允许读取Azure存储帐户队列的自定义角色权限

3zwjbxry 于 2023-08-07 发布在其他

关注(0)|答案(1)|浏览(70)

用户已在Azure存储帐户上分配了具有以下操作的自定义角色，但用户看到This request is not authorized to perform this operation：

{
    "id": ..,
    "properties": {
        "roleName": "ContributorBPMD(custom)",
        "description": ..
        "assignableScopes": [
            "/providers/Microsoft.Management/managementGroups/XXX"
        ],
        "permissions": [
            {
                "actions": [
                    "*"
                ],
                "notActions": [
                    "notActions": [
                    ...
                    "Microsoft.Sql/servers/virtualNetworkRules/write",
                    "Microsoft.Storage/storageAccounts/delete",
                    "Microsoft.Storage/locations/deleteVirtualNetworkOrSubnets/action",
                    "Microsoft.Storage/storageAccounts/privateEndpointConnections/delete",
                    "Microsoft.Storage/storageAccounts/privateEndpointConnections/write",
                    ...
                ],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

字符串
我没有看到Microsoft.storageAccounts/queueServices/*的任何不允许的操作。缺少什么？

Azure

来源：https://stackoverflow.com/questions/76737262/custom-role-permission-to-allow-read-on-azure-storage-account-queue

1条答案

按热度按时间

nwo49xxi1#

用户得到此错误的原因是因为从队列阅读是一个数据平面操作，并且在自定义角色的dataActions中没有定义权限。
解决此问题的最简单方法是将Storage Queue Data Reader角色分配给用户，或者在自定义角色的dataActions中添加"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"权限。

赞(0）回复(0）举报 2023-08-07

我来回答

允许读取Azure存储帐户队列的自定义角色权限

1条答案

相关问题

热门标签

最新问答