You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/service-fabric/managed-cluster-deny-assignment.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,18 +11,18 @@ ms.date: 08/18/2023
11
11
12
12
# Deny assignment policy for Service Fabric managed clusters
13
13
14
-
Deny assignment policies for Service Fabric managed clusters enable customers to protect the resources of their clusters. Deny assignments attach a set of deny actions to a user, group, or service principal at a particular scope for the purpose of denying access. Limiting access to certain actions can help users from inadvertently damaging their clusters when they delete, deallocate restart, or reimage their clusters' scale set directly in the infrastruture resource group, which can cause the resources of the cluster to be out of sync with the data in the managed cluster.
14
+
Deny assignment policies for Service Fabric managed clusters enable customers to protect the resources of their clusters. Deny assignments attach a set of deny actions to a user, group, or service principal at a particular scope to deny access. Limiting access to certain actions can help users from inadvertently damaging their clusters when they delete, deallocate restart, or reimage their clusters' scale set directly in the infrastructure resource group, which can cause the resources of the cluster to be unsynchronized with the data in the managed cluster.
15
15
16
-
All actions related to managed clusters should be done through the managed cluster resource APIs instead of diretly against the infratructure resource group to ensure the resources of the cluster are in sync with the data in the managed cluster.
16
+
All actions that are related to managed clusters should be done through the managed cluster resource APIs instead of directly against the infrastructure resource group. Using the resource APIs ensures the resources of the cluster are synchronized with the data in the managed cluster.
17
17
18
18
This feature ensures that the correct, supported APIs are used when performing delete operations to avoid any errors.
19
19
20
20
You can learn more about deny assignments in the [Azure role-based access control (RBAC) documentation](..role-based-access-control/deny-assignments).
21
21
22
22
## Best practices
23
23
24
-
The following are some best pracitces to minimize the threat of desyncing your cluster's resources:
25
-
* Instead of deleting VMSS diretly from the managed resource group, use NodeType level APIs to delete the NodeType or virtual machine scale set, such as through the Node blade on the Azure portal or via[Azure PowerShell](https://learn.microsoft.com/powershell/module/az.servicefabric/remove-azservicefabricmanagednodetype?view=azps-10.2.0&viewFallbackFrom=azps-9.7.0).
24
+
The following are some best practices to minimize the threat of desyncing your cluster's resources:
25
+
* Instead of deleting virtual machine scale sets directly from the managed resource group, use NodeType level APIs to delete the NodeType or virtual machine scale set. Options include the Node blade on the Azure portal and[Azure PowerShell](https://learn.microsoft.com/powershell/module/az.servicefabric/remove-azservicefabricmanagednodetype?view=azps-10.2.0&viewFallbackFrom=azps-9.7.0).
26
26
* Use the correct APIs to restart or reimage your scale sets:
27
27
*[Virtual machine scale set restarts](https://learn.microsoft.com/powershell/module/az.servicefabric/restart-azservicefabricmanagednodetype?view=azps-10.1.0)
28
28
*[Virtual machine scale set reimage](https://learn.microsoft.com/powershell/module/az.servicefabric/set-azservicefabricmanagednodetype?view=azps-10.1.0)
0 commit comments