官术网_书友最值得收藏!

Creating a custom role

In the following example, we will create a custom role that can only restart VMs in Azure. For this, you need to create a JSON file that will be deployed using PowerShell. We are assigning that role to a user account inside the JSON file, as follows:

  1. You can define the custom role by using the following JSON code. You should set the Id to null because the custom role gets an ID assigned to it at creation. We will add the custom role to two Azure subscriptions, as follows (replace the subscriptions in the AssignableScopes part with your subscription IDs):
 { 
"Name": "Packt Custom Role",
"Id": null,
"IsCustom": true,
"Description": "Allows for read access to Azure Storage, Network and Compute resources and access to support",
"Actions": [
"Microsoft.Compute/*/read",
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/********-****-****-****-***********",
"/subscriptions/********-****-****-****-***********"
]
}
  1. Save the JSON file in a folder named CustomRoles on the C: drive of your computer. Then, run the following PowerShell script to create the role. First, log in to your Azure account, as follows:
Connect-AzAccount
  1. If necessary, select the right subscription:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
  1. Then, create the custom role in Azure by importing the JSON file into PowerShell:
New-AzRoleDefinition -InputFile "C:\CustomRoles\PacktCustomRole.json"

In this demonstration, we created a custom role that can only restart VMs in Azure. Now, we're going to take a look at how you can create policies using Azure Policy.

主站蜘蛛池模板: 武鸣县| 法库县| 平阳县| 新巴尔虎左旗| 广州市| 清流县| 汕尾市| 城步| 荃湾区| 阳西县| 儋州市| 绥芬河市| 奉节县| 赣榆县| 大港区| 仲巴县| 庆云县| 石景山区| 连江县| 鄂托克旗| 鲁山县| 潜山县| 中方县| 高青县| 靖宇县| 涿州市| 兰溪市| 常宁市| 桂东县| 乐陵市| 东台市| 仲巴县| 阜宁县| 泰来县| 陈巴尔虎旗| 长沙县| 阜城县| 开江县| 武义县| 凤台县| 鹤壁市|