Microsoft Azure Essentials Fundamentals of Azure Second Edition e-optimized 5x11 pdf

Download 8,71 Mb.

Pdf ko'rish

bet	32/260
Sana	16.09.2021
Hajmi	8,71 Mb.
	#176022

1 ... 28 29 30 31 32 33 34 35 ... 260

Bog'liq
9781509302963 Microsoft Azure Essentials Fundamentals of Azure 2nd ed pdf

Custom roles

Virtual Machine Contributor A user with this role can manage virtual machines but can’t
manage the VNet to which they are connected or the storage account where the VHD file resides.
Note that this role does include access to the storage account keys, which is needed to create the
container for the VHD files as well as the VHD files themselves.
These are only a few of the many roles that can be assigned to a user, a group of users, or an
application.

11
CHAPTER 1 |    Getting started with Microsoft Azure

Custom roles
If none of the built-in roles and no combination of the built-in roles provides exactly what you need,
you can create a custom role. You can do this using PowerShell, the Azure CLI, or the REST APIs. Once
you create a custom role, you can assign it to a user, group, or application for a subscription, resource
group, or resource. Custom roles are stored in the Azure AD and can be shared across all
subscriptions that use the same Active Directory.
For example, you could create a custom role for monitoring and restarting virtual machines. Here are
the Actions you would assign to that role:

Microsoft.Storage/*/read

Microsoft.Network/*/read

Microsoft.Compute/*/read

Microsoft.Compute/virtualMachines;/start/action

Microsoft.Compute/virtualMachines/restart/action

Microsoft.Authorization/*/read

Microsoft.Resources/subscriptions/resourceGroups/read

Microsoft.Insights/alertRules/*

Microsoft.Insights/diagnosticSettings/*

Microsoft.Support/*
Note that as requested, this role can only start and restart virtual machines. It can’t create them or
delete them.
A convenient way to create a custom role is to download the definition of an existing role and use
that as a starting point. When you create a custom role, you also need to specify in which
subscriptions it can be used—at least one must be specified.
In the next section, we’ll see how to assign roles to users for a resource group and how to give full
administrative privileges for a subscription to a user.
The Azure portal
An online management portal provides the easiest way to manage the resources you deploy into
Azure. You can use this to create virtual networks, set up Web Apps, create VMs, define storage
accounts, and so on, as listed in the previous section.
As noted earlier in this chapter, there are currently two versions of the portal. The production portal is
the Azure portal at
https://portal.azure.com
. Most features have been moved to the Azure portal, with
some exceptions such as Azure AD. The previous portal is called the classic Azure portal
(
https://manage.windowsazure.com
), and it can still be used to manage Azure AD and to configure
and scale classic resources such as Cloud Services.
In most cases, you will be using the Azure portal, so that’s what we’re going to focus on in this book.
All of the resources that use the Resource Manager deployment model can only be accessed in the
Azure portal.
Let’s take a look at the Azure portal and how you navigate through it.

12
CHAPTER 1 | Getting started with Microsoft Azure

Download 8,71 Mb.

Do'stlaringiz bilan baham:

1 ... 28 29 30 31 32 33 34 35 ... 260