我想授予 AppService 对 Bing 资源的访问权限 (
Microsoft.Bing/accounts@2020-06-10
)。
我应该在 Bing 的 IAM (Microsoft.Authorization/roleDefinitions
) 中设置哪个角色 (Microsoft.Authorization/roleAssignments
)?
详细来说,我需要了解以下内容
xxx
。
var role = subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'xxx-xxx-xxx-xxx-xxx'
)
resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(bingSearch.id, webApp.name, role)
scope: bingSearch
properties: {
principalId: webApp.identity.principalId
principalType: 'ServicePrincipal'
roleDefinitionId: role
}
}
使用二头肌的 Bing 搜索服务的角色定义
随着Github Bing 搜索的跟进,我们需要使用MSDoc,这有助于实现您在需求中提到的要求。
分配角色所需的角色是 用户访问管理员,这有助于向 webapp 提供角色,我们需要 搜索服务贡献者 或 贡献者 基于我们需要通过搜索服务通过网络应用程序获得的权限。
二头肌文件:
param location string = resourceGroup().location
param appServicePlanName string = 'vkkAppServicePlan'
param webAppName string = 'vkkWebApp'
param bingSearchName string = 'vkkbingsearch'
resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' = {
name: appServicePlanName
location: location
sku: {
name: 'B1'
capacity: 1
}
properties: {
reserved: false
}
}
resource webApp 'Microsoft.Web/sites@2021-02-01' = {
name: webAppName
location: location
identity: {
type: 'SystemAssigned'
}
properties: {
serverFarmId: appServicePlan.id
}
kind: 'app'
}
resource bingSearch 'Microsoft.Search/searchServices@2024-03-01-preview' = {
name: bingSearchName
location: location
sku: {
name: 'standard'
}
identity: {
type: 'SystemAssigned'
}
properties: {
hostingMode: 'default'
partitionCount: 1
replicaCount: 1
publicNetworkAccess: 'Enabled'
authOptions: {
aadOrApiKey: {
aadAuthFailureMode: 'http401WithBearerChallenge'
}
}
disabledDataExfiltrationOptions: ['All']
encryptionWithCmk: {
enforcement: 'Unspecified'
}
}
}
var roleDefinitionId = subscriptionResourceId(
'Microsoft.Authorization/roleDefinitions',
'role_ID'
)
resource searchServiceIndexAppPermissions 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
name: guid(bingSearch.id, webApp.name, roleDefinitionId)
scope: bingSearch
properties: {
principalId: webApp.identity.principalId
principalType: 'ServicePrincipal'
roleDefinitionId: roleDefinitionId
}
}
部署成功: