使用基于角色的访问控制设置访问权限Set access permissions using role-based access control

Azure Stack Hub 中的用户可以是订阅、资源组或服务的每个实例的读者、所有者或参与者。A user in Azure Stack Hub can be a reader, owner, or contributor for each instance of a subscription, resource group, or service. 例如,用户 A 可能对订阅 1 具有读者权限,但对虚拟机 7 则具有所有者权限。For example, User A might have reader permissions to Subscription One, but have owner permissions to Virtual Machine Seven.

  • 读者:用户可以查看所有内容,但不能进行任何更改。Reader: User can view everything, but can't make any changes.
  • 参与者:用户可管理除对资源的访问权限以外的所有内容。Contributor: User can manage everything except access to resources.
  • 所有者:用户可管理所有内容,包括对资源的访问权限。Owner: User can manage everything, including access to resources.
  • 自定义:用户对资源具有受限的特定访问权限。Custom: User has limited, specific access to resources.

有关创建自定义角色的详细信息,请参阅 Azure 资源的自定义角色For more information about creating a custom role, see Custom roles for Azure resources.

设置用户的访问权限Set access permissions for a user

  1. 使用对要管理的资源具有所有者权限的帐户登录。Sign in with an account that has owner permissions to the resource you want to manage.
  2. 在资源的边栏选项卡中,单击“访问”图标 “访问”图标是两个人的头和肩膀的轮廓。In the blade for the resource, click the Access icon The access icon is an outline of the head and shoulders of two people..
  3. 在“用户”**** 边栏选项卡中,单击“角色”****。In the Users blade, click Roles.
  4. 在“角色”**** 边栏选项卡中,单击“添加”**** 即可添加用户的权限。In the Roles blade, click Add to add permissions for the user.

设置通用组的访问权限Set access permissions for a universal group

备注

仅适用于 Active Directory 联合身份验证服务 (AD FS)。Applicable only to Active Directory Federated Services (AD FS).

  1. 使用对要管理的资源具有所有者权限的帐户登录。Sign in with an account that has owner permissions to the resource you want to manage.
  2. 在资源的边栏选项卡中,单击“访问”图标 “访问”图标是两个人的头和肩膀的轮廓。In the blade for the resource, click the Access icon The access icon is an outline of the head and shoulders of two people..
  3. 在“用户”**** 边栏选项卡中,单击“角色”****。In the Users blade, click Roles.
  4. 在“角色”**** 边栏选项卡中,单击“添加”**** 即可添加通用组 Active Directory 组的权限。In the Roles blade, click Add to add permissions for the Universal Group Active Directory Group.

后续步骤Next steps

添加 Azure Stack Hub 租户Add an Azure Stack Hub tenant