我已经使用 RBACK 设置权限,但它不起作用。
"resources": [
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "[variables('roleName')]",
"apiVersion": "[variables('authAPIVersion')]",
"properties": {
"roleDefinitionId": "[concat(subscription().id, '/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"principalId": "[parameters('principalId')]",
"scope": "[subscription().id]"
}
}
]
据我记得,角色分配确实有效。但一般来说,订阅级别的资源应该不起作用。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Authorization/roleAssignments",
"name": "8446a13c-6886-46e2-a17f-9df73adb334e",
"apiVersion": "2017-10-01-preview",
"location": "[resourceGroup().location]",
"properties": {
"roleDefinitionId": "[concat(subscription().Id, '/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"principalId": "user_guid_goes_here",
"scope": "[resourceGroup().Id]"
}
}
]
}