Set-AzDataProtectionMSIPermission

Set-AzDataProtectionMSIPermission
    -VaultResourceGroup <String>
    -VaultName <String>
    -PermissionsScope <String>
    -BackupInstance <IBackupInstanceResource>
    [-KeyVaultId <String>]
    [-UserAssignedIdentityARMId <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Set-AzDataProtectionMSIPermission
    -VaultResourceGroup <String>
    -VaultName <String>
    -PermissionsScope <String>
    -RestoreRequest <IAzureBackupRestoreRequest>
    [-UserAssignedIdentityARMId <String>]
    [-SubscriptionId <String>]
    [-DatasourceType <DatasourceTypes>]
    [-SnapshotResourceGroupId <String>]
    [-StorageAccountARMId <String>]
    [-WhatIf]
    [-Confirm]
    [<CommonParameters>]

Gewährt erforderliche Berechtigungen für den Sicherungstresor und andere Ressourcen zum Konfigurieren von Sicherungs- und Wiederherstellungsszenarien

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "ResourceGroup"

Assigning Disk Backup Reader permission to the backup vault
Assigned Disk Backup Reader permission to the backup vault
Assigning Disk Snapshot Contributor permission to the backup vault
Assigned Disk Snapshot Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

Der obige Befehl wird verwendet, um dem Sicherungstresor "Vaultname" unter der Ressourcengruppe "VaultRG" im Bereich "Ressourcengruppe" des Datenträgers Berechtigungen zuzuweisen.

Set-AzDataProtectionMSIPermission -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Subscription"

Assigning Storage Account Backup Contributor permission to the backup vault
Assigned Storage Account Backup Contributor permission to the backup vault
Waiting for 60 seconds for roles to propagate

Der obige Befehl wird verwendet, um dem Sicherungstresor "Vaultname" unter der Ressourcengruppe "VaultRG" im Bereich "Abonnement" des BLOB Berechtigungen zuzuweisen.

Set-AzDataProtectionMSIPermission -KeyVaultId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/Sqlrg/providers/Microsoft.KeyVault/vaults/testkeyvault"  -BackupInstance $instance -VaultResourceGroup "VaultRG" -VaultName "Vaultname" -PermissionsScope "Resource"

Confirm
Are you sure you want to perform this action?
Performing the operation "
                            1.'Allow All Azure services' under network connectivity in the Postgres Server
                            2.'Allow Trusted Azure services' under network connectivity in the Key vault" on target "KeyVault: oss-pstest-keyvault and PostgreSQLServer: oss-pstest-server".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): A
Assigning Reader permission to the backup vault
Assigned Reader permission to the backup vault
Waiting for 60 seconds for roles to propagate

Der oben genannte Befehl wird verwendet, um dem Sicherungstresor "Vaultname" unter der Ressourcengruppe "VaultRG" im Bereich "Ressource" des Azure Datenbank für PostgreSQL Berechtigungen zuzuweisen. Es verwendet einen zusätzlichen KeyVaultId-Parameter, um dem Sicherungstresor auf dem Keyvault die erforderlichen Berechtigungen zuzuweisen.

Set-AzDataProtectionMSIPermission -BackupInstance $backupInstance -VaultResourceGroup "resourceGroupName" -VaultName "vaultName" -PermissionsScope "ResourceGroup"

Confirm
Are you sure you want to perform this action?
Performing the operation "Allow Contributor permission over snapshot resource group" on target
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y
Assigned Contributor permission to DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Assigned Reader permission to the backup vault over snapshot resource group with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotResourceGroup
Required permission Reader is already assigned to backup vault over DataSource with Id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/resourceGroupName/providers/Microsoft.ContainerService/managedClusters/aks-cluster
Waiting for 60 seconds for roles to propagate

Der obige Befehl wird verwendet, um dem Sicherungstresor "VaultName" unter der Ressourcengruppe "resourceGroupName" im Bereich "ResourceGroup" Berechtigungen zuzuweisen.

$backupinstance = Get-AzDataProtectionBackupInstance -ResourceGroupName "ResourceGroupName" -VaultName "VaultName" -SubscriptionId "SubscriptionId"

Set-AzDataProtectionMSIPermission -VaultResourceGroup "ResourceGroupName" -VaultName "VaultName" -PermissionsScope "ResourceGroup" -BackupInstance $backupinstance[0] -UserAssignedIdentityARMId "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/RGName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserAssignedIdentityName"

Using Vault UAMI with ARMId: /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/UserAssignedIdentityName with Principal ID: PrincipalId
Assigned Disk Snapshot Contributor permission to the backup vault over snapshot resource group with Id /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName
Assigned Disk Backup Reader permission to the backup vault over DataSource with Id /subscriptions/SubscriptionId/resourceGroups/ResourceGroupName/providers/Microsoft.Compute/disks/DiskName
Waiting for 60 seconds for roles to propagate

Der obige Befehl wird verwendet, um dem Sicherungstresor "VaultName" unter der Ressourcengruppe "ResourceGroupName" im Bereich "ResourceGroup" Mithilfe einer vom Benutzer zugewiesenen verwalteten Identität (User Assigned Managed Identity, UAMI) Berechtigungen zuzuweisen.

Dieses Cmdlet unterstützt die allgemeinen Parameter -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction und -WarningVariable. Weitere Informationen findest du unter about_CommonParameters.