Set-AzDataProtectionMSIPermission
授與備份保存庫和其他資源的必要許可權,以設定備份和還原案例
語法
Set-AzDataProtectionMSIPermission
-VaultResourceGroup <String>
-VaultName <String>
-PermissionsScope <String>
-BackupInstance <IBackupInstanceResource>
[-KeyVaultId <String>]
[-UserAssignedIdentityARMId <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Set-AzDataProtectionMSIPermission
-VaultResourceGroup <String>
-VaultName <String>
-PermissionsScope <String>
[-UserAssignedIdentityARMId <String>]
-RestoreRequest <IAzureBackupRestoreRequest>
[-SubscriptionId <String>]
[-DatasourceType <DatasourceTypes>]
[-SnapshotResourceGroupId <String>]
[-StorageAccountARMId <String>]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
授與備份保存庫和其他資源的必要許可權,以設定備份和還原案例
範例
範例 1:授與 Azure 磁碟的許可權
Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "ResourceGroup"
Assigning Disk Backup Reader permission to the backup vault
Assigned Disk Backup Reader permission to the backup vault
Assigning Disk Snapshot Contributor permission to the backup vault
Assigned Disk Snapshot Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate上述命令可用來在磁碟的 「資源群組」範圍,將許可權指派給資源群組 「VaultRG」 底下的備份保存庫 「Vaultname」。。
範例 2:授與 Azure Blob 的許可權
Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Subscription"
Assigning Storage Account Backup Contributor permission to the backup vault
Assigned Storage Account Backup Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate上述命令可用來在 Blob 的 「訂用帳戶」範圍下,將許可權指派給資源群組 「VaultRG」 下的備份保存庫 「Vaultname」。。
範例 3:為適用於 PostgreSQL 的 Azure 資料庫授與許可權
Set-AzDataProtectionMSIPermission -KeyVaultId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/Sqlrg/providers/Microsoft.KeyVault/vaults/testkeyvault" -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Resource"
Confirm
Are you sure you want to perform this action?
Performing the operation "
1.'Allow All Azure services' under network connectivity in the Postgres Server
2.'Allow Trusted Azure services' under network connectivity in the Key vault" on target "KeyVault: oss-pstest-keyvault and PostgreSQLServer: oss-pstest-server".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A
Assigning Reader permission to the backup vault
Assigned Reader permission to the backup vault
Waiting for 60 seconds for roles to propagate上述命令可用來在「適用於 PostgreSQL 的 Azure 資料庫」的「資源」範圍,將許可權指派給資源群組 「VaultRG」 下的備份保存庫 「Vaultname」。 它需要額外的 KeyVaultId 參數,將必要的許可權指派給 keyvault 上的備份保存庫。
範例 4:授與遺漏的許可權,以設定 AzureKubernetesService 的備份
Set-AzDataProtectionMSIPermission -BackupInstance $backupInstance -VaultResourceGroup "resourceGroupName" -VaultName "vaultName" -PermissionsScope "ResourceGroup"
Confirm
Are you sure you want to perform this action?
Performing the operation "Allow Contributor permission over snapshot resource group" on target
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y
Assigned Contributor permission to DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Assigned Reader permission to the backup vault over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Required permission Reader is already assigned to backup vault over DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster
Waiting for 60 seconds for roles to propagate上述命令可用來在 「ResourceGroup」 範圍的資源群組 「resourceGroupName」 下,將許可權指派給備份保存庫 「VaultName」。。
範例 5:使用保存庫 UAMI 授與設定備份的許可權
$backupinstance = Get-AzDataProtectionBackupInstance -ResourceGroupName "ResourceGroupName" -VaultName "VaultName" -SubscriptionId "SubscriptionId"
Set-AzDataProtectionMSIPermission -VaultResourceGroup "ResourceGroupName" -VaultName "VaultName" -PermissionsScope "ResourceGroup" -BackupInstance $backupinstance[0] -UserAssignedIdentityARMId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RGName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserAssignedIdentityName"
Using Vault UAMI with ARMId: /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserAssignedIdentityName with Principal ID: PrincipalId
Assigned Disk Snapshot Contributor permission to the backup vault over snapshot resource group with Id /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName
Assigned Disk Backup Reader permission to the backup vault over DataSource with Id /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.Compute/disks/DiskName
Waiting for 60 seconds for roles to propagate上述命令是用來使用使用者指派受控識別 (UAMI) 在 “ResourceGroup” 範圍的資源群組 “ResourceGroupName” 下,將許可權指派給備份保存庫 “VaultName”。
參數
-BackupInstance
將用來設定備份的備份實例要求物件若要建構,請參閱BACKUPINSTANCE屬性和建立哈希表的NOTES一節。
| 類型: | IBackupInstanceResource |
| Position: | Named |
| 預設值: | None |
| 必要: | True |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-Confirm
在執行 Cmdlet 之前,提示您進行確認。
| 類型: | SwitchParameter |
| 別名: | cf |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-DatasourceType
數據源類型
| 類型: | DatasourceTypes |
| 接受的值: | AzureDisk, AzureBlob, AzureDatabaseForPostgreSQL, AzureKubernetesService, AzureDatabaseForPGFlexServer, AzureDatabaseForMySQL |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-KeyVaultId
keyvault 的標識碼
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-PermissionsScope
需要授與許可權的範圍
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | True |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-RestoreRequest
將用於還原的還原要求物件若要建構,請參閱 RESTOREREQUEST 屬性的 NOTES 區段,並建立哈希表。
| 類型: | IAzureBackupRestoreRequest |
| Position: | Named |
| 預設值: | None |
| 必要: | True |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-SnapshotResourceGroupId
Sanpshot 資源群組
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-StorageAccountARMId
目標記憶體帳戶 ARM 標識符。針對 DatasourceType AzureDatabaseForMySQL、AzureDatabaseForPGFlexServer 使用此參數。
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-SubscriptionId
備份保存庫的訂用帳戶標識碼
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-UserAssignedIdentityARMId
要用於指派許可權之備份保存庫的使用者指派身分識別ARM標識碼
| 類型: | String |
| 別名: | AssignUserIdentity |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-VaultName
備份保存庫的名稱
| 類型: | String |
| Position: | Named |
| 預設值: | None |
| 必要: | True |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-VaultResourceGroup
備份保存庫的資源群組
| 類型: | String |
| 別名: | ResourceGroupName |
| Position: | Named |
| 預設值: | None |
| 必要: | True |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
-WhatIf
顯示 Cmdlet 執行時會發生什麼事。 Cmdlet 未執行。
| 類型: | SwitchParameter |
| 別名: | wi |
| Position: | Named |
| 預設值: | None |
| 必要: | False |
| 接受管線輸入: | False |
| 接受萬用字元: | False |
