如何为Cosmos DB内置的数据读取角色设置特权身份管理

huangapple go评论70阅读模式
英文:

How to setup Privileged Identity Management for Cosmos DB Built-in Data Reader Role

问题

我想为Cosmos DB内置数据读取者角色设置特权身份管理。但是这个Cosmos DB内置数据读取者角色在角色分配中不存在。

我可以使用PowerShell脚本为用户/组分配此角色。但是这个角色在Cosmos DB资源的IAM中不可见。

英文:

I want to setup Privileged Identity Management for Cosmos DB Built-in Data Reader Role. But this Cosmos DB Built-in Data Reader Role is not present in the role assignment.

I am able to assign this role to user/groups using powershell script. But this Role is not visible in IAM of the cosmos db resource.

答案1

得分: 1

Cosmos DB使用类似Azure RBAC的模型,但它不是Azure RBAC:https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#concepts。

> Azure Cosmos DB数据平面RBAC建立在其他RBAC系统(如Azure RBAC)中常见的概念之上。

因此,这些概念是相同的,但是这些角色定义和分配对Azure RBAC不可见。
因此,在添加Cosmos DB RBAC支持之前,它们在PIM中也是不可见的 :\

英文:

Cosmos DB uses similar models like Azure RBAC but it is not Azure RBAC: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#concepts.

> The Azure Cosmos DB data plane RBAC is built on concepts that are commonly found in other RBAC systems like Azure RBAC

So the concepts are the same, but those role definitions and assignments are not visible to Azure RBAC.
And so they won't be visible in PIM either until they add Cosmos DB RBAC support :\

huangapple
  • 本文由 发表于 2023年2月14日 19:13:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/75447007.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定