在 Azure AD 权利管理中将访问权限管理委派给的目录创建者Delegate access governance to catalog creators in Azure AD entitlement management

目录是资源和访问包的容器。A catalog is a container of resources and access packages. 需要将相关的资源和访问包分组时,可以创建目录。You create a catalog when you want to group related resources and access packages. 默认情况下,全局管理员或用户管理员可以创建目录,并且可以将其他用户添加为目录所有者。By default, a Global administrator or a User administrator can create a catalog, and can add additional users as catalog owners.

若要委派给不是管理员的用户,以便他们可以创建自己的目录,可以将这些用户添加到 Azure AD 权利管理定义的目录创建者角色。To delegate to users who aren't administrators, so that they can create their own catalogs, you can add those users to the Azure AD entitlement management-defined catalog creator role. 可以添加单个用户,也可以添加一个组,使其成员可以创建目录。You can add individual users, or you can add a group, whose members are then able to create catalogs. 创建目录后,他们就可以将自己拥有的资源添加到其目录。After creating a catalog, they can subsequently add resources they own to their catalog.

以 IT 管理员身份委派给目录创建者As an IT administrator, delegate to a catalog creator

遵循以下步骤将用户分配到目录创建者角色。Follow these steps to assign a user to the catalog creator role.

必备角色: 全局管理员或用户管理员Prerequisite role: Global administrator or User administrator

  1. 在 Azure 门户中,依次单击“Azure Active Directory”、“标识监管”。 In the Azure portal, click Azure Active Directory and then click Identity Governance.

  2. 在“权利管理”部分的左侧菜单中,单击“设置”。In the left menu, in the Entitlement management section, click Settings.

  3. 单击 “编辑”Click Edit.

    用于添加目录创建者的设置

  4. 在“委托权利管理”部分,单击“添加目录创建者”,以选择要向其委托此权利管理角色的用户或组 。In the Delegate entitlement management section, click Add catalog creators to select the users or groups that you want to delegate this entitlement management role to.

  5. 单击“选择”。Click Select.

  6. 单击“保存”。Click Save.

允许受委托的角色访问 Azure 门户Allow delegated roles to access the Azure portal

若要允许受委托的角色(例如目录创建者和访问包管理者)访问 Azure 门户以管理访问包,应检查管理门户设置。To allow delegated roles, such as catalog creators and access package managers, to access the Azure portal to manage access packages, you should check the administration portal setting.

必备角色: 全局管理员或用户管理员Prerequisite role: Global administrator or User administrator

  1. 在 Azure 门户中,单击“Azure Active Directory”,然后单击“用户” 。In the Azure portal, click Azure Active Directory and then click Users.

  2. 在左侧的菜单中,单击“用户设置”。In the left menu, click User settings.

  3. 确保将“限制访问 Azure AD 管理门户”设置为“否” 。Make sure Restrict access to Azure AD administration portal is set to No.

    Azure AD 用户设置 - 管理门户

后续步骤Next steps