Partilhar via

Set-AzDataProtectionMSIPermission

  • Referência
Módulo:
Az.DataProtection

Concede as permissões necessárias ao cofre de backup e outros recursos para configurar cenários de backup e restauração

Syntax

Set-AzDataProtectionMSIPermission
   -VaultResourceGroup <String>
   -VaultName <String>
   -PermissionsScope <String>
   -BackupInstance <IBackupInstanceResource>
   [-KeyVaultId <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzDataProtectionMSIPermission
   -VaultResourceGroup <String>
   -VaultName <String>
   -PermissionsScope <String>
   -RestoreRequest <IAzureBackupRestoreRequest>
   [-SubscriptionId <String>]
   [-DatasourceType <DatasourceTypes>]
   [-SnapshotResourceGroupId <String>]
   [-StorageAccountARMId <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

Concede as permissões necessárias ao cofre de backup e outros recursos para configurar cenários de backup e restauração

Exemplos

Exemplo 1: Conceder permissões para discos do Azure

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "ResourceGroup"

Assigning Disk Backup Reader permission to the backup vault
Assigned Disk Backup Reader permission to the backup vault
Assigning Disk Snapshot Contributor permission to the backup vault
Assigned Disk Snapshot Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Grupo de recursos" do disco.

Exemplo 2: Conceder permissões para Blobs do Azure

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Subscription"

Assigning Storage Account Backup Contributor permission to the backup vault
Assigned Storage Account Backup Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Assinatura" do blob.

Exemplo 3: Conceder permissões para o Banco de Dados do Azure para PostgreSQL

Set-AzDataProtectionMSIPermission -KeyVaultId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/Sqlrg/providers/Microsoft.KeyVault/vaults/testkeyvault"  -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Resource"

Confirm
Are you sure you want to perform this action?
Performing the operation "
                            1.'Allow All Azure services' under network connectivity in the Postgres Server
                            2.'Allow Trusted Azure services' under network connectivity in the Key vault" on target "KeyVault: oss-pstest-keyvault and PostgreSQLServer: oss-pstest-server".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
Assigning Reader permission to the backup vault
Assigned Reader permission to the backup vault
Waiting for 60 seconds for roles to propagate

O comando acima é usado para atribuir permissões ao cofre de backup "Vaultname" no grupo de recursos "VaultRG" no escopo "Resource" do Banco de Dados do Azure para PostgreSQL. É necessário um parâmetro KeyVaultId adicional para atribuir as permissões necessárias ao cofre de backup no keyvault.

Exemplo 4: Conceder permissões ausentes para configurar o backup para AzureKubernetesService

Set-AzDataProtectionMSIPermission -BackupInstance $backupInstance -VaultResourceGroup "resourceGroupName" -VaultName "vaultName" -PermissionsScope "ResourceGroup"

Confirm
Are you sure you want to perform this action?
Performing the operation "Allow Contributor permission over snapshot resource group" on target
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
Assigned Contributor permission to DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Assigned Reader permission to the backup vault over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Required permission Reader is already assigned to backup vault over DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster
Waiting for 60 seconds for roles to propagate

O comando acima é usado para atribuir permissões ao cofre de backup "VaultName" no grupo de recursos "resourceGroupName" no escopo "ResourceGroup".

Parâmetros

-BackupInstance

Objeto de solicitação de instância de backup que será usado para configurar o backup Para construir, consulte a seção NOTAS para propriedades BACKUPINSTANCE e crie uma tabela de hash.

Type:IBackupInstanceResource
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Solicita a sua confirmação antes de executar o cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DatasourceType

Tipo de fonte de dados

Type:DatasourceTypes
Accepted values:AzureDisk, AzureBlob, AzureDatabaseForPostgreSQL, AzureKubernetesService, AzureDatabaseForPGFlexServer, AzureDatabaseForMySQL
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-KeyVaultId

ID do keyvault

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PermissionsScope

Escopo no qual as permissões precisam ser concedidas

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-RestoreRequest

Restaurar objeto de solicitação que será usado para restaurar Para construir, consulte a seção NOTAS para propriedades RESTOREREQUEST e crie uma tabela de hash.

Type:IAzureBackupRestoreRequest
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SnapshotResourceGroupId

Grupo de Recursos Sanpshot

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-StorageAccountARMId

Conta de armazenamento de destino ARM Id. Use este parâmetro para DatasourceType AzureDatabaseForMySQL, AzureDatabaseForPGFlexServer.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SubscriptionId

ID da assinatura do cofre de backup

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-VaultName

Nome do cofre de backup

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-VaultResourceGroup

Grupo de recursos do cofre de backup

Type:String
Aliases:ResourceGroupName
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Apresenta o que aconteceria mediante a execução do cmdlet. O cmdlet não é executado.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Saídas

Object