gpt4 book ai didi

Azure 角色分配优先级

转载 作者:行者123 更新时间:2023-12-02 07:38:13 24 4
gpt4 key购买 nike

假设用户分配了以下角色结构。

  1. 订阅范围内的贡献者
  2. 资源组范围内的读者。该资源组位于订阅内。
  3. cosmos db 上的 Cosmos DB 帐户读取者角色,位于第 2 点中的资源组内

用户可以对 cosmos db 进行写入操作吗?

我找不到有关此用例的任何文档。

最佳答案

Can the user do write operations on cosmos db ?

是的,因为用户处于订阅级别的贡献者角色,并且 Azure RBAC 是一种附加模型,其中有效权限是根据所有角色分配计算的。从这里link :

Multiple role assignments

So what happens if you have multiple overlapping role assignments?Azure RBAC is an additive model, so your effective permissions are thesum of your role assignments. Consider the following example where auser is granted the Contributor role at the subscription scope and theReader role on a resource group. The sum of the Contributorpermissions and the Reader permissions is effectively the Contributorrole for the subscription. Therefore, in this case, the Reader roleassignment has no impact.

关于Azure 角色分配优先级,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/69448522/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com