0

作为基线,我的角色目前看起来像这样。这些任务是否有任何权限超载或不必要?

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}
4

1 回答 1

0

光是具体的操作backup and restore an Azure SQL Managed InstanceMicrosoft.Sql/managedInstances/*动作就足够了。

但是根据我的经验,有时可能会混合使用操作,例如,当您导航到门户中的 SQL 托管实例时,单击资源组 -> 选择资源组 -> 选择 SQL 托管实例,实际上您使用Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Sql/managedInstances/*操作.

因此,在您的情况下,我建议您使用如下角色。

{
  "Name": "Azure SQL Managed Instance Restore and Backup",
  "IsCustom": true,
  "Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance",
  "Actions": [
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
  ],
  "NotActions": [
  ],
  "AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}
于 2020-09-08T01:45:33.720 回答