كيفية استخدام الأذونات في تطبيقات Azure Spring
مقالة 02/02/2024
2 من المساهمين
الملاحظات
في هذه المقالة
إشعار
يعد Azure Spring Apps هو الاسم الجديد لخدمة Azure Spring Cloud. رغم أن الخدمة تحمل اسماً جديداً، سترى الاسم القديم في بعض الأماكن لفترة من الوقت بينما نعمل على تحديث الأصول مثل لقطات الشاشة، ومقاطع الفيديو، والرسوم التخطيطية.
تنطبق هذه المقالة على: ✔️ Basic/Standard ✔️ Enterprise
توضح لك هذه المقالة كيفية إنشاء أدوار مخصصة تفوض الأذونات لموارد Azure Spring Apps. تعمل الأدوار المخصصة على توسيع الأدوار المضمنة في Azure بأذونات الأسهم المتنوعة.
سنقوم بتنفيذ الأدوار المخصصة التالية.
تحديد دور المطور
يتضمن دور المطور أذونات لإعادة تشغيل التطبيقات ومشاهدة تدفقات السجلات الخاصة بهم. لا يمكن لهذا الدور إجراء تغييرات على التطبيقات أو التكوينات.
في مدخل Microsoft Azure، افتح الاشتراك حيث تريد تعيين الدور المخصص.
افتح Access control (IAM) .
حدد إضافة .
حدد Add custom role .
حدد Next :
حدد Add permissions :
في مربع البحث، ابحث عن Microsoft.app . حدد Microsoft Azure Spring Apps :
حدد أذونات دور المطور.
ضمن Microsoft.AppPlatform/Spring ، حدد:
Write : Create or Update Azure Spring Apps service instance
Read : Get Azure Spring Apps service instance
Other : List Azure Spring Apps service instance test keys
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices ، حدد:
Read : Read Microsoft Azure Spring Apps Build Services
Other : Get an Upload URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds ، حدد:
Read : Read Microsoft Azure Spring Apps Builds
Write : Write Microsoft Azure Spring Apps Builds
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds/results ، حدد:
Read : Read Microsoft Azure Spring Apps Build Results
Other : Get an Log File URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders ، حدد:
Read : Read Microsoft Azure Spring Apps Builders
Write : Write Microsoft Azure Spring Apps Builders
Delete : Delete Microsoft Azure Spring Apps Builders
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings ، حدد:
Read : Read Microsoft Azure Spring Apps Builder BuildpackBinding
Write : Write Microsoft Azure Spring Apps Builder BuildpackBinding
Delete : Delete Microsoft Azure Spring Apps Builder BuildpackBinding
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Buildpacks
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedStacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Stacks
ضمن Microsoft.AppPlatform/Spring/apps ، حدد:
Read : Read Microsoft Azure Spring Apps application
Other : Get Microsoft Azure Spring Apps application resource upload URL
ضمن Microsoft.AppPlatform/Spring/apps/bindings ، حدد:
Read : Read Microsoft Azure Spring Apps application binding
ضمن Microsoft.AppPlatform/Spring/apps/deployments ، حدد:
Write : Write Microsoft Azure Spring Apps application deployment
Read : Read Microsoft Azure Spring Apps application deployment
Other : Start Microsoft Azure Spring Apps application deployment
Other : Stop Microsoft Azure Spring Apps application deployment
Other : Restart Microsoft Azure Spring Apps application deployment
Other : Get Microsoft Azure Spring Apps application deployment log file URL
ضمن Microsoft.AppPlatform/Spring/apps/domains ، حدد:
Read : Read Microsoft Azure Spring Apps application custom domain
ضمن Microsoft.AppPlatform/Spring/certificates ، حدد:
Read : Read Microsoft Azure Spring Apps certificate
ضمن Microsoft.AppPlatform/locations/operationResults/Spring ، حدد:
Read : Read operation result
ضمن Microsoft.AppPlatform/locations/operationStatus/operationId ، حدد:
Read : Read operation status
حدد إضافة .
راجع الأذونات.
حدد مراجعة وإنشاء .
في مدخل Microsoft Azure، افتح الاشتراك حيث تريد تعيين الدور المخصص.
افتح Access control (IAM) .
حدد إضافة .
حدد Add custom role .
حدد التالي .
حدد علامة التبويب JSON .
حدد Edit ، ثم احذف النص الافتراضي:
الصق JSON التالي لتحديد دور المطور:
خطة أساسية/قياسية
{
"properties": {
"roleName": "Developer",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/domains/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/certificates/read",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
خطة المؤسسة
{
"properties": {
"roleName": "Developer",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/buildServices/read",
"Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/builds/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/write",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/builders/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/delete",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete",
"Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read",
"Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/domains/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/certificates/read",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
حدد حفظ .
راجع الأذونات.
حدد مراجعة وإنشاء .
حدد دور مهندس DevOps
يحدد هذا الإجراء دوراً له أذونات لتوزيع تطبيقات Azure Spring Apps واختبارها وإعادة تشغيلها.
كرر الخطوات من 1 إلى 4 في إجراء إضافة دور المطور.
حدد الأذونات لدور مهندس DevOps:
ضمن Microsoft.AppPlatform/Spring ، حدد:
Write : Create or Update Azure Spring Apps service instance
Delete : Delete Azure Spring Apps service instance
Read : Get Azure Spring Apps service instance
Other : Enable Azure Spring Apps service instance test endpoint
Other : Disable Azure Spring Apps service instance test endpoint
Other : List Azure Spring Apps service instance test keys
Other : Regenerate Azure Spring Apps service instance test key
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices ، حدد:
Read : Read Microsoft Azure Spring Apps Build Services
Other : Get an Upload URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/agentPools ، حدد:
Read : Read Microsoft Azure Spring Apps Agent Pools
Write : Write Microsoft Azure Spring Apps Agent Pools
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds ، حدد:
Read : Read Microsoft Azure Spring Apps Builds
Write : Write Microsoft Azure Spring Apps Builds
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds/results ، حدد:
Read : Read Microsoft Azure Spring Apps Build Results
Other : Get an Log File URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders ، حدد:
Read : Read Microsoft Azure Spring Apps Builders
Write : Write Microsoft Azure Spring Apps Builders
Delete : Delete Microsoft Azure Spring Apps Builders
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings ، حدد:
Read : Read Microsoft Azure Spring Apps Builder BuildpackBinding
Write : Write Microsoft Azure Spring Apps Builder BuildpackBinding
Delete : Delete Microsoft Azure Spring Apps Builder BuildpackBinding
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Buildpacks
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedStacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Stacks
ضمن Microsoft.AppPlatform/Spring/apps ، حدد:
Write : Write Microsoft Azure Spring Apps application
Delete : Delete Microsoft Azure Spring Apps application
Read : Read Microsoft Azure Spring Apps application
Other : Get Microsoft Azure Spring Apps application resource upload URL
Other : Validate Microsoft Azure Spring Apps application custom domain
ضمن Microsoft.AppPlatform/Spring/apps/bindings ، حدد:
Write : Write Microsoft Azure Spring Apps application binding
Delete : Delete Microsoft Azure Spring Apps application binding
Read : Read Microsoft Azure Spring Apps application binding
ضمن Microsoft.AppPlatform/Spring/apps/deployments ، حدد:
Write : Write Microsoft Azure Spring Apps application deployment
Delete : Delete Azure Spring Apps application deployment
Read : Read Microsoft Azure Spring Apps application deployment
Other : Start Microsoft Azure Spring Apps application deployment
Other : Stop Microsoft Azure Spring Apps application deployment
Other : Restart Microsoft Azure Spring Apps application deployment
Other : Get Microsoft Azure Spring Apps application deployment log file URL
ضمن Microsoft.AppPlatform/Spring/apps/deployments/skus ، حدد:
Read : List application deployment available skus
ضمن Microsoft.AppPlatform/locations ، حدد:
Other : Check name availability
ضمن Microsoft.AppPlatform/locations/operationResults/Spring حدد:
Read : Read operation result
ضمن Microsoft.AppPlatform/locations/operationStatus/operationId ، حدد:
Read : Read operation status
ضمن Microsoft.AppPlatform/skus ، حدد:
Read : List available skus
حدد إضافة .
راجع الأذونات.
حدد مراجعة وإنشاء .
كرر الخطوات من 1 إلى 4 من إجراء إضافة دور المطور.
حدد التالي .
حدد علامة التبويب JSON .
حدد Edit ، ثم احذف النص الافتراضي:
الصق JSON التالي لتحديد دور DevOps Engineer:
خطة أساسية/قياسية
{
"properties": {
"roleName": "DevOps engineer",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/delete",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/enableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/disableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/regenerateTestKey/action",
"Microsoft.AppPlatform/Spring/apps/write",
"Microsoft.AppPlatform/Spring/apps/delete",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/validateDomain/action",
"Microsoft.AppPlatform/Spring/apps/bindings/write",
"Microsoft.AppPlatform/Spring/apps/bindings/delete",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/delete",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/apps/deployments/skus/read",
"Microsoft.AppPlatform/locations/checkNameAvailability/action",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read",
"Microsoft.AppPlatform/skus/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
خطة المؤسسة
{
"properties": {
"roleName": "DevOps engineer",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/delete",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/enableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/disableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/regenerateTestKey/action",
"Microsoft.AppPlatform/Spring/buildServices/read",
"Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/agentPools/read",
"Microsoft.AppPlatform/Spring/buildServices/agentPools/write",
"Microsoft.AppPlatform/Spring/buildServices/builds/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/write",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/builders/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/delete",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete",
"Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read",
"Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read",
"Microsoft.AppPlatform/Spring/apps/write",
"Microsoft.AppPlatform/Spring/apps/delete",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/validateDomain/action",
"Microsoft.AppPlatform/Spring/apps/bindings/write",
"Microsoft.AppPlatform/Spring/apps/bindings/delete",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/delete",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/apps/deployments/skus/read",
"Microsoft.AppPlatform/locations/checkNameAvailability/action",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read",
"Microsoft.AppPlatform/skus/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
راجع الأذونات.
حدد مراجعة وإنشاء .
تحديد العمليات - دور هندسة موثوقية الموقع
يحدد هذا الإجراء دوراً له أذونات لتوزيع تطبيقات Azure Spring Apps واختبارها وإعادة تشغيلها.
كرر الخطوات من 1 إلى 4 من إجراء إضافة دور المطور.
حدد أذونات العمليات - دور هندسة موثوقية الموقع:
ضمن Microsoft.AppPlatform/Spring ، حدد:
Read : Get Azure Spring Apps service instance
Other : List Azure Spring Apps service instance test keys
ضمن Microsoft.AppPlatform/Spring/apps ، حدد:
Read : Read Microsoft Azure Spring Apps application
ضمن Microsoft.AppPlatform/apps/deployments ، حدد:
Read : Read Microsoft Azure Spring Apps application deployment
Other : Start Microsoft Azure Spring Apps application deployment
Other : Stop Microsoft Azure Spring Apps application deployment
Other : Restart Microsoft Azure Spring Apps application deployment
ضمن Microsoft.AppPlatform/locations/operationResults/Spring ، حدد:
Read : Read operation result
ضمن Microsoft.AppPlatform/locations/operationStatus/operationId ، حدد:
Read : Read operation status
حدد إضافة .
راجع الأذونات.
حدد مراجعة وإنشاء .
كرر الخطوات من 1 إلى 4 من إجراء إضافة دور المطور.
حدد التالي .
حدد علامة التبويب JSON .
حدد Edit ، ثم احذف النص الافتراضي:
الصق JSON التالي لتعريف العمليات - دور Ops - Site Reliability Engineering:
خطة المؤسسة/الأساسية/القياسية
{
"properties": {
"roleName": "Ops - Site Reliability Engineering",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
راجع الأذونات.
حدد مراجعة وإنشاء .
حدد دور Azure Pipelines / Jenkins / GitHub Actions
يمكن لهذا الدور إنشاء كل شيء وتكوينه في تطبيقات وتطبيقات Azure Spring مع مثيل خدمة. هذا الدور لإصدار أو توزيع التعليمات البرمجية.
كرر الخطوات من 1 إلى 4 من إجراء إضافة دور المطور.
افتح خيارات Permissions .
حدد أذونات دور Azure Pipelines / Jenkins / GitHub:
ضمن Microsoft.AppPlatform/Spring ، حدد:
Write : Create or Update Azure Spring Apps service instance
Delete : Delete Azure Spring Apps service instance
Read : Get Azure Spring Apps service instance
Other : Enable Azure Spring Apps service instance test endpoint
Other : Disable Azure Spring Apps service instance test endpoint
Other : List Azure Spring Apps service instance test keys
Other : Regenerate Azure Spring Apps service instance test key
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices ، حدد:
Read : Read Microsoft Azure Spring Apps Build Services
Other : Get an Upload URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds ، حدد:
Read : Read Microsoft Azure Spring Apps Builds
Write : Write Microsoft Azure Spring Apps Builds
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builds/results ، حدد:
Read : Read Microsoft Azure Spring Apps Build Results
Other : Get an Log File URL in Azure Spring Apps
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders ، حدد:
Read : Read Microsoft Azure Spring Apps Builders
Write : Write Microsoft Azure Spring Apps Builders
Delete : Delete Microsoft Azure Spring Apps Builders
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings ، حدد:
Read : Read Microsoft Azure Spring Apps Builder BuildpackBinding
Write : Write Microsoft Azure Spring Apps Builder BuildpackBinding
Delete : Delete Microsoft Azure Spring Apps Builder BuildpackBinding
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Buildpacks
(لخطة المؤسسة فقط) ضمن Microsoft.AppPlatform/Spring/buildServices/supportedStacks ، حدد:
Read : Read Microsoft Azure Spring Apps Supported Stacks
ضمن Microsoft.AppPlatform/Spring/apps ، حدد:
Write : Write Microsoft Azure Spring Apps application
Delete : Delete Microsoft Azure Spring Apps application
Read : Read Microsoft Azure Spring Apps application
Other : Get Microsoft Azure Spring Apps application resource upload URL
Other : Validate Microsoft Azure Spring Apps application custom domain
ضمن Microsoft.AppPlatform/Spring/apps/bindings ، حدد:
Write : Write Microsoft Azure Spring Apps application binding
Delete : Delete Microsoft Azure Spring Apps application binding
Read : Read Microsoft Azure Spring Apps application binding
ضمن Microsoft.AppPlatform/Spring/apps/deployments ، حدد:
Write : Write Microsoft Azure Spring Apps application deployment
Delete : Delete Azure Spring Apps application deployment
Read : Read Microsoft Azure Spring Apps application deployment
Other : Start Microsoft Azure Spring Apps application deployment
Other : Stop Microsoft Azure Spring Apps application deployment
Other : Restart Microsoft Azure Spring Apps application deployment
Other : Get Microsoft Azure Spring Apps application deployment log file URL
ضمن Microsoft.AppPlatform/Spring/apps/deployments/skus ، حدد:
Read : List application deployment available skus
ضمن Microsoft.AppPlatform/locations ، حدد:
Other : Check name availability
ضمن Microsoft.AppPlatform/locations/operationResults/Spring ، حدد:
Read : Read operation result
ضمن Microsoft.AppPlatform/locations/operationStatus/operationId ، حدد:
Read : Read operation status
ضمن Microsoft.AppPlatform/skus ، حدد:
Read : List available skus
حدد إضافة .
راجع الأذونات.
حدد مراجعة وإنشاء .
كرر الخطوات من 1 إلى 4 من إجراء إضافة دور المطور.
حدد التالي .
حدد علامة التبويب JSON .
حدد Edit ، ثم احذف النص الافتراضي:
الصق JSON التالي لتعريف دور Azure Pipelines / Jenkins / GitHub Actions:
خطة أساسية/قياسية
{
"properties": {
"roleName": "Azure Pipelines/Provisioning",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/delete",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/enableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/disableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/regenerateTestKey/action",
"Microsoft.AppPlatform/Spring/apps/write",
"Microsoft.AppPlatform/Spring/apps/delete",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/validateDomain/action",
"Microsoft.AppPlatform/Spring/apps/bindings/write",
"Microsoft.AppPlatform/Spring/apps/bindings/delete",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/delete",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/skus/read",
"Microsoft.AppPlatform/locations/checkNameAvailability/action",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
خطة المؤسسة
{
"properties": {
"roleName": "Azure Pipelines/Provisioning",
"description": "",
"assignableScopes": [
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
],
"permissions": [
{
"actions": [
"Microsoft.AppPlatform/Spring/write",
"Microsoft.AppPlatform/Spring/delete",
"Microsoft.AppPlatform/Spring/read",
"Microsoft.AppPlatform/Spring/enableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/disableTestEndpoint/action",
"Microsoft.AppPlatform/Spring/listTestKeys/action",
"Microsoft.AppPlatform/Spring/regenerateTestKey/action",
"Microsoft.AppPlatform/Spring/buildServices/read",
"Microsoft.AppPlatform/Spring/buildServices/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/builds/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/write",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/read",
"Microsoft.AppPlatform/Spring/buildServices/builds/results/getLogFileUrl/action",
"Microsoft.AppPlatform/Spring/buildServices/builders/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/delete",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/read",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/write",
"Microsoft.AppPlatform/Spring/buildServices/builders/buildpackBindings/delete",
"Microsoft.AppPlatform/Spring/buildServices/supportedBuildpacks/read",
"Microsoft.AppPlatform/Spring/buildServices/supportedStacks/read",
"Microsoft.AppPlatform/Spring/apps/write",
"Microsoft.AppPlatform/Spring/apps/delete",
"Microsoft.AppPlatform/Spring/apps/read",
"Microsoft.AppPlatform/Spring/apps/getResourceUploadUrl/action",
"Microsoft.AppPlatform/Spring/apps/validateDomain/action",
"Microsoft.AppPlatform/Spring/apps/bindings/write",
"Microsoft.AppPlatform/Spring/apps/bindings/delete",
"Microsoft.AppPlatform/Spring/apps/bindings/read",
"Microsoft.AppPlatform/Spring/apps/deployments/write",
"Microsoft.AppPlatform/Spring/apps/deployments/delete",
"Microsoft.AppPlatform/Spring/apps/deployments/read",
"Microsoft.AppPlatform/Spring/apps/deployments/start/action",
"Microsoft.AppPlatform/Spring/apps/deployments/stop/action",
"Microsoft.AppPlatform/Spring/apps/deployments/restart/action",
"Microsoft.AppPlatform/Spring/apps/deployments/getLogFileUrl/action",
"Microsoft.AppPlatform/skus/read",
"Microsoft.AppPlatform/locations/checkNameAvailability/action",
"Microsoft.AppPlatform/locations/operationResults/Spring/read",
"Microsoft.AppPlatform/locations/operationStatus/operationId/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
حدد إضافة .
راجع الأذونات.
الخطوات التالية
لمزيد من المعلومات حول ثلاث طرق تحدد الأذونات المخصصة، راجع: