我有一个简单的脚本,应该部署 ARM 模板:
credentials = ClientSecretCredential(
client_id="<client-id>",
client_secret="<client-secret>",
tenant_id="<tenant-id>"
)
template = requests.get("<template-url>").json()
deployment_properties = {
'mode': DeploymentMode.incremental,
'template': template
}
deployment = Deployment(location="eastus", properties=deployment_properties)
client = ResourceManagementClient(credentials, subscription_id="<subscription-id>")
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
deployment_async_operation.wait()
当我尝试运行它时,出现此错误:
Exception Details: (InsufficientPrivilegesForManagedServiceResource) The requested user doesn't have sufficient privileges to perform the operation.
Code: InsufficientPrivilegesForManagedServiceResource
Message: The requested user doesn't have sufficient privileges to perform the operation.
我创建的应用程序注册确实具有 user_impersonation 权限,这应该可以解决问题。
我在这里缺少一些权限吗?
感谢您的帮助!
最佳答案
如果您没有执行部署所需的权限,通常会出现错误“部署 ARM 模板的权限不足”。
deployment_async_operation = client.deployments.begin_create_or_update_at_subscription_scope("test_deployment", deployment)
根据上面的代码行,我假设您在订阅级别部署 ARM 模板。 请检查您是否拥有订阅级别范围的权限。
要在订阅级别执行任何操作,您的订阅需要全局管理员角色或所有者角色 .
- 要了解如何为订阅分配角色,请参阅此 MsDoc .
如果问题仍然存在,请检查以下选项是否启用。如果禁用,请按如下方式启用它:
转到 Azure 门户 -> Azure Active Directory -> 属性 -> Azure 资源的访问管理
请参阅以下链接了解更多信息:
User doesn't have permission to create deployment ARM template in Azure - Microsoft Q&A
关于python - 使用Python SDK部署ARM模板权限不足,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72435820/