备份和还原Azure SQL托管实例需要哪些Azure RBAC权限？

问题描述

作为基准，我目前的角色是这样的。对于这些任务，是否存在任何过载或不必要的权限？

{
  "Name": "Azure sql Managed Instance Restore and Backup","IsCustom": true,"Description": "Permissions requisite to permit backup and restore actions on an Azure sql Managed Instance","Actions": [
        "Microsoft.sql/locations/*/read","Microsoft.sql/locations/instanceFailoverGroups/*","Microsoft.sql/managedInstances/*","Microsoft.Network/virtualNetworks/subnets/*","Microsoft.Network/virtualNetworks/*","Microsoft.Network/networkSecurityGroups/*","Microsoft.Network/routeTables/*","Microsoft.Resources/deployments/*","Microsoft.Resources/subscriptions/resourceGroups/read","Microsoft.Authorization/*/read","Microsoft.Insights/alertRules/*/read","Microsoft.Insights/metrics/read","Microsoft.Insights/metricDeFinitions/read","Microsoft.ResourceHealth/availabilityStatuses/read","Microsoft.Support/*"
  ],"NotActions": [
  ],"AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}

解决方法

对于特定的操作backup and restore an Azure SQL Managed Instance，Microsoft.Sql/managedInstances/*操作就足够了。

但是根据我的经验，有时可能会混合使用某些操作，例如当您导航至门户中的SQL受管实例时，单击资源组->选择资源组->选择SQL受管实例，实际上您使用了Microsoft.Resources/subscriptions/resourceGroups/read和Microsoft.Sql/managedInstances/*操作。

因此，根据您的情况，我建议您使用以下角色。

{
  "Name": "Azure SQL Managed Instance Restore and Backup","IsCustom": true,"Description": "Permissions requisite to permit backup and restore actions on an Azure SQL Managed Instance","Actions": [
        "Microsoft.Sql/locations/*/read","Microsoft.Sql/locations/instanceFailoverGroups/*","Microsoft.Sql/managedInstances/*","Microsoft.Resources/subscriptions/resourceGroups/read"
  ],"NotActions": [
  ],"AssignableScopes": [
    "/subscriptions/<subscription-id>"
  ]
}

azure azure azure-active-directory azure-rbac