官术网_书友最值得收藏!

Creating a custom role

In the following example, we will create a custom role that can only restart VMs in Azure. For this, you need to create a JSON file that will be deployed using PowerShell. We are assigning that role to a user account inside the JSON file, as follows:

  1. You can define the custom role by using the following JSON code. You should set the Id to null because the custom role gets an ID assigned to it at creation. We will add the custom role to two Azure subscriptions, as follows (replace the subscriptions in the AssignableScopes part with your subscription IDs):
 { 
"Name": "Packt Custom Role",
"Id": null,
"IsCustom": true,
"Description": "Allows for read access to Azure Storage, Network and Compute resources and access to support",
"Actions": [
"Microsoft.Compute/*/read",
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/********-****-****-****-***********",
"/subscriptions/********-****-****-****-***********"
]
}
  1. Save the JSON file in a folder named CustomRoles on the C: drive of your computer. Then, run the following PowerShell script to create the role. First, log in to your Azure account, as follows:
Connect-AzAccount
  1. If necessary, select the right subscription:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
  1. Then, create the custom role in Azure by importing the JSON file into PowerShell:
New-AzRoleDefinition -InputFile "C:\CustomRoles\PacktCustomRole.json"

In this demonstration, we created a custom role that can only restart VMs in Azure. Now, we're going to take a look at how you can create policies using Azure Policy.

主站蜘蛛池模板: 襄城县| 剑河县| 会东县| 东兰县| 天台县| 南投市| 永仁县| 凌源市| 洪洞县| 巴马| 当雄县| 象州县| 镇雄县| 唐山市| 叶城县| 七台河市| 汉沽区| 法库县| 老河口市| 富川| 宜城市| 齐河县| 惠安县| 宜兴市| 稷山县| 长垣县| 仁寿县| 南京市| 织金县| 杭锦后旗| 成都市| 江安县| 九龙县| 涟水县| 普宁市| 城口县| 台东县| 鸡东县| 思茅市| 东山县| 东阳市|