Set-AzDataProtectionMSIPermission
Concede as permissões necessárias ao cofre de backup e outros recursos para configurar cenários de backup e restauração
Syntax
Set-AzDataProtectionMSIPermission
-VaultResourceGroup <String>
-VaultName <String>
-PermissionsScope <String>
-BackupInstance <IBackupInstanceResource>
[-KeyVaultId <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Set-AzDataProtectionMSIPermission
-VaultResourceGroup <String>
-VaultName <String>
-PermissionsScope <String>
-RestoreRequest <IAzureBackupRestoreRequest>
[-SubscriptionId <String>]
[-DatasourceType <DatasourceTypes>]
[-SnapshotResourceGroupId <String>]
[-StorageAccountARMId <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
Concede as permissões necessárias ao cofre de backup e outros recursos para configurar cenários de backup e restauração
Exemplos
Exemplo 1: Conceder permissões para discos do Azure
Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "ResourceGroup"
Assigning Disk Backup Reader permission to the backup vault
Assigned Disk Backup Reader permission to the backup vault
Assigning Disk Snapshot Contributor permission to the backup vault
Assigned Disk Snapshot Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate
O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Grupo de recursos" do disco.
Exemplo 2: Conceder permissões para Blobs do Azure
Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Subscription"
Assigning Storage Account Backup Contributor permission to the backup vault
Assigned Storage Account Backup Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate
O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Assinatura" do blob.
Exemplo 3: Conceder permissões para o Banco de Dados do Azure para PostgreSQL
Set-AzDataProtectionMSIPermission -KeyVaultId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/Sqlrg/providers/Microsoft.KeyVault/vaults/testkeyvault" -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Resource"
Confirm
Are you sure you want to perform this action?
Performing the operation "
1.'Allow All Azure services' under network connectivity in the Postgres Server
2.'Allow Trusted Azure services' under network connectivity in the Key vault" on target "KeyVault: oss-pstest-keyvault and PostgreSQLServer: oss-pstest-server".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
Assigning Reader permission to the backup vault
Assigned Reader permission to the backup vault
Waiting for 60 seconds for roles to propagate
O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Resource" do Banco de Dados do Azure para PostgreSQL. É necessário um parâmetro KeyVaultId adicional para atribuir as permissões necessárias ao cofre de backup no keyvault.
Exemplo 4: Conceder permissões ausentes para configurar o backup para AzureKubernetesService
Set-AzDataProtectionMSIPermission -BackupInstance $backupInstance -VaultResourceGroup "resourceGroupName" -VaultName "vaultName" -PermissionsScope "ResourceGroup"
Confirm
Are you sure you want to perform this action?
Performing the operation "Allow Contributor permission over snapshot resource group" on target
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Assigned Contributor permission to DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Assigned Reader permission to the backup vault over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Required permission Reader is already assigned to backup vault over DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster
Waiting for 60 seconds for roles to propagate
O comando acima é usado para atribuir permissões ao cofre de backup "VaultName" no grupo de recursos "resourceGroupName" no escopo "ResourceGroup".
Parâmetros
-BackupInstance
Objeto de solicitação de instância de backup que será usado para configurar o backup Para construir, consulte a seção NOTAS para propriedades BACKUPINSTANCE e crie uma tabela de hash.
Type: | IBackupInstanceResource |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Solicita a sua confirmação antes de executar o cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DatasourceType
Tipo de fonte de dados
Type: | DatasourceTypes |
Accepted values: | AzureDisk, AzureBlob, AzureDatabaseForPostgreSQL, AzureKubernetesService, AzureDatabaseForPGFlexServer, AzureDatabaseForMySQL |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-KeyVaultId
ID do keyvault
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PermissionsScope
Escopo no qual as permissões precisam ser concedidas
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-RestoreRequest
Restaurar objeto de solicitação que será usado para restaurar Para construir, consulte a seção NOTAS para propriedades RESTOREREQUEST e crie uma tabela de hash.
Type: | IAzureBackupRestoreRequest |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SnapshotResourceGroupId
Grupo de Recursos Sanpshot
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-StorageAccountARMId
Conta de armazenamento de destino ARM Id. Use este parâmetro para DatasourceType AzureDatabaseForMySQL, AzureDatabaseForPGFlexServer.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SubscriptionId
ID da assinatura do cofre de backup
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-VaultName
Nome do cofre de backup
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-VaultResourceGroup
Grupo de recursos do cofre de backup
Type: | String |
Aliases: | ResourceGroupName |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Apresenta o que aconteceria mediante a execução do cmdlet. O cmdlet não é executado.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |