简体中文版经机器翻译而成,仅供参考。如与英语版出现任何冲突,应以英语版为准。

Azure 中连接器的所需权限

Cloud Manager 需要在云提供商中执行操作的权限。中包括这些权限 "NetApp 提供的策略"。您可能希望了解 Cloud Manager 使用这些权限执行的操作。

Cloud Manager Azure 策略包括 Cloud Manager 在 Azure 中部署和管理 Cloud Volumes ONTAP 所需的权限。

操作 目的

Microsoft.Compute/locations/operations/read" , Microsoft.Compute/locations/vmSizes/read" , Microsoft.Compute/operations/read" , Microsoft.Compute/virtualMachines/instanceView/read" , Microsoft.Compute/virtualMachines/powerOff/action" , Microsoft.Compute/virtualMachines/read" , Microsoft.Compute/virtualMachines/restart/action" , Microsoft.Compute/virtualMachines/start/action" , Microsoft.Compute/virtualMachines/deallocate/action" , Microsoft.Compute/virtualMachines/vmSizes/read" , " Microsoft.Compute/virtualMachines/write" ,

创建 Cloud Volumes ONTAP 并停止、启动、删除和获取系统状态。

"Microsoft.compute/images/write" 、 "Microsoft.compute/images/read" 、

支持从 VHD 部署 Cloud Volumes ONTAP 。

Microsoft.Compute/disks/delete" , Microsoft.Compute/disks/read" , Microsoft.Compute/disks/write" , "microsoft.Storage/SchecknameAvailability /Read" , "microsoft.Storage/operations/Read" , "microsoft.Storage/storageAccounts" , "microsoft.Storage/storageAccouns/Read" , "microsoft.Storage/storageAccounts" , "microsoft.Storage/storageAccounts" , "microsoft.Storage/storageAccounts" , "microsoft.Storage/storageAccounts" , "microsoft.Storage/Acces/ Read" ,

管理 Azure 存储帐户和磁盘、并将磁盘连接到 Cloud Volumes ONTAP 。

"microsoft.Storage/storageAccounts/blobServices/contains/read" , "microsoft.KeyVault/vauls/read" , "microsoft.KeyVault/vauls/accessPolicies/write"

可备份到 Azure Blob 存储并对存储帐户进行加密

"microsoft.network/networkinterfaces/read" 、 "microsoft.network/networkinterfaces/write" 、 "microsoft.network/networkinterfaces/join/action" 、

在目标子网中为 Cloud Volumes ONTAP 创建和管理网络接口。

"microsoft.network/networksecuritygroups/read" 、 "microsoft.network/networksecuritygroups/write" 、 "microsoft.network/networksecuritygroups/join/action" 、

为 Cloud Volumes ONTAP 创建预定义的网络安全组。

"microsoft.resources/subscriptions/locations/read" , Microsoft.Network/locations/operationResults/read" , Microsoft.Network/locations/operations/read" , Microsoft.Network/virtualNetworks/read" , Microsoft.Network/virtualNetworks/checkIpAddressAvailability/read" , Microsoft.Network/virtualNetworks/subnets/read" , Microsoft.Network/virtualNetworks/subnets/virtualMachines/read" , Microsoft.Network/virtualNetworks/virtualMachines/read" , Microsoft.Network/virtualNetworks/subnets/join/action" ,

获取有关区域、目标 VNet 和子网的网络信息、并将 Cloud Volumes ONTAP 添加到 VNETS 。

Microsoft.Network/virtualNetworks/subnets/write" , Microsoft.Network/routeTables/join/action" ,

启用 VNet 服务端点以进行数据分层。

"Microsoft.Resources/deployments/operations/read" 、 "Microsoft.Resources/deployments/read" 、 "Microsoft.Resources/deployments/write" 、

从模板部署 Cloud Volumes ONTAP 。

"microsoft.resources/deployments/operations/read" , "microsoft.resources/deployments/read" , "microsoft.resources/deployments/write" , "microsoft.resources/resources/read" , "microsoft.resources/subscriptions/operationresults/read" , "microsoft.resources/subscriptions/resourcegroups/delete" , "microsoft.resources/subscriptions/resourcegroups/read" , "microsoft.resources/subscriptions/resourcegroups/write" ,

为 Cloud Volumes ONTAP 创建和管理资源组。

Microsoft.Compute/snapshots/write" , Microsoft.Compute/snapshots/read" , Microsoft.Compute/snapshots/delete" , Microsoft.Compute/disks/beginGetAccess/action" ,

创建和管理 Azure 管理的快照。

"microsoft.compute/availabilitysets/write" 、 "microsoft.compute/availabilitysets/read" 、

创建和管理 Cloud Volumes ONTAP 的可用性集。

"Microsoft.Marketplac订购 / 服务类型 / 发布者 / 服务 / 计划 / 协议 / 读取 " 、 "Microsoft.Marketplac订购 / 服务类型 / 发布者 / 服务 / 计划 / 协议 / 写入 "

支持从 Azure Marketplace 进行编程部署。

Microsoft.Network/loadBalancers/read" , Microsoft.Network/loadBalancers/write" , Microsoft.Network/loadBalancers/delete" , Microsoft.Network/loadBalancers/backendAddressPools/read" , Microsoft.Network/loadBalancers/backendAddressPools/join/action" , Microsoft.Network/loadBalancers/frontendIPConfigurations/read" , Microsoft.Network/loadBalancers/loadBalancingRules/read" , Microsoft.Network/loadBalancers/probes/read" , Microsoft.Network/loadBalancers/probes/join/action" ,

管理 HA 对的 Azure 负载平衡器。

"Microsoft.Authorization/Locks/*"

支持管理 Azure 磁盘上的锁定。

"microsoft.Authorization/roleDefinitions/write" , "microsoft.Authorization/roleAssignments/write" , "microsoft.Web/sites/*"

管理 HA 对的故障转移。

Microsoft.Network/privateEndpoints/write" , "microsoft.Storage/storageAccounts/PrivateEndpointConnectionsApproval/Actions" , "microsoft.Storage/storageAccounts/privateEndpointConnections/Read" , Microsoft.Network/privateEndpoints/read" , Microsoft.Network/privateDnsZones/write" , Microsoft.Network/privateDnsZones/virtualNetworkLinks/write" , Microsoft.Network/virtualNetworks/join/action" , Microsoft.Network/privateDnsZones/A/write" , Microsoft.Network/privateDnsZones/read" , Microsoft.Network/privateDnsZones/virtualNetworkLinks/read" ,

用于管理私有端点。如果未向子网外部提供连接,则会使用私有端点。Cloud Manager 会为 HA 创建存储帐户,但子网中只有内部连接。

" Microsoft.NetApp/netAppAccounts/capacityPools/volumes/delete" ,

允许 Cloud Manager 删除 Azure NetApp Files 的卷。

"microsoft.resources/deployments/operationStatuss/Read"

Azure 在某些虚拟机部署中需要此权限(取决于部署期间使用的底层物理硬件)。

"microsoft.resources/deployments/operationStatuss/Read" , "microsoft.Insights / Metrics /Read" , Microsoft.Compute/virtualMachines/extensions/write" , Microsoft.Compute/virtualMachines/extensions/read" , Microsoft.Compute/virtualMachines/extensions/delete" , Microsoft.Compute/virtualMachines/delete" , Microsoft.Network/networkInterfaces/delete" , Microsoft.Network/networkSecurityGroups/delete" , "Microsoft 。 resources/deployments/delete" ,

用于使用全局文件缓存。

Microsoft.Network/privateEndpoints/delete" , Microsoft.Compute/availabilitySets/delete" ,

允许 Cloud Manager 在部署失败或删除时从属于 Cloud Volumes ONTAP 的资源组中删除资源。

Microsoft.Compute/diskEncryptionSets/read" Microsoft.Compute/diskEncryptionSets/write" , Microsoft.Compute/diskEncryptionSets/delete" "microsoft.KeyVault/vauls/deploy/action" , "microsoft.KeyVault/vauls/read" , "microsoft.KeyVault/vauls/accessPolicies/write" ,

支持将客户管理的加密密钥与 Cloud Volumes ONTAP 结合使用。使用 API 支持此功能。

"microsoft.resources/tags /read" , "microsoft.resources/tags /write" , "microsoft.resources/tags /delete"

用于使用 Cloud Manager 标记服务管理 Azure 资源上的标记。

Microsoft.Network/applicationSecurityGroups/write" , Microsoft.Network/applicationSecurityGroups/read" , Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/action" , Microsoft.Network/networkSecurityGroups/securityRules/write" , Microsoft.Network/applicationSecurityGroups/delete" , " Microsoft.Network/networkSecurityGroups/securityRules/delete"

通过 Cloud Manager 可以为 HA 对配置应用程序安全组,从而隔离 HA 互连和集群网络 NIC 。