我想从驻留在其他 Azure AD 租户(例如租户 ID T2)中的子网(例如 S1)访问驻留在 Azure AD 租户(例如租户 ID T1)中的存储帐户。使用 azure CLI,我能够在存储帐户的“防火墙”和“虚拟网络”选项卡中添加此现有通风口/子网。
AZ CLI:az storage account network-rule add -g myRG --account myAccount --subnet mySubnetId
但该子网的端点状态显示权限不足而不是已启用。因此无法从添加的子网 S1 访问此存储帐户。
错误 :
Unable retrieve endpoint status for one or more subnets. Status 'insufficient permissions' indicates lack of subnet read permissions ('Microsoft.Network/virtualNetworks/subnets/read').
详细错误:
You do not have authorization to access this resource.
Resource ID: /subscriptions/****/resourceGroups/my-network-rg/providers/Microsoft.Network/virtualNetworks/my-vnet
Status Code: 401
Status Message: The access token …azure multi-tenant azure-storage azure-active-directory web-application-firewall