是否可以设置 Azure RBAC 自定义规则,以便角色只能重新提交早期的逻辑应用运行,但不能通过 Designer 修改工作流,否则?
问问题
461 次
1 回答
0
我不太擅长逻辑应用程序,但您可以通过以下方式获取可能的 rbac 规则列表:
Get-AzProviderOperation -OperationSearchString 'microsoft.logic/*' | Select-Object -ExpandProperty operation | Sort-Object
我想,如果您只授予该权限,则Microsoft.Logic/workflows/runs/*不允许该人修改它们,因为(很可能)需要Microsoft.Logic/workflows/write. 您还需要授予读取权限。
Microsoft.Logic/workflows/run/action
Microsoft.Logic/workflows/runs/actions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/read
Microsoft.Logic/workflows/runs/actions/repetitions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/repetitions/read
Microsoft.Logic/workflows/runs/actions/repetitions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/scoperepetitions/read
Microsoft.Logic/workflows/runs/cancel/action
Microsoft.Logic/workflows/runs/delete
Microsoft.Logic/workflows/runs/operations/read
Microsoft.Logic/workflows/runs/read
于 2019-02-26T20:24:08.983 回答