问题

我试图遵循此指南设置 BYOS 的快照调试器：

它指出我应该在存储帐户的访问控制（IAM）页面上，向名为 Diagnostic Services Trusted Storage Access 的 Azure Active Directory（Azure AD）应用程序授予“Storage Blob Data Contributor”角色。

在搜索名为“Diagnostic Services Trusted Storage Access”的资源时，我发现它是一个服务主体，并且没有“Access Control (IAM)”选项来分配角色。我需要采取什么措施才能看到该选项呢？

英文:

I am trying to follow this guide when trying to setup snapsot debugger for a BYOS:

https://learn.microsoft.com/en-us/azure/azure-monitor/profiler/profiler-bring-your-own-storage?tabs=azure-cli

It states I should "Grant the Storage Blob Data Contributor role to the Azure Active Directory (Azure AD) application named Diagnostic Services Trusted Storage Access via the Access Control (IAM) page in your storage account."

When searched for a resource called "Diagnostic Services Trusted Storage Access", what I found is a service principal and it doesn't have the option of "Access Control (IAM)" to assign the role.

Do I need to do something in order to have that option?

答案1

得分: 0

> 将 Storage Blob Data Contributor 角色授予名为 "Diagnostic Services Trusted Storage Access" 的 Azure Active Directory (Azure AD) 应用程序，通过存储帐户的访问控制 (IAM) 页面进行。

这意味着你需要在存储帐户的访问控制 (IAM) 页面中，为 "Diagnostic Services Trusted Storage Access" 服务主体分配角色。

进入 Azure 门户 -> 存储帐户 -> 你的存储帐户 -> 访问控制 (IAM) -> 添加角色分配

选择 Roles 部分下的 Storage Blob Data Contributor，然后点击下一步，如下图所示：

现在，点击 Select members，搜索 "Diagnostic Services Trusted Storage Access" 服务主体，选择它，如下图所示：

选择服务主体后，点击 Review+assign 授予角色，如下图所示：

你可以通过检查存储帐户的角色分配来进行确认，方法如下图所示：

英文:

> Grant the Storage Blob Data Contributor role to the Azure Active
> Directory (Azure AD) application named Diagnostic Services Trusted
> Storage Access via the Access Control (IAM) page in your storage
> account

This means you need to assign role to "Diagnostic Services Trusted Storage Access" service principal in Access Control (IAM) page of your storage account.

Go to Azure Portal -> Storage Accounts -> Your Storage account -> Access Control (IAM) -> Add role assignment