Azure RBAC应用程序洞察组件贡献者与监视贡献者
我试图理解Azure RBAC中这两个角色之间的重叠。除了“Microsoft.Resources/deployments/*”之外,monitor contributor似乎还完全涵盖了application insights组件contributor。考虑到以下情况,我是否正在将web可用性测试部署到AppInsights资源中,并且部署标识是已授予monitor contributor权限的服务主体。我应该同时授予这个身份“application insights component contributor”来创建这些资源,还是“monitor contributor”已经足够好了 1编辑 我还将部署警报规则以及测试,这些规则将作为rm模板实现,如果SP被授予仅监视参与者的权限,则它将失败Azure RBAC应用程序洞察组件贡献者与监视贡献者,azure,service-principal,azure-rbac,Azure,Service Principal,Azure Rbac,我试图理解Azure RBAC中这两个角色之间的重叠。除了“Microsoft.Resources/deployments/*”之外,monitor contributor似乎还完全涵盖了application insights组件contributor。考虑到以下情况,我是否正在将web可用性测试部署到AppInsights资源中,并且部署标识是已授予monitor contributor权限的服务主体。我应该同时授予这个身份“application insights component co
Error: requesting Validation for Template Deployment "app508-dfpg-dev3-diag-eastus2-backoffice-ai-test-dep" (Resource Group "app508-dfpg-ne-diag-eastus2"): resources.DeploymentsClient#Validate: Failure sending request: StatusCode=403 -- Original Error: Code="AuthorizationFailed" Message="The client '2c20abbf-e825-495c-9d06-90c5f04f9c60' with object id '2c20abbf-0000-0000-0000-90c5f04f9c60' does not have authorization to perform action 'Microsoft.Resources/deployments/validate/action' over scope '/subscriptions/s/resourcegroups/app508-dfpg-ne-diag-eastus2/providers/Microsoft.Resources/deployments/app508-dfpg-dev3-diag-eastus2-backoffice-ai-test-dep' or the scope is invalid. If access was recently granted, please refresh your credentials."
不需要赋予角色,角色就足够了。部署web可用性测试时,您只需要
Microsoft.Insights/webtests/*Microsoft.Resources/deployments/validate/actionMicrosoft.Resources/deployments/*Application Insights Component ContributorMonitoring ContributorApplication Insights Component Contributor