官术网_书友最值得收藏!

Creating a custom role

In the following example, we will create a custom role that can only restart VMs in Azure. For this, you need to create a JSON file that will be deployed using PowerShell. We are assigning that role to a user account inside the JSON file, as follows:

  1. You can define the custom role by using the following JSON code. You should set the Id to null because the custom role gets an ID assigned to it at creation. We will add the custom role to two Azure subscriptions, as follows (replace the subscriptions in the AssignableScopes part with your subscription IDs):
 { 
"Name": "Packt Custom Role",
"Id": null,
"IsCustom": true,
"Description": "Allows for read access to Azure Storage, Network and Compute resources and access to support",
"Actions": [
"Microsoft.Compute/*/read",
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/********-****-****-****-***********",
"/subscriptions/********-****-****-****-***********"
]
}
  1. Save the JSON file in a folder named CustomRoles on the C: drive of your computer. Then, run the following PowerShell script to create the role. First, log in to your Azure account, as follows:
Connect-AzAccount
  1. If necessary, select the right subscription:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
  1. Then, create the custom role in Azure by importing the JSON file into PowerShell:
New-AzRoleDefinition -InputFile "C:\CustomRoles\PacktCustomRole.json"

In this demonstration, we created a custom role that can only restart VMs in Azure. Now, we're going to take a look at how you can create policies using Azure Policy.

主站蜘蛛池模板: 新田县| 南昌县| 新乐市| 崇义县| 永泰县| 屏东市| 中方县| 龙南县| 绥棱县| 江华| 梁平县| 建德市| 普定县| 山阴县| 黔西| 尉犁县| 毕节市| 秀山| 龙泉市| 寿宁县| 蒙山县| 新竹县| 三台县| 苍南县| 五大连池市| 昌邑市| 萨迦县| 邵东县| 安多县| 赞皇县| 建瓯市| 土默特右旗| 巢湖市| 云安县| 巴林左旗| 高台县| 武乡县| 福建省| 桦南县| 渭源县| 慈利县|