官术网_书友最值得收藏!

Creating a custom role

In the following example, we will create a custom role that can only restart VMs in Azure. For this, you need to create a JSON file that will be deployed using PowerShell. We are assigning that role to a user account inside the JSON file, as follows:

  1. You can define the custom role by using the following JSON code. You should set the Id to null because the custom role gets an ID assigned to it at creation. We will add the custom role to two Azure subscriptions, as follows (replace the subscriptions in the AssignableScopes part with your subscription IDs):
 { 
"Name": "Packt Custom Role",
"Id": null,
"IsCustom": true,
"Description": "Allows for read access to Azure Storage, Network and Compute resources and access to support",
"Actions": [
"Microsoft.Compute/*/read",
"Microsoft.Storage/*/read",
"Microsoft.Network/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"NotActions": [
],
"AssignableScopes": [
"/subscriptions/********-****-****-****-***********",
"/subscriptions/********-****-****-****-***********"
]
}
  1. Save the JSON file in a folder named CustomRoles on the C: drive of your computer. Then, run the following PowerShell script to create the role. First, log in to your Azure account, as follows:
Connect-AzAccount
  1. If necessary, select the right subscription:
Select-AzSubscription -SubscriptionId "********-****-****-****-***********"
  1. Then, create the custom role in Azure by importing the JSON file into PowerShell:
New-AzRoleDefinition -InputFile "C:\CustomRoles\PacktCustomRole.json"

In this demonstration, we created a custom role that can only restart VMs in Azure. Now, we're going to take a look at how you can create policies using Azure Policy.

主站蜘蛛池模板: 奎屯市| 宁津县| 米泉市| 文安县| 东丰县| 汨罗市| 新野县| 汕头市| 汨罗市| 罗源县| 东山县| 云和县| 宝应县| 普陀区| 育儿| 富宁县| 洪江市| 青田县| 米林县| 高淳县| 蒲江县| 安达市| 阿拉尔市| 云阳县| 故城县| 洛阳市| 巴林右旗| 宜州市| 大城县| 黑河市| 衡阳县| 高台县| 泰顺县| 海门市| 萨嘎县| 迭部县| 稷山县| 文成县| 桦南县| 罗源县| 江山市|