英文:
Impossible to remove Tenant's wide azure policy despite Global administrator role
问题
我尝试移除一个Azure策略,但删除按钮是灰色的,尽管我的用户具有全局管理员权限。我在Microsoft文档中找不到关于所需角色的任何信息。有任何想法吗?
该策略适用于资源的位置,并禁止在位置列表之外创建任何资源。
问候
Vincent
英文:
I am trying to remove an Azure Policy and the delete button is grey out despite my user having Global administrator permission. I can't find any information on Microsoft documentation about the role required. Any idea ?
The policy is on the location available for ressource and forbid the creation of any resource outside a list of location.
Regards
Vincent
答案1
得分: 1
全局管理员权限意味着您有权管理Azure AD的所有方面,但它不会给予您管理资源本身(资源、资源组、订阅和管理组)所需的RBAC权限。
实际上,您需要在管理组范围内拥有RBAC权限才能删除此分配。如果没有其他可用的带有必要权限的帐户/人员,作为全局管理员,您可以选择使用这些步骤提升自己。它会在租户根组级别为您分配用户访问管理员角色,然后您应该能够删除该分配。
**注意:**完成后不要忘记禁用它,因为这是一个特权角色,显然不希望它保持活动状态,这是出于安全的最佳实践。
英文:
The Global Administrator permissions means that you have permissions to manage all aspects of Azure AD, however it does not give you RBAC permissions needed to manage the resources itself (resources, resource groups, subscriptions and management groups).
You actually need to have RBAC permissions at this management group scope for being able to delete this assignment. If you don´t have any other available account/person with the necessary permissions, you as a Global Administrator has the option to elevated yourself using these steps. It will assign the User Access Administrator role for you at the Tenant Root Group level and then you should be able to delete the assignment.
Note: Don´t forget to disabled it after finished, as it is a privileged role and you obviously will not want it to remain active, as a best practice for security.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论