Resolve the problem that Contributor role cannot add Endpoint 02/24 Update SLTechnology News&Howtos

Resolve the problem that Contributor role cannot add Endpoint

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Recently, according to the requirements of the boss, I combed the permissions of the company's Azure account, created a separate resource group for each person, and then granted contributor permissions, which is a very standard practice. Contributor, this role, theoretically, according to Microsoft, except that permissions cannot be assigned, the operations that can actually be done are basically similar to owner, but it turns out that there are still some differences.

After assigning contributor role to users, create a virtual network, and then when you try to add endpoint to the virtual network, you will find that there is a problem. As for what endpoint is, you can read the previous blog.

Azure Endpoint parsing

Https://blog.51cto.com/mxyit/2347623

When you try to create an endpoint, the discovery prompts the following message, that is, there are not enough permissions

Generally speaking, it is enough to add permissions to this kind of problem, but what permissions should be added? More may have other effects, but less will certainly not solve the problem. In fact, this can be solved by customizing Role in RBAC. The method is very simple. First, try to get the definition of contributor, the role.

In fact, the tasks that can be performed for each role are written in the attribute actions. For example, if the task that can be performed by contributor is *, the representative can perform it. Of course, there is also the attribute notactions to blacklist to restrict some operations that are not allowed.

After that, we can see what kind of actions we need to add if we need to add endpoint. We can query it through PowerShell Get-AzureRmProviderOperation. Those related to the network can try to find it, and we can find out that a lot of information can be queried.

You can further filter the endpoint keyword and find the result directly.

Clear the other action, and then add this operation for Role

Assign values to some basic information

Define the scope of Role

Create Role

Give the role assign to the user, then log in again and try again to find that you can add endpoint normally!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.