in a parent-child relationship. Each level of hierarchy makes the scope more specific. You can assign roles at any of these levels of scope. The level you select determines how widely the role is applied. Lower levels inherit role permissions from higher levels.
Scope for a role assignment
https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps#step-3-identify-the-needed-scope