问题描述
我已经继承了一个Azure项目,并且正在努力访问其中的某些信息.我需要进入多个密钥库,但是我没有访问权限,而且我不明白为什么我是项目所有者.我以具有确定"个人资料图片的用户身份登录.
I have inherited a Azure project and is struggling with accessing some of the information in it. There are multiple keyvault which I need to get into, but I dont have access, and I dont understand why as I am the project owner. I am signed in as the user with the OK profile picture.
如果我转到密钥"或机密",则会出现以下错误:在此密钥库的访问策略中未启用列表"操作.
If I go to Keys or secrets I get the following error:The operation "List" is not enabled in this key vault's access policy.
网络访问权限设置为所有网络"
Network access is set to "All networks"
因此,我进入访问策略以授予自己访问权限.在那里,我单击添加新"按钮.这使我进入可以设置权限和添加主体的屏幕.当我搜索我的用户时,找不到它.搜索已经在访问控制列表中的用户也不会返回任何内容.
So I go to access policies to give myself access.There I click the "Add new" Button.This brings me to the screen where I can set up permissions and add a principal. When I search for my user there I can not find it. Searching for users which already are in the access control list also returns nothing.
搜索中..."状态永远不会消失,但是过一会儿,我的确在电子邮件周围出现了一条红线.
The "searching..." status never disappears, but I do get a red line around the email after a while.
如何使用门户访问密钥库?
How do I get access to a keyvault using the portal?
推荐答案
您的密钥保险库似乎已从另一个Azure AD租户移动(带有订阅),并保持与该租户的绑定.因此,您可能希望将其与此MS文章中所述的新租户相关联:在订阅移动后更改密钥库租户ID .
It looks like your key vault was moved (with the subscription) from another Azure AD tenant and kept its binding to said tenant. So you might want to associate it with the new tenant as described in this MS article: Change a key vault tenant ID after a subscription move.
$subscriptionId = <Your subscription ID>
$keyVaultName = <Key Vault name>
Select-AzSubscription -SubscriptionId $subscriptionId
$vaultResourceId = (Get-AzKeyVault -VaultName $keyVaultName).ResourceId
$vault = Get-AzResource –ResourceId $vaultResourceId -ExpandProperties
$vault.Properties.TenantId = (Get-AzContext).Tenant.TenantId
$vault.Properties.AccessPolicies = @()
Set-AzResource -ResourceId $vaultResourceId -Properties $vault.Properties
注意:此操作后,旧Azure AD租户中的安全主体(用户和应用程序)将失去对密钥库的访问权限.因此,如果有机会在您的订阅中部署了一个应用程序,该应用程序使用了在旧租户中注册的应用程序ID(和机密),则您需要在Azure AD中进行新的应用程序注册,并为其授予对密钥的权限保管库并使用新凭据重新部署应用程序.
Note: security principals (users and applications) in the old Azure AD tenant will lose their access to the key vault after this operation. So if by any chance, there is an application deployed in your subscription, which uses application ID (and secret) registered in the old tenant, you'll need to make a new app registration in your Azure AD, give it permissions to the key vault and redeploy the app with the new credentials.
这篇关于无法使用Azure门户访问Key-Vault的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!