Azure 托管应用程序中的自定义角色定义项目Custom role definition artifact in Azure Managed Applications

自定义角色定义是托管应用程序中的可选项目。Custom role definition is an optional artifact in managed applications. 它用于确定托管应用程序执行其功能所需的权限。It's used to determine what permissions the managed application needs to perform its functions.

本文概述了自定义角色定义项目及其功能。This article provides an overview of the custom role definition artifact and its capabilities.

自定义角色定义项目Custom role definition artifact

需要将自定义角色定义项目命名为 customRoleDefinition.json。You need to name the custom role definition artifact customRoleDefinition.json. 请将其放置在特定级别中,该级别与创建托管应用程序定义的 .zip 包中的 createUiDefinition.json 和 mainTemplate.json 属于同一级别。Place it at the same level as createUiDefinition.json and mainTemplate.json in the .zip package that creates a managed application definition. 若要了解如何创建 .zip 包并发布托管应用程序定义,请参阅发布托管应用程序定义。To learn how to create the .zip package and publish a managed application definition, see Publish a managed application definition.

自定义角色定义架构Custom role definition schema

customRoleDefinition.json 文件有一个顶级 roles 属性,该属性是角色的数组。The customRoleDefinition.json file has a top-level roles property that's an array of roles. 这些角色是托管应用程序正常运行所需的权限。These roles are the permissions that the managed application needs to function. 目前只允许使用内置角色,但你可以指定多个角色。Currently, only built-in roles are allowed, but you can specify multiple roles. 角色定义 ID 或角色名称可以引用角色。A role can be referenced by the ID of the role definition or by the role name.

自定义角色定义的示例 JSON:Sample JSON for custom role definition:

{
    "contentVersion": "0.0.0.1",
    "roles": [
        {
            "properties": {
                "roleName": "Contributor"
            }
        },
        {
            "id": "acdd72a7-3385-48ef-bd42-f606fba81ae7"
        },
        {
            "id": "/providers/Microsoft.Authorization/roledefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"
        }
    ]
}

角色Roles

角色由 $.properties.roleNameid 组成:A role is composed of either a $.properties.roleName or an id:

{
    "id": null,
    "properties": {
        "roleName": "Contributor"
    }
}

备注

可以使用 idroleName 字段。You can use either the id or roleName field. 只需要一个。Only one is required. 这些字段用于查找应该应用的角色定义。These fields are used to look up the role definition that should be applied. 如果同时提供两者,则会使用 id 字段。If both are supplied, the id field will be used.

propertiesProperty 必需?Required? 说明Description
idid Yes 内置角色的 ID。The ID of the built-in role. 可以使用完整 ID 或只使用 GUID。You can use the full ID or just the GUID.
roleNameroleName Yes 内置角色的名称。The name of the built-in role.