问题
I have inherited a Azure project and is struggling with accessing some of the information in it. There are multiple keyvault which I need to get into, but I dont have access, and I dont understand why as I am the project owner. I am signed in as the user with the OK profile picture.
If I go to Keys or secrets I get the following error: The operation "List" is not enabled in this key vault's access policy.
Network access is set to "All networks"
So I go to access policies to give myself access. There I click the "Add new" Button. This brings me to the screen where I can set up permissions and add a principal. When I search for my user there I can not find it. Searching for users which already are in the access control list also returns nothing.
The "searching..." status never disappears, but I do get a red line around the email after a while.
How do I get access to a keyvault using the portal?
回答1:
It looks like your key vault was moved (with the subscription) from another Azure AD tenant and kept its binding to said tenant. So you might want to associate it with the new tenant as described in this MS article: Change a key vault tenant ID after a subscription move.
$subscriptionId = <Your subscription ID>
$keyVaultName = <Key Vault name>
Select-AzSubscription -SubscriptionId $subscriptionId
$vaultResourceId = (Get-AzKeyVault -VaultName $keyVaultName).ResourceId
$vault = Get-AzResource –ResourceId $vaultResourceId -ExpandProperties
$vault.Properties.TenantId = (Get-AzContext).Tenant.TenantId
$vault.Properties.AccessPolicies = @()
Set-AzResource -ResourceId $vaultResourceId -Properties $vault.Properties
Note: security principals (users and applications) in the old Azure AD tenant will lose their access to the key vault after this operation. So if by any chance, there is an application deployed in your subscription, which uses application ID (and secret) registered in the old tenant, you'll need to make a new app registration in your Azure AD, give it permissions to the key vault and redeploy the app with the new credentials.
来源:https://stackoverflow.com/questions/56762508/unable-to-access-key-vault-using-azure-portal