通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Set-AzDataProtectionMSIPermission

  • 参考
模块:
Az.DataProtection

向备份保管库和其他资源授予配置备份和还原方案所需的权限

语法

Set-AzDataProtectionMSIPermission
   -VaultResourceGroup <String>
   -VaultName <String>
   -PermissionsScope <String>
   -BackupInstance <IBackupInstanceResource>
   [-KeyVaultId <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Set-AzDataProtectionMSIPermission
   -VaultResourceGroup <String>
   -VaultName <String>
   -PermissionsScope <String>
   -RestoreRequest <IAzureBackupRestoreRequest>
   [-SubscriptionId <String>]
   [-DatasourceType <DatasourceTypes>]
   [-SnapshotResourceGroupId <String>]
   [-StorageAccountARMId <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

说明

向备份保管库和其他资源授予配置备份和还原方案所需的权限

示例

示例 1:授予 Azure 磁盘的权限

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "ResourceGroup"

Assigning Disk Backup Reader permission to the backup vault
Assigned Disk Backup Reader permission to the backup vault
Assigning Disk Snapshot Contributor permission to the backup vault
Assigned Disk Snapshot Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

上述命令用于将权限分配给磁盘“资源组”资源组“VaultRG”下的备份保管库“Vaultname”。

示例 2:授予 Azure Blob 的权限

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Subscription"

Assigning Storage Account Backup Contributor permission to the backup vault
Assigned Storage Account Backup Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

上述命令用于在 Blob 的“订阅”范围下将权限分配给资源组“VaultRG”下的备份保管库“Vaultname”。

示例 3:授予 Azure Database for PostgreSQL 的权限

Set-AzDataProtectionMSIPermission -KeyVaultId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/Sqlrg/providers/Microsoft.KeyVault/vaults/testkeyvault"  -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Resource"

Confirm
Are you sure you want to perform this action?
Performing the operation "
                            1.'Allow All Azure services' under network connectivity in the Postgres Server
                            2.'Allow Trusted Azure services' under network connectivity in the Key vault" on target "KeyVault: oss-pstest-keyvault and PostgreSQLServer: oss-pstest-server".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
Assigning Reader permission to the backup vault
Assigned Reader permission to the backup vault
Waiting for 60 seconds for roles to propagate

上述命令用于将权限分配给 Azure Database For PostgreSQL 的资源组“VaultRG”下的备份保管库“Vaultname”。 它需要一个额外的 KeyVaultId 参数来向 keyvault 上的备份保管库分配必要的权限。

示例 4:授予配置 AzureKubernetesService 备份的缺失权限

Set-AzDataProtectionMSIPermission -BackupInstance $backupInstance -VaultResourceGroup "resourceGroupName" -VaultName "vaultName" -PermissionsScope "ResourceGroup"

Confirm
Are you sure you want to perform this action?
Performing the operation "Allow Contributor permission over snapshot resource group" on target
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
Assigned Contributor permission to DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Assigned Reader permission to the backup vault over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Required permission Reader is already assigned to backup vault over DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster
Waiting for 60 seconds for roles to propagate

上述命令用于将权限分配给“ResourceGroup”范围内的资源组“resourceGroupName”下的备份保管库“VaultName”。

参数

-BackupInstance

将用于配置备份构造的备份实例请求对象,请参阅 BACKUPINSTANCE 属性的 NOTES 部分并创建哈希表。

类型:IBackupInstanceResource
Position:Named
默认值:None
必需:True
接受管道输入:False
接受通配符:False

-Confirm

提示你在运行 cmdlet 之前进行确认。

类型:SwitchParameter
别名:cf
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-DatasourceType

数据源类型

类型:DatasourceTypes
接受的值:AzureDisk, AzureBlob, AzureDatabaseForPostgreSQL, AzureKubernetesService, AzureDatabaseForPGFlexServer, AzureDatabaseForMySQL
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-KeyVaultId

keyvault 的 ID

类型:String
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-PermissionsScope

需要向其授予权限的范围

类型:String
Position:Named
默认值:None
必需:True
接受管道输入:False
接受通配符:False

-RestoreRequest

将用于还原构造的还原请求对象,请参阅 RESTOREREQUEST 属性的 NOTES 部分并创建哈希表。

类型:IAzureBackupRestoreRequest
Position:Named
默认值:None
必需:True
接受管道输入:False
接受通配符:False

-SnapshotResourceGroupId

Sanpshot 资源组

类型:String
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-StorageAccountARMId

目标存储帐户 ARM ID。将此参数用于 DatasourceType AzureDatabaseForMySQL、AzureDatabaseForPGFlexServer。

类型:String
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-SubscriptionId

备份保管库的订阅 ID

类型:String
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

-VaultName

备份保管库的名称

类型:String
Position:Named
默认值:None
必需:True
接受管道输入:False
接受通配符:False

-VaultResourceGroup

备份保管库的资源组

类型:String
别名:ResourceGroupName
Position:Named
默认值:None
必需:True
接受管道输入:False
接受通配符:False

-WhatIf

显示运行该 cmdlet 时会发生什么情况。 cmdlet 未运行。

类型:SwitchParameter
别名:wi
Position:Named
默认值:None
必需:False
接受管道输入:False
接受通配符:False

输出

Object