问题描述
我想列出租户中所有密钥保险库中的所有访问策略,但无法找到方法。我通常使用PowerShell Az获取这些审计列表等,但这次我没有找到任务的cmdlet。最初的要求是
我必须查明特定帐户是否可以访问租户中的任何密钥保险库,如果是,则该帐户具有哪种权利。任何想法或建议如何解决这个问题?我不想在GUI中逐个手动通过关键保险库。
I am want to list all access policies in all key vaults in tenant but cannot figure out a way. I normally use PowerShell Az for getting these kind of lists for auditing etc, but this time I didin't found a cmdlet for the task. The initial requirement was that I have to find out if a specific account have access to any key vaults in the tenant and if yes, what kind of rights the account has. Any ideas or suggestions how to solve this? I dont want to go thru the key vaults manually one by one in the GUI.
推荐答案
恐怕没有直接的方法来检索KV 直接使用PS的政策。
I am afraid there is no direct way to retrieve the KV polices with PS directly.
您必须单独检索每个KV,然后您才能看到如下所示的政策分配
You would have to retrieve each KV separately and only then you will be able to see the policy assignments as shown below
Get-AzKeyVault -VaultName 'myvault'
Vault Name : myvault
Resource Group Name : myrg
Location : westus
Resource ID : /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/myrg/providers
/Microsoft.KeyVault/vaults/myvault
Vault URI : https://myvault.vault.azure.net/
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
SKU : Standard
Enabled For Deployment? : True
Enabled For Template Deployment? : True
Enabled For Disk Encryption? : False
Soft Delete Enabled? : True
Access Policies :
Tenant ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Object ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx
Application ID :
Display Name : User Name ([email protected])
Permissions to Keys : get, create, delete, list, update,
import, backup, restore, recover
Permissions to Secrets : get, list, set, delete, backup,
restore, recover
Permissions to Certificates : get, delete, list, create, import,
update, deleteissuers, getissuers, listissuers, managecontacts, manageissuers,
setissuers, recover
Permissions to (Key Vault Managed) Storage : delete, deletesas, get, getsas, list,
listsas, regeneratekey, set, setsas, update
Tags :
您将获得用户或服务主体的对象ID,您必须使用该对象进行查询ID以获取有关用户/服务主体的更多详细信息
You will get the object ID's of the users or service principals and you would have to query with that object ID to get more details about the user / Service principal
这篇关于列出Azure中所有密钥保管库的所有访问策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!