【发布时间】:2020-10-27 06:53:10
【问题描述】:
我正在尝试使用以下模板将角色分配给“Cosmos Db 帐户”。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"principalId": {
"type": "string",
"defaultValue": "gb9e32f1-678f-4552-ae0a-0000f765aaaa",
"metadata": {
"description": ""
}
},
"CosmosDbAccountName": {
"type": "string",
"defaultValue": "cosmosdbaccount",
"metadata": {
"description": "Cosmos Db Account name"
}
},
"RoleType": {
"defaultValue" : "Contributor",
"type": "string",
"metadata": {
"description": "Built-in role to assign"
},
"allowedValues" : [
"Contributor"
]
}
},
"variables": {
"Scope": "[concat(parameters('CosmosDbAccountName'),'/Microsoft.Authorization/',guid(subscription().subscriptionId))]"
},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/roleAssignments",
"name": "[variables('Scope')]",
"apiVersion":"2020-04-01-preview",
"properties": {
"RoleDefinitionId":"/subscriptions/[subscription().subscriptionId]/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalId": "[parameters('principalId')]"
}
}
]
}
我目前遇到错误
{"code":"DeploymentFailed","message":"至少一项资源部署操作失败。请列出部署操作以了解详细信息。请参阅https://aka.ms/DeployOperations了解使用详情。","details":[{" code":"BadRequest","message":"{\r\n "error": {\r\n "code": "RoleAssignmentUpdateNotPermitted",\r\n "message": "Tenant ID, application ID, principal不允许更新 ID 和范围。"\r\n }\r\n}"}]}
【问题讨论】:
-
我认为存在与您尝试通过此模板创建的同名角色分配,它最终给出了“RoleAssignmentUpdateNotPermitted”错误。
标签: azure azure-cosmosdb roles arm-template