Azure Lei Zhang的博客

weibo: LeiZhang的微博/QQ: 185165016/QQ群:319036205/邮箱:leizhang1984@outlook.com/TeL:139-161-22926
  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: 联系 :: 订阅 订阅 :: 管理 ::
Azure ARM (23) 自定义Custom Role

  《Windows Azure Platform 系列文章目录

 

  有关Azure Custom Role的入门材料,可以参考:Azure ARM (17) 基于角色的访问控制 (Role Based Access Control, RBAC) - 自定义Role

  

  自定义Azure Custome Role,可以创意任何资源,但是不能创建公网IP地址,不能创建网络资源,不能授权认证:

{
    "id": "/subscriptions/d66e394d-79c1-4174-8cbf-cae4468ffdb2/providers/Microsoft.Authorization/roleDefinitions/4b325faf-f4cf-42b7-9b38-1c960b4b48f1",
    "properties": {
        "roleName": "Custom Contributor",
        "description": "Can create everything but Public IP addresses, Networking objects, and Authorizations",
        "assignableScopes": [
            "/subscriptions/d66e394d-79c1-4174-8cbf-cae4468ffdb2"
        ],
        "permissions": [
            {
                "actions": [
                    "*"
                ],
                "notActions": [
                    "Microsoft.Authorization/classicAdministrators/delete",
                    "Microsoft.Authorization/classicAdministrators/write",
                    "Microsoft.Authorization/elevateAccess/*",
                    "Microsoft.Authorization/permissions/*",
                    "Microsoft.Authorization/policyAssignments/delete",
                    "Microsoft.Authorization/policyAssignments/write",
                    "Microsoft.Authorization/policyDefinitions/delete",
                    "Microsoft.Authorization/policyDefinitions/write",
                    "Microsoft.Authorization/policySetDefinitions/delete",
                    "Microsoft.Authorization/policySetDefinitions/write",
                    "Microsoft.Authorization/providerOperations/*",
                    "Microsoft.Authorization/roleAssignments/delete",
                    "Microsoft.Authorization/roleAssignments/write",
                    "Microsoft.Authorization/roleDefinitions/delete",
                    "Microsoft.Authorization/roleDefinitions/write",
                    "Microsoft.Network/dnszones/*",
                    "Microsoft.Network/expressRouteCircuits/*",
                    "Microsoft.Network/networksecuritygroups/delete",
                    "Microsoft.Network/networksecuritygroups/join/action",
                    "Microsoft.Network/publicIPAddresses/delete",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/write",
                    "Microsoft.Network/register/*",
                    "Microsoft.Network/Routefilters/*",
                    "Microsoft.Network/routetables/delete",
                    "Microsoft.Network/routetables/join/*",
                    "Microsoft.Network/routetables/routes/*",
                    "Microsoft.Network/routetables/write",
                    "Microsoft.Network/virtualnetworks/delete",
                    "Microsoft.Network/virtualnetworks/peer/*",
                    "Microsoft.Network/virtualnetworks/subnets/delete",
                    "Microsoft.Network/virtualnetworks/subnets/write",
                    "Microsoft.Network/virtualnetworks/virtualNetworkPeerings/delete",
                    "Microsoft.Network/virtualnetworks/virtualNetworkPeerings/write",
                    "Microsoft.Network/virtualnetworks/write"
                ],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

 

  

 

posted on 2021-06-24 14:39  Lei Zhang的博客  阅读(109)  评论(0编辑  收藏  举报