是否可以设置Azure RBAC自定义规则,以便角色只能重新提交较早的Logic App Run BUT,而不能通过Designer修改工作流,或者否则?
答案 0 :(得分:0)
我不太擅长逻辑应用程序,但是您可以通过以下方法获取可能的rbac规则列表:
Get-AzProviderOperation -OperationSearchString 'microsoft.logic/*' | Select-Object -ExpandProperty operation | Sort-Object
我想,如果您仅授予Microsoft.Logic/workflows/runs/*的权限,则不允许该人对其进行修改,因为(很可能)需要Microsoft.Logic/workflows/write。您还需要授予读取权限。
Microsoft.Logic/workflows/run/action
Microsoft.Logic/workflows/runs/actions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/read
Microsoft.Logic/workflows/runs/actions/repetitions/listExpressionTraces/action
Microsoft.Logic/workflows/runs/actions/repetitions/read
Microsoft.Logic/workflows/runs/actions/repetitions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/requestHistories/read
Microsoft.Logic/workflows/runs/actions/scoperepetitions/read
Microsoft.Logic/workflows/runs/cancel/action
Microsoft.Logic/workflows/runs/delete
Microsoft.Logic/workflows/runs/operations/read
Microsoft.Logic/workflows/runs/read