Search <book_title>...

Important Update: Cohesity Products Documentation

All Cohesity product documentation are now managed via the Cohesity Docs Portal: https://docs.cohesity.com/HomePage/Content/home.htm. Some documentation available here may not reflect the latest information or may no longer be accessible.

NetBackup™ Snapshot Manager 安装和升级指南

Last Published: 2023-04-28

Product(s): NetBackup (10.2)

在 Microsoft Azure Stack Hub 上配置权限

NetBackup Snapshot Manager 必须有权访问 Microsoft Azure Stack 资产，然后才能保护这些资产。您必须关联 NetBackup Snapshot Manager 用户可用于处理 Azure Stack 资产的自定义角色。

以下是自定义角色定义（JSON 格式），它使 NetBackup Snapshot Manager 能够执行以下操作：

配置 Azure Stack Hub 插件和发现资产。
创建主机和磁盘快照。
将快照还原到原始位置或新位置。
删除快照。

 {
    "properties": {
        "roleName": "snapshot-manager-role",
        "description": "Necessary permissions for Azure plug-in operations in CloudPoint",
        "assignableScopes": [
            "/subscriptions/<SusbcriptionName>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Storage/*/read",
                    "Microsoft.Compute/*/read",
                    "Microsoft.Sql/*/read",
                    "Microsoft.Compute/disks/write",
                    "Microsoft.Compute/disks/delete",
                    "Microsoft.Compute/disks/beginGetAccess/action",
                    "Microsoft.Compute/disks/endGetAccess/action",
                    "Microsoft.Compute/snapshots/delete",
                    "Microsoft.Compute/snapshots/write",
                    "Microsoft.Compute/snapshots/beginGetAccess/action",
                    "Microsoft.Compute/snapshots/endGetAccess/action",
                    "Microsoft.Compute/virtualMachines/write",
                    "Microsoft.Compute/virtualMachines/delete",
                    "Microsoft.Compute/virtualMachines/start/action",
                    "Microsoft.Compute/virtualMachines/vmSizes/read",
                    "Microsoft.Compute/virtualMachines/powerOff/action",
                    "Microsoft.Network/*/read",
                    "Microsoft.Network/networkInterfaces/delete",
                    "Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action",
                    "Microsoft.Network/networkInterfaces/join/action",
                    "Microsoft.Network/networkInterfaces/write",
                    "Microsoft.Network/networkSecurityGroups/join/action",
                    "Microsoft.Network/networkSecurityGroups/write",
                    "Microsoft.Network/publicIPAddresses/delete",
                    "Microsoft.Network/publicIPAddresses/join/action",
                    "Microsoft.Network/publicIPAddresses/write",
                    "Microsoft.Network/virtualNetworks/subnets/join/action",
                    "Microsoft.Resources/*/read",
                    "Microsoft.Resources/subscriptions/tagNames/tagValues/write",
                    "Microsoft.Resources/subscriptions/tagNames/write",
                    "Microsoft.Subscription/*/read",
                    "Microsoft.Authorization/locks/*",
                    "Microsoft.Authorization/*/read",
                    "Microsoft.ContainerService/managedClusters/agentPools/read",
                    "Microsoft.ContainerService/managedClusters/read",
                    "Microsoft.Compute/virtualMachineScaleSets/write",
                    "Microsoft.Compute/virtualMachineScaleSets/delete/action",
                    "Microsoft.Compute/restorePointCollections/read",
                    "Microsoft.Compute/restorePointCollections/write",
                    "Microsoft.Compute/restorePointCollections/delete",
                    "Microsoft.Compute/restorePointCollections/restorePoints/read",
                    "Microsoft.Compute/restorePointCollections/restorePoints/write",
                    "Microsoft.Compute/restorePointCollections/restorePoints/delete",
                    "Microsoft.Compute/restorePointCollections/restorePoints/retrieveSasUris/action",
                    "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/read",
                    "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/beginGetAccess/action",
                    "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints/endGetAccess/action"

                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

要使用 Powershell 创建自定义角色，请执行 Azure Stack 文档中提及的步骤。

例如：

New-AzRoleDefinition -InputFile "C:\CustomRoles\registrationrole.json"

要使用 Azure CLI 创建自定义角色，请执行 Azure 文档中提及的步骤。

例如：

az role definition create --role-definition "~/CustomRoles/
registrationrole.json"

注意:

在创建角色之前，必须先将角色定义（JSON 格式的文本）复制到 .json 文件，然后将该文件用作输入文件。在前面显示的示例命令中，registrationrole.json 将用作包含角色定义文本的输入文件。

要使用此角色，请执行以下操作：

将此角色分配给在 Azure Stack 环境中运行的应用程序。
在 NetBackup Snapshot Manager 中，使用应用程序的凭据配置 Azure Stack 脱离主机插件。

更多信息

Microsoft Azure Stack Hub 插件配置说明