使用 Python SDK 部署 ARM 模板的权限不足

Insufficient permissions for deploying ARM template using Python SDK

我有一个应该部署 ARM 模板的简单脚本:

credentials = ClientSecretCredential(
    client_id="<client-id>",
    client_secret="<client-secret>",
    tenant_id="<tenant-id>"
)

template = requests.get("<template-url>").json()

deployment_properties = {
    'mode': DeploymentMode.incremental,
    'template': template
}

deployment = Deployment(location="eastus", properties=deployment_properties)

client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()

当我尝试 运行 它时,我得到这个错误:

Exception Details:  (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
        Code: InsufficientPrivilegesForManagedServiceResource
        Message: The requested user doesn't have sufficient privileges to perform the operation.

我创建的应用程序注册确实具有 user_impersonation 权限,应该可以解决问题。

我是不是缺少一些权限?

感谢您的帮助!

错误“Insufficient permissions for deploying ARM template”通常发生在您没有执行部署所需的权限时。

deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)

根据上面的代码行,我假设您在订阅级别部署 ARM 模板。 请检查您在范围的订阅级别是否有权限

要在订阅级别执行任何操作,您的订阅需要 Global Admin RoleOwner Role

  • 要了解如何为订阅分配角色,请参阅此MsDoc

如果问题仍然存在,请检查是否启用了以下选项。如果禁用,请像下面这样启用它:

转到 Azure 门户 -> Azure Active Directory -> 属性 -> Azure 资源的访问管理

请参考以下链接了解更多信息:

User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A

InsufficientPrivilegesForManagedServiceResource · Issue #39 · Azure/Azure-Lighthouse-samples · GitHub