无法通过Azure运行书籍为用户分配的身份分配角色
通过使用以下命令,尝试使用PowerShell Runbook(5.1运行时版本)为托管身份分配角色。
$roleAssignment = New-AzRoleAssignment -ObjectId 'xxxx-xxxx-xxxx-xxxx' -Scope '/subscriptions/xxxx-xxxx-xxxx/resourceGroups/xxxxxxxxx' -RoleDefinitionName 'Contributor'
当我们执行Runbook时,我们会遇到以下错误。
Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.
但是,当从本地PowerShell ISE执行相同的命令时,我们可以通过任何失败分配角色。
如何制作runbook将角色分配给用户分配的身份。
任何人都可以帮助我解决这个问题吗?
By using the below command, trying to assign a role to the managed identity using PowerShell runbook(5.1 Runtime version).
$roleAssignment = New-AzRoleAssignment -ObjectId 'xxxx-xxxx-xxxx-xxxx' -Scope '/subscriptions/xxxx-xxxx-xxxx/resourceGroups/xxxxxxxxx' -RoleDefinitionName 'Contributor'
When we execute the runbook we ran into the below error.
Exception of type 'Microsoft.Rest.Azure.CloudException' was thrown.
But, When executed the same command from local PowerShell ISE we are able to assign the role with out any fail.
How to make runbook to assign the role to the user assigned identity.
Can any one help me solve this.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
无法通过Azure运行书籍为用户分配的身份分配角色(1).html
无法通过Azure运行书籍为用户分配的身份分配角色
要解决上述错误,我建议您尝试遵循以下对我有用的解决方法: -
转到Azure AD->应用注册 - >选择您的应用 - > API许可 - >添加许可 - > Microsoft Graph(您可以选择要授予权限的任何Azure资源) - >申请许可 - >目录 - > Directory.Read.All
然后授予该特定资源所选权限的管理员同意。
在这里,您可以选择您使用的其他服务,也可以在Microsoft Graph以外的“请求API权限”中使用,您可以使用您正在工作的其他API,因为该过程与以下快照中所示: -
src =“ https://i.sstatic.net/jp167.png”
< img =“ https://i.sstatic.net/d6yji.png” alt =“在此处输入图像说明”>
Unable to assign a role to user assigned identity through Azure Run books (1).html
Unable to assign a role to user assigned identity through Azure Run books
To resolve the above error, I would suggest you try to follow the below workaround that worked for me: -
Go to Azure AD --> App registrations --> Select your app --> API Permissions --> Add permission --> Microsoft Graph (You can select any Azure resource for which you want to grant permissions for) --> Application Permissions --> Directory --> Directory.Read.All
Then grant admin consent for the selected permissions for that particular resource.
Here, you can select other services which you are using, also in ‘Request API Permissions’ other than Microsoft Graph, you can use other APIs that you are working since the process is same as shown in the below snapshot: -