使用 Python SDK 部署 ARM 模板的权限不足
Insufficient permissions for deploying ARM template using Python SDK
我有一个应该部署 ARM 模板的简单脚本:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
当我尝试 运行 它时,我得到这个错误:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
我创建的应用程序注册确实具有 user_impersonation 权限,应该可以解决问题。
我是不是缺少一些权限?
感谢您的帮助!
错误“Insufficient permissions for deploying ARM template”通常发生在您没有执行部署所需的权限时。
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
根据上面的代码行,我假设您在订阅级别部署 ARM 模板。
请检查您在范围的订阅级别是否有权限。
要在订阅级别执行任何操作,您的订阅需要 Global Admin Role
或 Owner Role
。
- 要了解如何为订阅分配角色,请参阅此MsDoc。
如果问题仍然存在,请检查是否启用了以下选项。如果禁用,请像下面这样启用它:
转到 Azure 门户 -> Azure Active Directory -> 属性 -> Azure 资源的访问管理
请参考以下链接了解更多信息:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A
我有一个应该部署 ARM 模板的简单脚本:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
当我尝试 运行 它时,我得到这个错误:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
我创建的应用程序注册确实具有 user_impersonation 权限,应该可以解决问题。
我是不是缺少一些权限?
感谢您的帮助!
错误“Insufficient permissions for deploying ARM template”通常发生在您没有执行部署所需的权限时。
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
根据上面的代码行,我假设您在订阅级别部署 ARM 模板。 请检查您在范围的订阅级别是否有权限。
要在订阅级别执行任何操作,您的订阅需要 Global Admin Role
或 Owner Role
。
- 要了解如何为订阅分配角色,请参阅此MsDoc。
如果问题仍然存在,请检查是否启用了以下选项。如果禁用,请像下面这样启用它:
转到 Azure 门户 -> Azure Active Directory -> 属性 -> Azure 资源的访问管理
请参考以下链接了解更多信息:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A