官术网_书友最值得收藏!

Creating a custom role

In the following example, we will create a custom role that can only restart VMs in Azure. For this, you need to create a JSON file that will be deployed using PowerShell. We are assigning that role to a user account inside the JSON file, as follows:

  1. You can define the custom role by using the following JSON code. You should set the Id to null because the custom role gets an ID assigned to it at creation. We will add the custom role to two Azure subscriptions, as follows (replace the subscriptions in the AssignableScopes part with your subscription IDs):
 { 
"Name": "Packt Custom Role",
"Id": null,
"IsCustom": true,
"Description": "Allows for read access to Azure Storage, Network and Compute resources and access to support",
"Actions": [
"Microsoft.Compute/*/read",
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/********-****-****-****-***********",
"/subscriptions/********-****-****-****-***********"
]
}
  1. Save the JSON file in a folder named CustomRoles on the C: drive of your computer. Then, run the following PowerShell script to create the role. First, log in to your Azure account, as follows:
Connect-AzAccount
  1. If necessary, select the right subscription:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
  1. Then, create the custom role in Azure by importing the JSON file into PowerShell:
New-AzRoleDefinition -InputFile "C:\CustomRoles\PacktCustomRole.json"

In this demonstration, we created a custom role that can only restart VMs in Azure. Now, we're going to take a look at how you can create policies using Azure Policy.

主站蜘蛛池模板: 甘谷县| 综艺| 郴州市| 葫芦岛市| 汶上县| 海林市| 庄河市| 榆林市| 勐海县| 邵东县| 朝阳县| 涞源县| 渭南市| 岳阳市| 甘南县| 陆河县| 阳高县| 来凤县| 孟连| 邵武市| 新野县| 邮箱| 宣威市| 金山区| 若羌县| 南华县| 洮南市| 马鞍山市| 富源县| 黑山县| 讷河市| 卢氏县| 措美县| 镇原县| 琼海市| 商都县| 神木县| 项城市| 辽源市| 门源| 海林市|