第三方用户访问Azure环境

huangapple go评论80阅读模式
英文:

Third party user access to Azure environment

问题

可以将第三方团队添加为 Azure 订阅/资源组的来宾用户,并授予他们"Contribute"权限,这是提供给第三方用户访问权限的一种可能方式。在安全性方面还有其他方式吗?

英文:

I have an requirement where I need to give access to Azure subscription and resources to third party company. basically we are outsourcing the work to them. I am looking for the best possible way to do it.

is it possible to add the third party team as the guest uses to the Azure subscription/resource group and give them contribute permission? Or there is any other way in terms of security to provide the access to third party users.

答案1

得分: 0

以下是翻译好的部分:

"是否可以将第三方团队作为访客添加到Azure订阅/资源组,并授予他们贡献权限?

您可以按照以下步骤为第三方公司提供对Azure订阅或资源的访问权限,将第三方团队添加为Azure Active Directory中的访客用户,并授予他们适当的权限。

  1. 邀请外部用户到Azure AD

  2. 根据条件自动将所有外部用户移动到一个动态组中。

例如:user.userType -包含 "Guest" 或 Company name = "您的公司名称"

第三方用户访问Azure环境

  1. 将角色分配给该组在Azure订阅或资源组上。

第三方用户访问Azure环境

注意:在Azure订阅或资源组上分配角色给该组。

  1. 根据条件,外部用户成功移动到该组。

第三方用户访问Azure环境

  1. Contributor角色已分配到订阅范围。

第三方用户访问Azure环境

  1. 一旦您向外部用户提供了访问权限,所有外部用户都可以访问Azure资源。

参考:使用Azure门户为外部访客用户分配Azure角色 获取更多详细信息。"

英文:

> is it possible to add the third party team as the guest uses to the Azure subscription/resource group and give them contribute permission?

You provide the access to a third-party company for Azure subscription or resources, add the third-party team as guest users in Azure Active Directory and grant them appropriate permissions by following steps.

  1. Invite the external user to Azure AD

  2. Create a Dynamic Group for moving all external user to that group automatically based on condition.

> Ex: user.userType -contains "Guest or Company name = "your company name"

第三方用户访问Azure环境

  1. Assign the role to the group on the Azure subscription or resource group.

第三方用户访问Azure环境

> Note: Assign the role to the group on the Azure subscription or resource group.

  1. External users are successfully moved to that group based on the condition.

第三方用户访问Azure环境

  1. The Contributor role has been assigned at the Subscription scope.

第三方用户访问Azure环境

  1. Once you provide access to external users, all external users can access Azure resources.

Refer: Assign Azure roles to external guest users using the Azure portal for more details.

huangapple
  • 本文由 发表于 2023年6月15日 00:58:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/76475928.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定