Azure Solution Design 配置管理系列(PART 2)
添加admin为EA管理员
2.4 添加订阅
登录EA门户https://ea.azure.cn
2.5 新建AAD自定义角色用户
下载Azure powershell
https://github.com/Azure/azure-powershell/releases/download/v3.3.0-January2020/Az-Cmdlets-3.3.0.31600-x64.msi
1 登陆订阅
2
3 $password = "Aa123456" | ConvertTo-SecureString -asPlainText -Force
4
5 $cred = New-Object System.Management.Automation.PSCredential('admin@***.partner.onmschina.cn',$password)
6
7 login-AzAccount -Environment AzureChinaCloud -Credential $cred
8
9 修改"Virtual Machine Contributor"角色权限
10
11 https://docs.azure.cn/zh-cn/role-based-access-control/custom-roles-powershell#create-a-custom-role1 $role = Get-AzRoleDefinition "Virtual Machine Contributor"
2
3 $role.Id = $null
4
5 $role.Name = "Virtual Machine Operator"
6
7 $role.Description = "Can monitor and restart virtual machines."
8
9 $role.Actions.Clear()
10
11 $role.NotActions.Clear()
12
13 $role.Actions.Add("Microsoft.Compute/virtualMachines/read")
14
15 $role.Actions.Add("Microsoft.Compute/virtualMachines/start/action")
16
17 $role.Actions.Add("Microsoft.Compute/virtualMachines/restart/action")
18
19 $role.Actions.Add("Microsoft.Compute/virtualMachines/deallocate/action")
20
21 $role.AssignableScopes.Clear()
22
23 $role.AssignableScopes.Add("/subscriptions/b5c29be6-4311-4cdb-8b52-35246fa9c72f")
24
25 New-AzRoleDefinition -Role $role
26
27
28
29 如需更新角色,请根据需要更新
30
31 https://docs.azure.cn/zh-cn/role-based-access-control/resource-provider-operations#microsoftaad1 $role = Get-AzRoleDefinition "Virtual Machine Operator"
2
3 $role.Actions.Add("Microsoft.Compute/virtualMachines/read")
4
5 Set-AzRoleDefinition -Role $roleAzure Solution Design 配置管理系列(PART 4)
