azure-cosmosdb - 无法使用基于 Cosmos DB 角色的访问控制获得读取/写入集合吞吐量的权限
问题描述
我们正在使用 Core(SQL) Cosmos DB。现在我们正在尝试添加一个角色,以下是要求:
- 所有指标的读取权限。
- 所有设置的读写权限,包括数据库账户级别、数据库级别和(容器)集合级别。
- 没有文件的读取或写入权限。
我们为角色添加了以下所有权限。然而,我们仍然无法
- 集合的读写吞吐量(规模)
- 编写各种账户级别设置
- 阅读吞吐量(请求数)指标。但是其他指标,如存储、可用性、延迟、一致性是可用的。
我们错过了什么吗?
```"Microsoft.DocumentDB/databaseAccountNames/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/throughputSettings/write",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/tables/write",
"Microsoft.DocumentDB/databaseAccounts/cassandraKeyspaces/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/changeResourceGroup/action",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/metricDefinitions/read",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/partitionKeyRangeId/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/read",
"Microsoft.DocumentDB/databaseAccounts/databases/collections/partitions/usages/read",
"Microsoft.DocumentDB/databaseAccounts/databases/metricDefinitions/read",
"Microsoft.DocumentDB/databaseAccounts/databases/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/databases/usages/read",
"Microsoft.DocumentDB/databaseAccounts/getBackupPolicy/action",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/metricDefinitions/read",
"Microsoft.DocumentDB/databaseAccounts/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/collections/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/mongodbDatabases/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/percentile/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/percentile/read",
"Microsoft.DocumentDB/databaseAccounts/percentile/sourceRegion/targetRegion/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/percentile/targetRegion/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnectionProxies/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/read",
"Microsoft.DocumentDB/databaseAccounts/region/databases/collections/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitionKeyRangeId/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitions/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/region/databases/collections/partitions/read",
"Microsoft.DocumentDB/databaseAccounts/region/metrics/read",
"Microsoft.DocumentDB/databaseAccounts/restore/action",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/storedProcedures/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/triggers/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/containers/userDefinedFunctions/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/sqlDatabases/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/tables/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/tables/throughputSettings/operationResults/read",
"Microsoft.DocumentDB/databaseAccounts/tables/throughputSettings/read",
"Microsoft.DocumentDB/databaseAccounts/usages/read",
"Microsoft.DocumentDB/locations/operationsStatus/read",
"Microsoft.DocumentDB/operationResults/read",
"Microsoft.DocumentDB/operations/read",
"Microsoft.DocumentDB/register/action",
"Microsoft.DocumentDB/register/action",```
解决方案
为此,您不需要自定义角色。查看 Cosmos DB 操作员角色,该角色提供对所有管理(控制平面)数据和操作的访问权限,但用于防止访问数据的密钥除外。
你可以在这里了解更多。
希望这可以帮助。
推荐阅读
- c# - 当 WCF 应用程序在 Windows 7 上作为 Windows 服务托管时,找不到证书
- javascript - 在JS中格式化输入类型=“文本”
- reporting-services - SSRS 根据数据集字段创建尽可能多的表(使用一个数据集)
- spring - 使用 Spring Integration DSL 读取 Tibco EMS 主题
- c++ - 从 'float*' 到 'int' 的错误无效转换 [-fpermissive]
- python - Graphlab 和 SFrame
- ios - Xcode Storyboard 使按钮高度等于底部布局指南(或安全区域下方的空间)+ 常量?
- sql - 在函数中转 SQL 语句
- hyperledger-fabric - 无需托管对等节点即可参与 Hyperledger
- python-3.x - 如何确保按给定顺序处理所有命令(和错误)