Question

我是天蓝色的初学者，我正在尝试编写一个python脚本，以json格式列出服务主体的“附加策略”（请参见对哪些资源进行了授权和应用程序权限的哪些操作）（我有其ID）

我查看了AuthorizationManagementClient的文档，并尝试了

auth_management_client = AuthorizationManagementClient(
            credentials=credentials, subscription_id=subscription_id
        )
role_assignments_objects=auth_management_client.role_assignments.list()
for role_assignment in role_assignments_objects:
    print(role_assignment.description)

但是我得到'RoleAssignment' object has no attribute 'description' 而且我不知道如何使用此 role assignment 对象

使用 id，名称，类型的属性对我没有帮助，因为我需要实际的权限

在此感谢一些指导，谢谢！

Answer 1

AuthorizationManagementClient用于管理Azure RBAC角色分配。有关更多详细信息，请参阅here。如果您想知道分配给主体的角色和角色的权限，请参考以下代码

auth_management_client = AuthorizationManagementClient(
            credentials=credentials, subscription_id=subscription_id
        )
role_assignments_objects=auth_management_client.role_assignments.list()
for role_assignment in role_assignments_objects:
    print(f'the principal type : {role_assignment.principal_type}')
    print(f'The  principal Object ID : {role_assignment.principal_id}')
    result = auth_management_client.role_definitions.get_by_id(role_assignment.role_definition_id, raw=True)
    role = result.response.json()
    print('the role assigned to principal : {}'.format(role['properties']['roleName']))
    print('the role permissions : {}'.format(role['properties']['permissions']))
    break

Azure python SDK-列出服务主体权限

1 个答案: