我正在尝试为单个资源中的用户/组创建多个RBAC角色。我能够向资源中添加单个组或一个用户,但无法提供多个用户(一个拥有所有者权限,另一个拥有组/具有贡献者权限的用户)在同一资源上。我知道“名称”应该不同,但是当我提供其他名称时,它说“无法找到资源。
我已将主体ID和角色组声明为数组。我正在尝试创建Azure分析服务。下面是代码。我通过运行以下代码遇到的错误是“部署模板验证失败:'资源Microsoft.AnalysisServices / servers / aascmigqa / providers / Microsoft.Authorization / roleAssignments / 40ba7757-1e75-5eb7-b6ca-ea5a9ca77ce3'模板中多次定义了行“ 1”和列“ 2237”。有关用法的详细信息,请参见https://aka.ms/arm-template/#resources。”。
{
"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion":"1.0.0.0",
"parameters":{
"environment":{
"type":"string",
"defaultValue":"qa",
"metadata":{
"description":"Environment name."
}
},
"subscriptionId":{
"type":"string",
"defaultValue":"xxx"
},
"location":{
"type":"string",
"defaultValue":"east us",
"metadata":{
"description":"Location of the Analysis Services."
}
},
"skuName":{
"type":"string",
"defaultValue":"S0",
"metadata":{
"description":"SKU name of the service."
}
},
"tier":{
"type":"string",
"defaultValue":"Basic",
"metadata":{
"description":"Tier name of the service"
}
},
"capacity":{
"type":"int",
"defaultValue":1,
"metadata":{
"description":"Capacity of the service"
}
},
"aasAdministrators":{
"type":"object",
"defaultValue":{
}
},
"aasTags":{
"defaultValue":{
},
"type":"Object"
},
"principalId":{
"type":"array",
"metadata":{
"description":"The principal to assign the role to"
}
},
"count": {
"type": "int",
"defaultValue": 2,
"metadata": {
"description": "Size of array"
}
},
"builtInRoleType":{
"type":"array",
"allowedValues":[
"Owner",
"Contributor",
"Reader"
],
"metadata":{
"description":"Built-in role to assign"
}
}
},
"variables":{
"server_name":"[concat('aascmig', parameters('environment'))]",
"Owner": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"Contributor": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"Reader": "[concat('/subscriptions/', parameters('subscriptionId'), '/providers/Microsoft.Authorization/roleDefinitions/', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]"
},
"resources":[
{
"type":"Microsoft.AnalysisServices/servers",
"apiVersion":"2017-08-01",
"name":"[variables('server_name')]",
"location":"[parameters('location')]",
"tags":"[parameters('aasTags')]",
"sku":{
"name":"[parameters('skuName')]",
"tier":"[parameters('tier')]",
"capacity":"[parameters('capacity')]"
},
"properties":{
"managedMode":1,
"asAdministrators":"[parameters('aasAdministrators')]",
"querypoolConnectionMode":"All",
"serverMonitorMode":1
}
},
{
"type": "Microsoft.AnalysisServices/servers/providers/roleAssignments",
"apiVersion": "2018-09-01-preview",
"name": "[concat(variables('server_name'), '/Microsoft.Authorization/', guid(uniqueString(variables('server_name'))))]",
"copy": {
"name": "anyname",
"count":"[length(parameters('principalId'))]"
},
"dependsOn": [
"[variables('server_name')]"
],
"properties": {
"roleDefinitionId": "[variables(parameters('builtInRoleType'))[copyIndex()]]",
"principalId": "[parameters('principalId')[copyIndex()]]"
}
}
}
这是语法错误还是不可能的错误。
预先感谢!
答案 0 :(得分:0)
您需要为每个作业生成唯一的名称\ guid,您可以执行以下操作:
guid(uniqueString(variables('server_name'), copyIndex()))
这将确保每种资源都有自己的向导。