通过使用基于角色的访问控制来共享 Azure 仪表板Share Azure dashboards by using Role-Based Access Control

配置仪表板后,可将其发布,并与组织中的其他用户共享。After configuring a dashboard, you can publish it and share it with other users in your organization. 使用 Azure 基于角色的访问控制 (Azure RBAC) 来允许其他人查看仪表板。You allow others to view your dashboard by using Azure role-based access control (Azure RBAC). 将某个用户或用户组分配到角色。Assign a user or group of users to a role. 该角色定义这些用户是否可以查看或修改发布的仪表板。That role defines whether those users can view or modify the published dashboard.

所有已发布的仪表板作为 Azure 资源实现。All published dashboards are implemented as Azure resources. 它们作为订阅中的可管理的项存在,并包含在资源组中。They exist as manageable items within your subscription and are contained in a resource group. 从访问控制角度来看,仪表板与其他资源(例如虚拟机或存储帐户)没有什么不同。From an access control perspective, dashboards are no different than other resources, such as a virtual machine or a storage account.

提示

仪表板中的各个磁贴会根据其显示的资源强制实施自身的访问控制要求。Individual tiles on the dashboard enforce their own access control requirements based on the resources they display. 可以广泛地共享仪表板,同时在单个磁贴中保护数据。You can share a dashboard broadly while protecting the data on individual tiles.

了解仪表板的访问控制Understanding access control for dashboards

使用基于角色的访问控制 (RBAC),可以将用户分配到处于三个不同范围级别的角色:With Role-Based Access Control (RBAC), you can assign users to roles at three different levels of scope:

  • 订阅subscription
  • 资源组resource group
  • resourceresource

分配的权限从订阅向下继承到资源。The permissions you assign inherit from the subscription down to the resource. 已发布的仪表板是一个资源。The published dashboard is a resource. 可能已将用户分配到订阅的角色,这些角色适用于已发布的仪表板。You may already have users assigned to roles for the subscription that apply for the published dashboard.

假设已有 Azure 订阅,并且团队中的各个成员都分配了订阅的所有者参与者读取者角色。Let's say you have an Azure subscription and various members of your team have been assigned the roles of owner, contributor, or reader for the subscription. 作为所有者或参与者的用户能够列出、查看、创建、修改或删除该订阅中的仪表板。Users who are owners or contributors can list, view, create, modify, or delete dashboards within the subscription. 作为读取者的用户能够列出并查看仪表板,但不能修改或删除它们。Users who are readers can list and view dashboards, but can't modify or delete them. 拥有读取者访问权限的用户能够对已发布的仪表板进行本地编辑(例如排查问题时),但不能将这些更改发布回到服务器。Users with reader access can make local edits to a published dashboard, such as when troubleshooting an issue, but they can't publish those changes back to the server. 他们可以自行创建仪表板的专用副本。They can make a private copy of the dashboard for themselves.

也可以将权限分配给包含若干个仪表板的资源组或单个仪表板。You could also assign permissions to the resource group that contains several dashboards or to an individual dashboard. 例如,可以决定一组用户在整个订阅中应具有有限的权限,但对特定仪表板具有更高的访问权限。For example, you may decide that a group of users should have limited permissions across the subscription but greater access to a particular dashboard. 将这些用户分配到该仪表板的角色。Assign those users to a role for that dashboard.

发布仪表板Publish dashboard

假设你将配置一个要与订阅中的一组用户共享的仪表板。Let's suppose you configure a dashboard that you want to share with a group of users in your subscription. 以下步骤说明如何与名为“存储管理者”的组共享某个仪表板。The following steps show how to share a dashboard to a group called Storage Managers. 可以使用任意名称为组命名。You can name your group whatever you like. 有关详细信息,请参阅在 Azure Active Directory 中管理组For more information, see Managing groups in Azure Active Directory.

在分配访问权限之前,必须先发布仪表板。Before assigning access, you must publish the dashboard.

  1. 在仪表板中,选择“共享” 。In the dashboard, select Share.

    选择仪表板中的“共享”

  2. 在“共享 + 访问控制”中选择“发布”。 In Sharing + access control, select Publish.

    发布仪表板

    默认情况下,共享操作会将仪表板发布到名为 dashboards 的资源组。By default, sharing publishes your dashboard to a resource group named dashboards. 若要选择不同的资源组,请清除该复选框。To select a different resource group, clear the checkbox.

仪表板现已发布。Your dashboard is now published. 如果从订阅继承的权限合适,则不需要执行更多的操作。If the permissions inherited from the subscription are suitable, you don't need to do anything more. 组织中的其他用户能够根据其订阅级别角色访问和修改仪表板。Other users in your organization can access and modify the dashboard based on their subscription level role.

向仪表板分配访问权限Assign access to a dashboard

可将一组用户分配到该仪表板的角色。You can assign a group of users to a role for that dashboard.

  1. 发布仪表板后,选择“共享” 或“取消共享” 选项以访问“共享 + 访问控制” 。After publishing the dashboard, select the Share or Unshare option to access Sharing + access control.

  2. 在“共享 + 访问控制”中选择“管理用户”。 In Sharing + access control, select Manage users.

    管理仪表板的用户

  3. 选择“角色分配”,查看已为其分配此仪表板角色的现有用户。 Select Role assignments to see existing users that are already assigned a role for this dashboard.

  4. 若要添加新用户或组,请选择“添加” ,然后选择“添加角色分配” 。To add a new user or group, select Add then Add role assignment.

    添加有权访问仪表板的用户

  5. 选择表示要授予的权限的角色。Select the role that represents the permissions to grant. 对于此示例,请选择“参与者” 。For this example, select Contributor.

  6. 选择要分配到该角色的用户或组。Select the user or group to assign to the role. 如果在列表中没有看到要查找的用户或组,请使用搜索框。If you don't see the user or group you're looking for in the list, use the search box. 可用组列表取决于已在 Active Directory 中创建的组。Your list of available groups depends on the groups you've created in Active Directory.

  7. 完成添加用户或组后,请选择“保存” 。When you've finished adding users or groups, select Save.

后续步骤Next steps