快速入门:查看用户对 Azure 资源的访问权限Quickstart: View the access a user has to Azure resources

可以使用基于角色的访问控制 (RBAC) 中的“访问控制(IAM)”边栏选项卡来查看用户或其他安全主体对 Azure 资源的访问权限。You can use the Access control (IAM) blade in role-based access control (RBAC) to view the access a user or another security principal has to Azure resources. 但是,有时你只需要快速查看单个用户或其他安全主体的访问权限。However, sometimes you just need to quickly view the access for a single user or another security principal. 执行此操作的最简单方法是使用 Azure 门户中的检查访问权限功能。The easiest way to do this is to use the Check access feature in the Azure portal.

查看角色分配View role assignments

你查看用户访问权限的方式是列出其角色分配。The way that you view the access for a user is to list their roles assignments. 按照以下步骤查看订阅范围内单个用户、组或服务主体的角色分配。Follow these steps to view the role assignments for a single user, group or service principal at the subscription scope.

  1. 在 Azure 门户中,依次单击“所有服务”、“订阅”。In the Azure portal, click All services and then Subscriptions.

  2. 单击你的订阅。Click your subscription.

  3. 单击“访问控制(IAM)”。Click Access control (IAM).

  4. 单击“检查访问权限”选项卡。Click the Check access tab.

    “访问控制”-“检查访问权限”选项卡

  5. 在“查找”列表中,选择要检查访问权限的安全主体类型。In the Find list, select the type of security principal you want to check access for.

  6. 在搜索框中,输入字符串以在目录中搜索显示名称、电子邮件地址或对象标识符。In the search box, enter a string to search the directory for display names, email addresses, or object identifiers.

    “检查访问权限”选择列表

  7. 单击安全主体以打开“分配”窗格。Click the security principal to open the assignments pane.

    分配窗格

    在此窗格中,可以看到分配给所选安全主体和范围的角色。On this pane, you can see the roles assigned to the selected security principal and the scope. 如果此范围内有任何拒绝分配或继承到此范围的角色,则会将其列出。If there are any deny assignments at this scope or inherited to this scope, they will be listed.

后续步骤Next steps