使用 Azure 门户创建、列出和删除用户分配的托管标识以及为其分配角色Create, list, delete or assign a role to a user-assigned managed identity using the Azure portal

Azure 资源的托管标识在 Azure Active Directory 中为 Azure 服务提供了一个托管标识。Managed identities for Azure resources provide Azure services with a managed identity in Azure Active Directory. 此标识可用于向支持 Azure AD 身份验证的服务进行身份验证,这样就无需在代码中输入凭据了。You can use this identity to authenticate to services that support Azure AD authentication, without needing credentials in your code.

本文介绍如何使用 Azure 门户创建、列出和删除用户分配的托管标识以及如何为其分配角色。In this article, you learn how to create, list, delete or assign a role to a user-assigned managed identity using the Azure portal.

先决条件Prerequisites

创建用户分配的托管标识Create a user-assigned managed identity

若要创建用户分配的托管标识,你的帐户需要托管标识参与者角色分配。To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

  1. 使用与 Azure 订阅关联的帐户登录 Azure 门户,以创建用户分配的托管标识。Sign in to the Azure portal using an account associated with the Azure subscription to create the user-assigned managed identity.
  2. 在搜索框中,键入托管标识,然后在“服务”下单击“托管标识” 。In the search box, type Managed Identities, and under Services, click Managed Identities.
  3. 单击“添加”,然后在“创建用户分配的托管标识”窗格下的以下字段中输入值 :Click Add and enter values in the following fields under Create user assigned managed identity pane:
    • 订阅:选择要在其下创建用户分配的托管标识的订阅。Subscription: Choose the subscription to create the user-assigned managed identity under.
    • 资源组:选择要在其中创建用户分配的托管标识的资源组,或单击“新建”来创建新资源组。Resource group: Choose a resource group to create the user-assigned managed identity in or click Create new to create a new resource group.
    • 区域:选择用于部署用户分配的托管标识的区域,例如“中国北部”。Region: Choose a region to deploy the user-assigned managed identity, for example China North.
    • 名称:这是用户分配的托管标识的名称,例如 UAI1。Name: This is the name for your user-assigned managed identity, for example UAI1. 创建用户分配的托管标识Create a user-assigned managed identity
  4. 单击“评审 + 创建”以查看更改。Click Review + crate to review the changes.
  5. 单击“创建”。Click Create.

列出用户分配的托管标识List user-assigned managed identities

若要列出/读取用户分配的托管标识,你的帐户需要托管标识操作员托管标识参与者角色分配。To list/read a user-assigned managed identity, your account needs the Managed Identity Operator or Managed Identity Contributor role assignment.

  1. 使用与 Azure 订阅关联的帐户登录 Azure 门户,以列出用户分配的托管标识。Sign in to the Azure portal using an account associated with the Azure subscription to list the user-assigned managed identities.
  2. 在搜索框中,键入托管标识,然后在“服务”下单击“托管标识”。In the search box, type Managed Identities, and under Services, click Managed Identities.
  3. 这会返回一个列表,其中包含订阅中的用户分配的托管标识。A list of the user-assigned managed identities for your subscription is returned. 要查看用户分配的托管标识的详细信息,请单击其名称。To see the details of a user-assigned managed identity click its name.

列出用户分配的托管标识

删除用户分配的托管标识Delete a user-assigned managed identity

若要删除用户分配的托管标识,你的帐户需要托管标识参与者角色分配。To delete a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

删除用户分配的标识不会将其从 VM 或其他已分配给的资源中删除。Deleting a user assigned identity does not remove it from the VM or resource it was assigned to. 要从 VM 中删除用户分配的标识,请参阅从 VM 中删除用户分配的托管标识To remove the user assigned identity from a VM see, Remove a user-assigned managed identity from a VM.

  1. 使用与 Azure 订阅关联的帐户登录 Azure 门户,以删除用户分配的托管标识。Sign in to the Azure portal using an account associated with the Azure subscription to delete a user-assigned managed identity.
  2. 选择用户分配的托管标识,然后单击“删除”。Select the user-assigned managed identity and click Delete.
  3. 在确认框中选择“是”。Under the confirmation box choose, Yes.

删除用户分配的托管标识

为用户分配的托管标识分配角色Assign a role to a user-assigned managed identity

若要为用户分配的托管标识分配角色,你的帐户需要用户访问管理员角色分配。To assign a role to a user-assigned managed identity, your account needs the User Access Administrator role assignment.

  1. 使用与 Azure 订阅关联的帐户登录 Azure 门户,以列出用户分配的托管标识。Sign in to the Azure portal using an account associated with the Azure subscription to list the user-assigned managed identities.

  2. 在搜索框中,键入托管标识,然后在“服务”下单击“托管标识”。In the search box, type Managed Identities, and under Services, click Managed Identities.

  3. 这会返回一个列表,其中包含订阅中的用户分配的托管标识。A list of the user-assigned managed identities for your subscription is returned. 选择要为其分配角色的用户分配托管标识。Select the user-assigned managed identity that you want to assign a role.

  4. 依次选择“访问控制(IAM)”、“添加角色分配” Select Access control (IAM), and then select Add role assignment.

    用户分配的托管标识启动

  5. 在“添加角色分配”边栏选项卡中,配置以下值,然后单击“保存”:In the Add role assignment blade, configure the following values, and then click Save:

    • 角色 - 要分配的角色Role - the role to assign
    • 将访问权限分配到 - 要将用户分配的托管标识分配到的资源Assign access to - the resource to assign the user-assigned managed identity
    • 选择 - 要将访问权限分配到的成员Select - the member to assign access

    用户分配的托管标识 IAM