使用基于角色的访问控制设置访问权限Set access permissions using role-based access control

适用于:Azure Stack 集成系统和 Azure Stack 开发工具包Applies to: Azure Stack integrated systems and Azure Stack Development Kit

Azure Stack 中的用户可以是订阅、资源组或服务的每个实例的读者、所有者或参与者。A user in Azure Stack can be a reader, owner, or contributor for each instance of a subscription, resource group, or service. 例如,用户 A 可能对订阅 1 具有读者权限,但对虚拟机 7 则具有所有者权限。For example, User A might have reader permissions to Subscription One, but have owner permissions to Virtual Machine Seven.

  • 读者:用户可以查看所有内容,但不能进行任何更改。Reader: User can view everything, but can't make any changes.
  • 参与者:用户可以管理所有内容(对资源的访问权限除外)。Contributor: User can manage everything except access to resources.
  • 所有者:用户可以管理所有内容,包括对资源的访问权限。Owner: User can manage everything, including access to resources.

设置用户的访问权限Set access permissions for a user

  1. 使用对要管理的资源具有所有者权限的帐户登录。Sign in with an account that has owner permissions to the resource you want to manage.
  2. 在“资源”边栏选项卡中,单击“访问” 图标 In the blade for the resource, click the Access icon .
  3. 在“用户” 边栏选项卡中,单击“角色” 。In the Users blade, click Roles.
  4. 在“角色” 边栏选项卡中,单击“添加” 即可添加用户的权限。In the Roles blade, click Add to add permissions for the user.

设置通用组的访问权限Set access permissions for a universal group

Note

仅适用于 Active Directory 联合身份验证服务 (AD FS)。Applicable only to Active Directory Federated Services (AD FS).

  1. 使用对要管理的资源具有所有者权限的帐户登录。Sign in with an account that has owner permissions to the resource you want to manage.
  2. 在“资源”边栏选项卡中,单击“访问” 图标 In the blade for the resource, click the Access icon .
  3. 在“用户” 边栏选项卡中,单击“角色” 。In the Users blade, click Roles.
  4. 在“角色” 边栏选项卡中,单击“添加” 即可添加通用组 Active Directory 组的权限。In the Roles blade, click Add to add permissions for the Universal Group Active Directory Group.

后续步骤Next steps

添加 Azure Stack 租户Add an Azure Stack tenant