使用 Azure 门户授予托管标识对资源的访问权限Assign a managed identity access to a resource by using the Azure portal

Azure 资源的托管标识是 Azure Active Directory 的一项功能。Managed identities for Azure resources is a feature of Azure Active Directory. 支持 Azure 资源的托管标识的每个 Azure 服务都受其自己的时间线限制。Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. 在开始之前,请务必查看资源的托管标识的可用性状态以及已知问题Make sure you review the availability status of managed identities for your resource and known issues before you begin.

为 Azure 资源配置托管标识后,便可以授予该托管标识对另一资源的访问权限,这一点与所有安全主体一样。After you've configured an Azure resource with a managed identity, you can give the managed identity access to another resource, just like any security principal. 本文介绍如何使用 Azure 门户授予 Azure 虚拟机或虚拟机规模集的托管标识对 Azure 存储帐户的访问权限。This article shows you how to give an Azure virtual machine or virtual machine scale set's managed identity access to an Azure storage account, by using the Azure portal.

先决条件Prerequisites

使用 Azure RBAC 授予托管标识对另一资源的访问权限Use Azure RBAC to assign a managed identity access to another resource

在 Azure 资源(如 Azure VMAzure 虚拟机规模集)上启用托管标识后,请执行以下操作:After you've enabled managed identity on an Azure resource, such as an Azure VM or Azure virtual machine scale set:

  1. 使用帐户登录 Azure 门户,此帐户与已在其下配置托管标识的 Azure 订阅相关联。Sign in to the Azure portal using an account associated with the Azure subscription under which you have configured the managed identity.

  2. 转到要对其修改访问控制的相应资源。Navigate to the desired resource on which you want to modify access control. 此示例要授予 Azure 虚拟机对存储帐户的访问权限,所以导航到存储帐户。In this example, we are giving an Azure virtual machine access to a storage account, so we navigate to the storage account.

  3. 选择资源的“访问控制(IAM)”页面,然后选择“+ 添加角色分配” 。Select the Access control (IAM) page of the resource, and select + Add role assignment. 然后依次指定“角色”、“将访问权限分配到”和相应的“订阅” 。Then specify the Role, Assign access to, and specify the corresponding Subscription. 在搜索条件区域下,应该会看到该资源。Under the search criteria area, you should see the resource. 选择该资源,并选择“保存”。Select the resource, and select Save.

    “访问控制(IAM)”屏幕截图

后续步骤Next steps