我想提供对应用程序服务的应用程序设置的“只读”访问权限。 具体来说,应用程序服务的应用程序设置,我指的是当您在门户中打开应用程序服务并从菜单中选择配置 > 应用程序设置时出现的 4 个选项卡: [![在此处输入图像描述][1]][1]
我的理解是内置的读者角色不提供对这些内容的访问权限,而内置的贡献者角色则提供对这些内容的写访问权限。 内置的贡献者角色似乎是一种严厉的方法。
我本以为它会是这样的:
{
"id": "/subscriptions/xxxxx/providers/Microsoft.Authorization/roleDefinitions/xxxx",
"properties": {
"roleName": "Example Custom Reader",
"description": "Build in Azure Reader role+ ability to read app service config",
"assignableScopes": [
"/subscriptions/bcd6dbed-c3ec-4951-bdbe-9aa6550a54dc"
],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Web/sites/config/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}```
[1]: https://i.sstatic.net/3LmBR.png
microsoft.web/sites/config/web/appsettings/read用于单个 Web 应用程序,以及
microsoft.web/sites/config/appsettings/read{
"properties": {
"roleName": "App/Function Configuration Data Reader",
"description": "Allows read access to App/Function Configuration data.",
"assignableScopes": [
"/subscriptions/************"
],
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Web/sites/config/list/Action"
],
"notDataActions": []
}
]
}
}