本文介绍如何为 MySQL 设置自定义角色,以使用 DMS 进行 Azure Database for MySQL 迁移。
该角色无权创建新的数据库迁移服务,也没有创建数据库迁移项目的权限。 这意味着,分配给自定义角色的用户需要在分配的资源组下创建一个数据库迁移服务和迁移项目。 然后,该用户将能够创建和运行迁移项目下的迁移活动。
{
"properties": {
"roleName": "DmsCustomRoleDemoforMySQL",
"description": "",
"assignableScopes": [
"/subscriptions/<DMSSubscription>/resourceGroups/<dmsServiceRG>"
],
"permissions": [
{
"actions": [
"Microsoft.DataMigration/locations/operationResults/read",
"Microsoft.DataMigration/locations/operationStatuses/read",
"Microsoft.DataMigration/services/read",
"Microsoft.DataMigration/services/stop/action",
"Microsoft.DataMigration/services/start/action",
"Microsoft.DataMigration/services/checkStatus/*",
"Microsoft.DataMigration/services/configureWorker/action",
"Microsoft.DataMigration/services/addWorker/action",
"Microsoft.DataMigration/services/removeWorker/action",
"Microsoft.DataMigration/services/updateAgentConfig/action",
"Microsoft.DataMigration/services/slots/read",
"Microsoft.DataMigration/services/projects/*",
"Microsoft.DataMigration/services/serviceTasks/read",
"Microsoft.DataMigration/services/serviceTasks/write",
"Microsoft.DataMigration/services/serviceTasks/delete",
"Microsoft.DataMigration/services/serviceTasks/cancel/action",
"Microsoft.DBforMySQL/flexibleServers/read",
"Microsoft.DBforMySQL/flexibleServers/databases/read",
"Microsoft.DBforMySQL/servers/read",
"Microsoft.DBforMySQL/servers/databases/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.DataMigration/skus/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
你可以使用 Azure 门户、AZ PowerShell、Azure CLI 或 Azure REST API 来创建角色。
有关详细信息,请参阅文章使用 Azure 门户创建自定义角色和 Azure 自定义角色。
角色分配
若要将角色分配给用户,请打开 Azure 门户并执行以下步骤:
导航到资源,转到“访问控制”,然后滚动查找创建的自定义角色。
选择相应的角色,选择用户,然后保存更改。
该用户随即会显示在“角色分配”选项卡上。