Integrierte Azure-RollenAzure built-in roles

Die auf Azure-Rollen basierte Zugriffssteuerung (Azure RBAC) verfügt über mehrere integrierte Azure-Rollen, die Sie Benutzern, Gruppen, Dienstprinzipalen und verwalteten Identitäten zuweisen können.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Durch Rollenzuweisungen wird die Art und Weise gesteuert, wie Sie auf Azure-Ressourcen zugreifen.Role assignments are the way you control access to Azure resources. Wenn die integrierten Rollen den Ansprüchen Ihrer Organisation nicht entsprechen, können Sie Ihre eigenen benutzerdefinierten Azure-Rollen erstellen.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

Dieser Artikel enthält eine Liste der integrierten Azure-Rollen, die ständig weiterentwickelt werden.This article lists the Azure built-in roles, which are always evolving. Verwenden Sie zum Abrufen der aktuellen Rollen Get-AzRoleDefinition oder az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Eine Liste mit Administratorrollen für Azure Active Directory (Azure AD) finden Sie unter Berechtigungen der Administratorrolle in Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

Die folgende Tabelle enthält eine kurze Beschreibung und die eindeutige ID aller integrierten Rollen.The following table provides a brief description and the unique ID of each built-in role. Klicken Sie auf den Rollennamen, um die Liste der Actions, NotActions, DataActions und NotDataActions für jede Rolle anzuzeigen.Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. Informationen zur Bedeutung dieser Aktionen und deren Anwendung auf die Verwaltung und Datenebenen finden Sie unter Grundlegendes zu Azure-Rollendefinitionen.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

AllAll

Integrierte RolleBuilt-in role BESCHREIBUNGDescription idID
AllgemeinGeneral
MitwirkenderContributor Hiermit wird Vollzugriff zum Verwalten aller Ressourcen gewährt, allerdings nicht zum Zuweisen von Rollen in Azure RBAC.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
BesitzerOwner Hiermit wird Vollzugriff zum Verwalten aller Ressourcen gewährt, einschließlich der Möglichkeit, Rollen in Azure RBAC zuzuweisen.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
LeserReader Hiermit können Sie alle Ressourcen anzeigen, aber keine Änderungen vornehmen.View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
BenutzerzugriffsadministratorUser Access Administrator Ermöglicht Ihnen die Verwaltung von Benutzerzugriffen auf Azure-Ressourcen.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
ComputeCompute
Mitwirkender von klassischen virtuellen ComputernClassic Virtual Machine Contributor Ermöglicht Ihnen das Verwalten klassischer virtueller Computer, aber weder den Zugriff darauf noch auf die mit ihnen verbundenen virtuellen Netzwerke oder Speicherkonten.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
VM-AdministratoranmeldungVirtual Machine Administrator Login Anzeigen von virtuellen Computern im Portal und Anmelden als AdministratorView Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Mitwirkender von virtuellen ComputernVirtual Machine Contributor Ermöglicht Ihnen das Verwalten virtueller Computer, aber weder den Zugriff darauf, noch auf deren verbundenen virtuellen Netzwerke oder Speicherkonten.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
VM-BenutzeranmeldungVirtual Machine User Login Anzeigen von virtuellen Computern im Portal und Anmelden als regulärer Benutzer.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
NetzwerkNetworking
Mitwirkender für den CDN-EndpunktCDN Endpoint Contributor Diese Rolle kann CDN-Endpunkte verwalten, aber anderen Benutzern keinen Zugriff erteilen.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN-EndpunktleserCDN Endpoint Reader Diese Rolle kann CDN-Endpunkte anzeigen, aber keine Änderungen vornehmen.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
Mitwirkender für das CDN-ProfilCDN Profile Contributor Diese Rolle kann CDN-Profile und deren Endpunkte verwalten, aber anderen Benutzern keinen Zugriff erteilen.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN-ProfilleserCDN Profile Reader Diese Rolle kann CDN-Profile und deren Endpunkte anzeigen, aber keine Änderungen vornehmen.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Mitwirkender von klassischem NetzwerkClassic Network Contributor Ermöglicht Ihnen das Verwalten von klassischen Netzwerken, nicht aber den Zugriff darauf.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
DNS Zone ContributorDNS Zone Contributor Ermöglicht Ihnen die Verwaltung von DNS-Zonen und Ressourceneintragssätzen in Azure DNS, aber nicht zu steuern, wer darauf Zugriff hat.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Mitwirkender von virtuellem NetzwerkNetwork Contributor Ermöglicht Ihnen das Verwalten von Netzwerken, nicht aber den Zugriff darauf.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
Mitwirkender für private DNS-ZonePrivate DNS Zone Contributor Ermöglicht Ihnen das Verwalten privater DNS-Zonenressourcen, aber nicht der virtuellen Netzwerke, mit denen sie verknüpft sind.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Traffic Manager-MitwirkenderTraffic Manager Contributor Ermöglicht Ihnen die Verwaltung von Traffic Manager-Profilen, aber nicht die Steuerung des Zugriffs darauf.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Avere-MitwirkenderAvere Contributor Kann einen Avere vFXT-Cluster erstellen und verwalten.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere-BedienerAvere Operator Wird vom Avere vFXT-Cluster zum Verwalten des Clusters verwendetUsed by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Mitwirkender für SicherungenBackup Contributor Ermöglicht Ihnen die Verwaltung des Sicherungsdiensts. Sie können jedoch keine Tresore erstellen oder anderen Benutzern Zugriff gewähren.Lets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
SicherungsoperatorBackup Operator Ermöglicht Ihnen das Verwalten von Sicherungsdiensten, jedoch nicht das Entfernen der Sicherung, die Tresorerstellung und das Erteilen von Zugriff an andere Benutzer.Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
SicherungsleserBackup Reader Kann Sicherungsdienste anzeigen, aber keine Änderungen vornehmen.Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Mitwirkender von klassischem SpeicherkontoClassic Storage Account Contributor Ermöglicht Ihnen das Verwalten klassischer Speicherkonten, nicht aber den Zugriff darauf.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
Klassische Dienstrolle „Speicherkonto-Schlüsseloperator“Classic Storage Account Key Operator Service Role Klassische Speicherkonto-Schlüsseloperatoren dürfen Schlüssel für klassische Speicherkonten auflisten und neu generieren.Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Data Box-MitwirkenderData Box Contributor Ermöglicht Ihnen das Verwalten aller Komponenten unter dem Data Box-Dienst, mit Ausnahme der Gewährung des Zugriffs für andere Benutzer.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Data Box-LeserData Box Reader Ermöglicht Ihnen das Verwalten des Data Box-Diensts, mit Ausnahme der Erstellung von Aufträgen oder der Bearbeitung von Auftragsdetails und der Gewährung des Zugriffs für andere Benutzer.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Data Lake Analytics-EntwicklerData Lake Analytics Developer Ermöglicht Ihnen das Übermitteln, Überwachen und Verwalten Ihrer eigenen Aufträge, aber nicht das Erstellen oder Löschen von Data Lake Analytics-Konten.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Lese- und DatenzugriffReader and Data Access Ermöglicht Ihnen das Anzeigen sämtlicher Aspekte, jedoch nicht das Löschen oder Erstellen eines Speicherkontos oder einer darin enthaltenen Ressource.Lets you view everything but will not let you delete or create a storage account or contained resource. Sie können auch Lese-/Schreibzugriff auf alle Daten in einem Speicherkonto durch Zugriff auf Speicherkontoschlüssel gewähren.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Mitwirkender von SpeicherkontoStorage Account Contributor Erlaubt die Verwaltung von Speicherkonten.Permits management of storage accounts. Ermöglicht den Zugriff auf den Kontoschlüssel, der für den Datenzugriff über die Autorisierung mit einem gemeinsam verwendetem Schlüssel genutzt werden kann.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
Dienstrolle „Speicherkonto-Schlüsseloperator“Storage Account Key Operator Service Role Ermöglicht das Auflisten und erneute Generieren von Zugriffsschlüsseln für Speicherkonten.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Mitwirkender an SpeicherblobdatenStorage Blob Data Contributor Lesen, Schreiben und Löschen von Azure Storage-Containern und -Blobs.Read, write, and delete Azure Storage containers and blobs. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Besitzer von SpeicherblobdatenStorage Blob Data Owner Bietet Vollzugriff auf Azure Storage-Blobcontainer und -daten, einschließlich POSIX-Zugriffssteuerung.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Leser von SpeicherblobdatenStorage Blob Data Reader Lesen und Auflisten von Azure Storage-Containern und -Blobs.Read and list Azure Storage containers and blobs. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Storage Blob-DelegatorStorage Blob Delegator Abrufen eines Benutzerdelegierungsschlüssels, mit dem dann eine SAS (Shared Access Signature) für einen Container oder Blob erstellt werden kann, die mit Azure AD-Anmeldeinformationen signiert ist.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Weitere Informationen finden Sie unter Erstellen einer SAS für die Benutzerdelegierung.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Speicherdateidaten-SMB-FreigabemitwirkenderStorage File Data SMB Share Contributor Ermöglicht den Lese-, Schreib- und Löschzugriff auf Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read, write, and delete access on files/directories in Azure file shares. Für diese Rolle gibt es keine integrierte Entsprechung auf Windows-Dateiservern.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Speicherdateidaten-SMB-Freigabemitwirkender mit erhöhten RechtenStorage File Data SMB Share Elevated Contributor Ermöglicht das Lesen, Schreiben, Löschen und Bearbeiten von Zugriffssteuerungslisten für Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Diese Rolle entspricht einer Dateifreigabe-ACL für das Bearbeiten auf Windows-Dateiservern.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Speicherdateidaten-SMB-FreigabeleserStorage File Data SMB Share Reader Ermöglicht den Lesezugriff auf Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read access on files/directories in Azure file shares. Diese Rolle entspricht einer Dateifreigabe-ACL für das Lesen auf Windows-Dateiservern.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Mitwirkender an Storage-WarteschlangendatenStorage Queue Data Contributor Lesen, Schreiben und Löschen von Azure Storage-Warteschlangen und -Warteschlangennachrichten.Read, write, and delete Azure Storage queues and queue messages. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Verarbeiter von Speicherwarteschlangen-DatennachrichtenStorage Queue Data Message Processor Einsehen, Abrufen und Löschen einer Nachricht aus einer Azure Storage-Warteschlange.Peek, retrieve, and delete a message from an Azure Storage queue. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Absender der Speicherwarteschlangen-DatennachrichtStorage Queue Data Message Sender Hinzufügen von Nachrichten zu einer Azure Storage-Warteschlange.Add messages to an Azure Storage queue. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Storage-WarteschlangendatenleserStorage Queue Data Reader Lesen und Auflisten von Azure Storage-Warteschlangen und -Warteschlangennachrichten.Read and list Azure Storage queues and queue messages. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Azure Maps-DatenleserAzure Maps Data Reader Gewährt Lesezugriff auf kartenbezogene Daten von einem Azure Maps-Konto.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Mitwirkender von SuchdienstSearch Service Contributor Ermöglicht Ihnen das Verwalten von Search-Diensten, nicht aber den Zugriff darauf.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Mitwirkender von WebplanWeb Plan Contributor Ermöglicht Ihnen das Verwalten der Webpläne für Websites, nicht aber den Zugriff darauf.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Mitwirkender von WebsiteWebsite Contributor Ermöglicht Ihnen das Verwalten von Websites (nicht der Webpläne), nicht aber den Zugriff darauf.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContainerContainers
AcrDeleteAcrDelete ACR-Löschvorgangacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner ACR-Imagesignaturgeberacr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull ACR-Pullvorgangacr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush ACR-Pushvorgangacr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader ACR-Quarantänedatenleseracr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter ACR-Quarantänedatenschreiberacr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Administratorrolle für Azure Kubernetes Service-ClusterAzure Kubernetes Service Cluster Admin Role Listet die Aktion für Anmeldeinformationen des Clusteradministrators auf.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Benutzerrolle für Azure Kubernetes Service-ClusterAzure Kubernetes Service Cluster User Role Listet die Aktion für Anmeldeinformationen des Clusterbenutzer auf.List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Rolle „Mitwirkender“ für Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role Gewährt Lese- und Schreibzugriff auf Azure Kubernetes Service-Cluster.Grants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
RBAC-Administrator von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Admin Ermöglicht Ihnen das Verwalten aller Ressourcen unter einem Cluster/Namespace, außer das Aktualisieren oder Löschen von Ressourcenkontingenten und Namespaces.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
RBAC-Clusteradministrator von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Cluster Admin Ermöglicht Ihnen das Verwalten aller Ressourcen im Cluster.Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
RBAC-Leser von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Reader Ermöglicht Ihnen das Anzeigen aller Ressourcen im Cluster/Namespace mit Ausnahme von Geheimnissen.Lets you view all resources in cluster/namespace, except secrets. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
RBAC-Writer von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Writer Ermöglicht Ihnen das Aktualisieren aller Elemente im Cluster/Namespace mit Ausnahme von Ressourcenkontingenten, Namespaces, Pod-Sicherheitsrichtlinien, Zertifikatsignieranforderungen, (Cluster-)Rollen und (Cluster-)Rollenbindungen.Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
DatenbankenDatabases
Cosmos DB-Rolle „Kontoleser“Cosmos DB Account Reader Role Kann Azure Cosmos DB-Kontodaten lesen.Can read Azure Cosmos DB account data. Informationen zum Verwalten von Azure Cosmos DB-Konten finden Sie unter Mitwirkender von DocumentDB-Konto.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB-OperatorCosmos DB Operator Ermöglicht das Verwalten von Azure Cosmos DB-Konten, aber nicht das Zugreifen auf deren Daten.Lets you manage Azure Cosmos DB accounts, but not access data in them. Verhindert den Zugriff auf Kontoschlüssel und Verbindungszeichenfolgen.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Kann eine Wiederherstellungsanforderung für eine Cosmos DB-Datenbank oder einen Container für ein Konto übermitteln.Can submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
Mitwirkender von DocumentDB-KontoDocumentDB Account Contributor Kann Azure Cosmos DB-Konten verwalten.Can manage Azure Cosmos DB accounts. Azure Cosmos DB wurde früher als DocumentDB bezeichnet.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Mitwirkender von Redis-CacheRedis Cache Contributor Ermöglicht Ihnen das Verwalten von Redis Caches, nicht aber den Zugriff darauf.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
Mitwirkender von SQL DBSQL DB Contributor Ermöglicht Ihnen das Verwalten von SQL-Datenbanken, nicht aber den Zugriff darauf.Lets you manage SQL databases, but not access to them. Darüber hinaus können Sie deren sicherheitsbezogenen Richtlinien oder übergeordneten SQL-Server nicht verwalten.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Verwaltete SQL-Instanz: MitwirkenderSQL Managed Instance Contributor Diese Rolle ermöglicht Ihnen das Verwalten verwalteter SQL-Instanzen und der erforderlichen Netzwerkkonfiguration, jedoch nicht das Erteilen des Zugriffs an andere.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL-Sicherheits-ManagerSQL Security Manager Ermöglicht Ihnen das Verwalten von sicherheitsbezogenen Richtlinien von SQL-Server und Datenbanken, jedoch nicht den Zugriff darauf.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
Mitwirkender von SQL ServerSQL Server Contributor Diese Rolle ermöglicht es Ihnen, SQL-Server und -Datenbanken zu verwalten, gewährt Ihnen jedoch keinen Zugriff darauf und auch nicht auf deren sicherheitsbezogenen Richtlinien.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyseAnalytics
Azure Event Hubs-DatenbesitzerAzure Event Hubs Data Owner Ermöglicht den uneingeschränkten Zugriff auf die Azure Event Hubs-Ressourcen.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure Event Hubs-DatenempfängerAzure Event Hubs Data Receiver Ermöglicht Empfängern den Zugriff auf die Azure Event Hubs-Ressourcen.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure Event Hubs-DatensenderAzure Event Hubs Data Sender Ermöglicht Absendern den Zugriff auf die Azure Event Hubs-Ressourcen.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Mitwirkender von Data FactoryData Factory Contributor Erstellen und verwalten Sie Data Factorys sowie die darin enthaltenen untergeordneten Ressourcen.Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
DatenpurgerData Purger Kann Analysedaten endgültig löschen.Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
HDInsight-ClusteroperatorHDInsight Cluster Operator Ermöglicht Ihnen das Lesen und Ändern von HDInsight-Clusterkonfigurationen.Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
Mitwirkender für die HDInsight-DomänendiensteHDInsight Domain Services Contributor Ermöglicht Ihnen, Vorgänge im Zusammenhang mit Domänendiensten, die für das HDInsight Enterprise-Sicherheitspaket erforderlich sind, zu lesen, zu erstellen, zu ändern und zu löschen.Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Log Analytics-MitwirkenderLog Analytics Contributor Ein Log Analytics-Mitwirkender kann alle Überwachungsdaten lesen und Überwachungseinstellungen bearbeiten.Log Analytics Contributor can read all monitoring data and edit monitoring settings. Das Bearbeiten von Überwachungseinstellungen schließt folgende Aufgaben ein: Hinzufügen der VM-Erweiterung zu VMs, Lesen von Speicherkontoschlüsseln zum Konfigurieren von Protokollsammlungen aus Azure Storage, Erstellen und Konfigurieren von Automation-Konten, Hinzufügen von Lösungen, Konfigurieren der Azure-Diagnose für alle Azure-Ressourcen.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics-LeserLog Analytics Reader Ein Log Analytics-Leser kann alle Überwachungsdaten anzeigen und durchsuchen sowie Überwachungseinstellungen anzeigen. Hierzu zählt auch die Anzeige der Konfiguration von Azure-Diagnosen für alle Azure-Ressourcen.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
BlockchainBlockchain
Zugriff auf Blockchainmitgliedsknoten (Vorschauversion)Blockchain Member Node Access (Preview) Ermöglicht den Zugriff auf Blockchainmitgliedsknoten.Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
KI und Machine LearningAI + machine learning
Mitwirkender für Cognitive ServicesCognitive Services Contributor Ermöglicht Ihnen das Erstellen, Lesen, Aktualisieren, Löschen und Verwalten von Cognitive Services-Schlüsseln.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Cognitive Services-Datenleser (Vorschau)Cognitive Services Data Reader (Preview) Ermöglicht das Lesen von Cognitive Services-Daten.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Cognitive Services-BenutzerCognitive Services User Ermöglicht Ihnen das Lesen und Auflisten von Cognitive Services-Schlüsseln.Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Mixed RealityMixed reality
Remote Rendering-AdministratorRemote Rendering Administrator Bietet dem Benutzer Konvertierungs-, Sitzungsverwaltungs-, Rendering- und Diagnosefunktionen für Azure Remote Rendering.Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Remote Rendering-ClientRemote Rendering Client Bietet dem Benutzer Sitzungsverwaltungs-, Rendering- und Diagnosefunktionen für Azure Remote Rendering.Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Spatial Anchors-KontomitwirkenderSpatial Anchors Account Contributor Ermöglicht Ihnen das Verwalten von Raumankern in Ihrem Konto, nicht jedoch das Löschen von Ankern.Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Spatial Anchors-KontobesitzerSpatial Anchors Account Owner Ermöglicht Ihnen das Verwalten von Raumankern in Ihrem Konto, einschließlich der Löschung von Ankern.Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Spatial Anchors-KontoleserSpatial Anchors Account Reader Ermöglicht Ihnen das Ermitteln und Lesen von Eigenschaften für Raumanker in Ihrem Dokument.Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
IntegrationIntegration
Mitwirkender des API-VerwaltungsdienstesAPI Management Service Contributor Kann Dienst und APIs verwalten.Can manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
Operatorrolle des API Management-DienstsAPI Management Service Operator Role Kann den Dienst, aber nicht die APIs verwalten.Can manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Leserrolle des API Management-DienstsAPI Management Service Reader Role Schreibgeschützter Zugriff auf Dienst und APIsRead-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
App Configuration-DatenbesitzerApp Configuration Data Owner Ermöglicht den Vollzugriff auf App Configuration-Daten.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
App Configuration-DatenleserApp Configuration Data Reader Ermöglicht den Lesezugriff auf App Configuration-Daten.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Azure Service Bus-DatenbesitzerAzure Service Bus Data Owner Ermöglicht den uneingeschränkten Zugriff auf die Azure Service Bus-Ressourcen.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure Service Bus-DatenempfängerAzure Service Bus Data Receiver Ermöglicht Empfängern den Zugriff auf die Azure Service Bus-Ressourcen.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure Service Bus-DatensenderAzure Service Bus Data Sender Ermöglicht Absendern den Zugriff auf die Azure Service Bus-Ressourcen.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Besitzer der Azure Stack-RegistrierungAzure Stack Registration Owner Ermöglicht Ihnen die Verwaltung von Azure Stack-Registrierungen.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
EventGrid EventSubscription-MitwirkenderEventGrid EventSubscription Contributor Ermöglicht die Verwaltung von EventGrid-Ereignisabonnementvorgängen.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription-LeserEventGrid EventSubscription Reader Ermöglicht das Lesen von EventGrid-Ereignisabonnements.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Mitwirkender an FHIR-DatenFHIR Data Contributor Die Rolle ermöglicht dem Benutzer oder Prinzipal vollen Zugriff auf FHIR-Daten.Role allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
FHIR-DatenexportiererFHIR Data Exporter Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen und Exportieren von FHIR-Daten.Role allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
FHIR-DatenleserFHIR Data Reader Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen von FHIR-Daten.Role allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
FHIR-DatenschreiberFHIR Data Writer Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen und Schreiben von FHIR-Daten.Role allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
Mitwirkender für IntegrationsdienstumgebungenIntegration Service Environment Contributor Hiermit wird das Verwalten von Integrationsdienstumgebungen ermöglicht, nicht aber der Zugriff auf diese.Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
Entwickler für IntegrationsdienstumgebungenIntegration Service Environment Developer Hiermit wird Entwicklern das Erstellen und Aktualisieren von Workflows, Integrationskonten und API-Verbindungen in Integrationsdienstumgebungen ermöglicht.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Mitwirkender von Intelligent Systems-KontoIntelligent Systems Account Contributor Ermöglicht Ihnen das Verwalten von Intelligent Systems-Konten, nicht aber den Zugriff darauf.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Logik-App-MitwirkenderLogic App Contributor Ermöglicht Ihnen die Verwaltung von Logik-Apps. Sie können aber nicht den App-Zugriff ändern.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Logik-App-OperatorLogic App Operator Ermöglicht Ihnen das Lesen, Aktivieren und Deaktivieren von Logik-Apps. Sie können diese aber nicht bearbeiten oder aktualisieren.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IdentitätIdentity
Mitwirkender für verwaltete IdentitätManaged Identity Contributor Dem Benutzer zugewiesene Identität erstellen, lesen, aktualisieren und löschen.Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Operator für verwaltete IdentitätManaged Identity Operator Dem Benutzer zugewiesene Identität lesen und zuweisen.Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SecuritySecurity
Azure Sentinel-MitwirkenderAzure Sentinel Contributor Azure Sentinel-MitwirkenderAzure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel-LeserAzure Sentinel Reader Azure Sentinel-LeserAzure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel-AntwortenderAzure Sentinel Responder Azure Sentinel-AntwortenderAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Key Vault-Administrator (Vorschau)Key Vault Administrator (preview) Ausführen beliebiger Vorgänge auf Datenebene für einen Schlüsseltresor und alle darin enthaltenen Objekte (einschließlich Zertifikate, Schlüssel und Geheimnisse).Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Kann keine Key Vault-Ressourcen oder Rollenzuweisungen verwalten.Cannot manage key vault resources or manage role assignments. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Key Vault Certificates Officer (Vorschau)Key Vault Certificates Officer (preview) Ausführen beliebiger Aktionen für die Zertifikate eines Schlüsseltresors mit Ausnahme der Verwaltung von Berechtigungen.Perform any action on the certificates of a key vault, except manage permissions. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Key Vault-MitwirkenderKey Vault Contributor Verwalten von Schlüsseltresoren, gestattet Ihnen jedoch nicht, Rollen in Azure RBAC zuzuweisen, und ermöglicht keinen Zugriff auf Geheimnisse, Schlüssel oder Zertifikate.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Key Vault Crypto Officer (Vorschau)Key Vault Crypto Officer (preview) Ausführen beliebiger Aktionen für die Schlüssel eines Schlüsseltresors mit Ausnahme der Verwaltung von Berechtigungen.Perform any action on the keys of a key vault, except manage permissions. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Key Vault Crypto Service Encryption (Vorschau)Key Vault Crypto Service Encryption (preview) Lesen von Metadaten von Schlüsseln und Ausführen von Vorgängen zum Packen/Entpacken.Read metadata of keys and perform wrap/unwrap operations. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Key Vault Crypto-Benutzer (Vorschau)Key Vault Crypto User (preview) Ausführen kryptografischer Vorgänge mithilfe von Schlüsseln.Perform cryptographic operations using keys. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Key Vault Reader (Vorschau)Key Vault Reader (preview) Lesen von Metadaten von Schlüsseltresoren und deren Zertifikaten, Schlüsseln und Geheimnissen.Read metadata of key vaults and its certificates, keys, and secrets. Sensible Werte, z. B. der Inhalt von Geheimnissen oder Schlüsselmaterial, können nicht gelesen werden.Cannot read sensitive values such as secret contents or key material. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Key Vault Secrets Officer (Vorschau)Key Vault Secrets Officer (preview) Ausführen beliebiger Aktionen für die Geheimnisse eines Schlüsseltresors mit Ausnahme der Verwaltung von Berechtigungen.Perform any action on the secrets of a key vault, except manage permissions. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Key Vault Secrets-Benutzer (Vorschau)Key Vault Secrets User (preview) Lesen der Inhalte von Geheimnissen.Read secret contents. Funktioniert nur für Schlüsseltresore, die das Berechtigungsmodell „Rollenbasierte Azure-Zugriffssteuerung“ verwenden.Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
SicherheitsadministratorSecurity Admin Anzeigen und Aktualisieren von Berechtigungen für Security Center.View and update permissions for Security Center. Gleiche Rechte wie der Sicherheitsleseberechtigte und kann darüber hinaus die Sicherheitsrichtlinie aktualisieren sowie Warnungen und Empfehlungen verwerfen.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Mitwirkender für SicherheitsbewertungenSecurity Assessment Contributor Ermöglicht das Pushen von Bewertungen an Security CenterLets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
Sicherheits-Manager (Legacy)Security Manager (Legacy) Dies ist eine Legacyrolle.This is a legacy role. Verwenden Sie stattdessen „Sicherheitsadministrator“.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
SicherheitsleseberechtigterSecurity Reader Anzeigen von Berechtigungen für Security Center.View permissions for Security Center. Kann Empfehlungen, Warnungen, Sicherheitsrichtlinien und Sicherheitszustände anzeigen, jedoch keine Änderungen vornehmen.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
DevTest Labs-BenutzerDevTest Labs User Ermöglicht Ihnen das Verbinden, Starten, Neustarten und Herunterfahren Ihrer virtuellen Computer in Ihren Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Lab-ErstellerLab Creator Ermöglicht Ihnen das Erstellen neuer Labs unter ihren Azure Lab-Konten.Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
ÜberwachenMonitor
Mitwirkender der Application Insights-KomponenteApplication Insights Component Contributor Kann Application Insights-Komponenten verwaltenCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights-MomentaufnahmedebuggerApplication Insights Snapshot Debugger Gibt dem Benutzer die Berechtigung zum Anzeigen und Herunterladen von Debugmomentaufnahmen, die mit dem Application Insights-Momentaufnahmedebugger erfasst wurden.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Beachten Sie, dass diese Berechtigungen in der Rolle Besitzer oder Mitwirkender nicht enthalten sind.Note that these permissions are not included in the Owner or Contributor roles. Die Application Insights-Rolle „Momentaufnahmedebugger“ muss Benutzern direkt zugewiesen werden.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. Die Rolle wird nicht erkannt, wenn sie einer benutzerdefinierten Rolle hinzugefügt wird.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
ÜberwachungsmitwirkenderMonitoring Contributor Kann sämtliche Überwachungsdaten lesen und Überwachungseinstellungen bearbeiten.Can read all monitoring data and edit monitoring settings. Siehe auch Erste Schritte mit Rollen, Berechtigungen und Sicherheit in Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
Herausgeber von ÜberwachungsmetrikenMonitoring Metrics Publisher Ermöglicht die Veröffentlichung von Metriken für Azure-Ressourcen.Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
ÜberwachungsleserMonitoring Reader Kann alle Überwachungsdaten (Metriken, Protokolle usw.) lesen.Can read all monitoring data (metrics, logs, etc.). Siehe auch Erste Schritte mit Rollen, Berechtigungen und Sicherheit in Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
ArbeitsmappenmitwirkenderWorkbook Contributor Kann freigegebene Arbeitsmappen speichern.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
ArbeitsmappenleserWorkbook Reader Kann Arbeitsmappen lesen.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
Verwaltung und GovernanceManagement + governance
Automation-AuftragsoperatorAutomation Job Operator Hiermit werden Aufträge mithilfe von Automation-Runbooks erstellt und verwaltet.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Operator für AutomationAutomation Operator Automatisierungsoperatoren können Aufträge starten, beenden, anhalten und fortsetzen.Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Automation-RunbookoperatorAutomation Runbook Operator Runbookeigenschaften lesen: Ermöglicht das Erstellen von Runbookaufträgen.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Onboarding von Azure Connected MachineAzure Connected Machine Onboarding Kann Azure Connected Machine integrieren.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Ressourcenadministrator für Azure Connected MachineAzure Connected Machine Resource Administrator Kann Azure Connected Machines lesen, schreiben, löschen und erneut integrieren.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
AbrechnungsleserBilling Reader Hiermit wird Lesezugriff auf Abrechnungsdaten ermöglicht.Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Blueprint-MitwirkenderBlueprint Contributor Kann Blaupausendefinitionen verwalten, aber nicht zuweisen.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
Blueprint-OperatorBlueprint Operator Kann vorhandene veröffentlichte Blaupausen zuweisen, aber keine neuen Blaupausen erstellen.Can assign existing published blueprints, but cannot create new blueprints. Beachten Sie, dass dies nur funktioniert, wenn die Zuweisung mit einer vom Benutzer zugewiesenen verwalteten Identität erfolgt.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Mitwirkender für Cost ManagementCost Management Contributor Ermöglicht Ihnen das Anzeigen der Kosten und das Verwalten der Kostenkonfiguration (z. B. Budgets, Exporte).Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Cost Management-LeserCost Management Reader Ermöglicht Ihnen das Anzeigen der Kostendaten und -konfiguration (z. B. Budgets, Exporte).Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
HierarchieeinstellungsadministratorHierarchy Settings Administrator Ermöglicht Benutzern das Bearbeiten und Löschen von Hierarchieeinstellungen.Allows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Kubernetes-Cluster – Azure Arc-OnboardingKubernetes Cluster - Azure Arc Onboarding Rollendefinition zum Autorisieren eines Benutzers/Diensts zum Erstellen einer connectedClusters-RessourceRole definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
Rolle „Mitwirkender für verwaltete Anwendungen“Managed Application Contributor Role Ermöglicht das Erstellen von Ressourcen für verwaltete Anwendungen.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Rolle „Bediener für verwaltete Anwendung“Managed Application Operator Role Ermöglicht Ihnen das Lesen und Durchführen von Aktionen für Ressourcen der verwalteten Anwendung.Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Leser für verwaltete AnwendungenManaged Applications Reader Ermöglicht Ihnen, Ressourcen in einer verwalteten App zu lesen und JIT-Zugriff anzufordern.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
Rolle „Registrierungszuweisung für verwaltete Dienste löschen“Managed Services Registration assignment Delete Role Mit der Rolle „Registrierungszuweisung für verwaltete Dienste löschen“ können Benutzer des verwaltenden Mandanten die ihrem Mandanten zugewiesene Registrierungszuweisung löschen.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
VerwaltungsgruppenmitwirkenderManagement Group Contributor Rolle „Verwaltungsgruppenmitwirkender“Management Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
VerwaltungsgruppenleserManagement Group Reader Rolle „Verwaltungsgruppenleser“Management Group Reader Role ac63b705-F282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
Mitwirkender von New Relic APM-KontoNew Relic APM Account Contributor Ermöglicht Ihnen das Verwalten von New Relic Application Performance Management-Konten und -Anwendungen, nicht aber den Zugriff auf diese.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Policy Insights-Datenschreiber (Vorschau)Policy Insights Data Writer (Preview) Ermöglicht Lesezugriff auf Ressourcenrichtlinien und Schreibzugriff auf Richtlinienereignisse für Ressourcenkomponenten.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
Mitwirkender bei RessourcenrichtlinienResource Policy Contributor Benutzer mit Rechten zum Erstellen/Ändern der Ressourcenrichtlinie, zum Erstellen eines Supporttickets und zum Lesen von Ressourcen/der Hierarchie.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Site Recovery-MitwirkenderSite Recovery Contributor Ermöglicht Ihnen die Verwaltung des Site Recovery-Diensts mit Ausnahme der Tresorerstellung und der Rollenzuweisung.Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery-OperatorSite Recovery Operator Ermöglicht Ihnen ein Failover und ein Failback, aber nicht das Durchführen weiterer Site Recovery-Verwaltungsvorgänge.Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery-LeserSite Recovery Reader Ermöglicht Ihnen die Anzeige des Site Recovery-Status, aber nicht die Durchführung weiterer Verwaltungsvorgänge.Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Mitwirkender für SupportanfragenSupport Request Contributor Ermöglicht Ihnen die Erstellung und Verwaltung von Supportanfragen.Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
TagmitwirkenderTag Contributor Hiermit können Tags für Entitäten verwaltet werden, ohne Zugriff auf die Entitäten selbst zu gewähren.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
AndereOther
Mitwirkender von BizTalkBizTalk Contributor Ermöglicht Ihnen das Verwalten von BizTalk-Diensten, nicht aber den Zugriff darauf.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
DesktopvirtualisierungsbenutzerDesktop Virtualization User Ermöglicht dem Benutzer die Verwendung der Anwendungen in einer Anwendungsgruppe.Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Mitwirkender von ZeitplanungsauftragssammlungScheduler Job Collections Contributor Ermöglicht Ihnen das Verwalten von Scheduler-Auftragssammlungen, nicht aber den Zugriff darauf.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94

AllgemeinGeneral

MitwirkenderContributor

Hiermit wird Vollzugriff zum Verwalten aller Ressourcen gewährt, allerdings nicht zum Zuweisen von Rollen in Azure RBAC.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
* Erstellen und Verwalten von Ressourcen aller TypenCreate and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete Löschen von Rollen, Richtlinienzuweisungen, Richtliniendefinitionen und RichtliniensatzdefinitionenDelete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write Erstellen von Rollen, Rollenzuweisungen, Richtlinienzuweisungen, Richtliniendefinitionen und RichtliniensatzdefinitionenCreate roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action Gewährt dem Aufrufer Zugriff vom Typ „Benutzerzugriffsadministrator“ auf der Mandantenebene.Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write Erstellt oder aktualisiert alle BlaupausenzuweisungenCreate or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete Löscht alle BlaupausenzuweisungenDelete any blueprint assignments
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BesitzerOwner

Hiermit wird Vollzugriff zum Verwalten aller Ressourcen gewährt, einschließlich der Möglichkeit, Rollen in Azure RBAC zuzuweisen.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
* Erstellen und Verwalten von Ressourcen aller TypenCreate and manage resources of all types
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

LeserReader

Hiermit können Sie alle Ressourcen anzeigen, aber keine Änderungen vornehmen.View all resources, but does not allow you to make any changes. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
*/Lesen*/read Lesen von Ressourcen aller Typen mit Ausnahme geheimer SchlüsselRead resources of all types, except secrets.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BenutzerzugriffsadministratorUser Access Administrator

Ermöglicht Ihnen die Verwaltung von Benutzerzugriffen auf Azure-Ressourcen.Lets you manage user access to Azure resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
*/Lesen*/read Lesen von Ressourcen aller Typen mit Ausnahme geheimer SchlüsselRead resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* Verwalten der AutorisierungManage authorization
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ComputeCompute

Mitwirkender von klassischen virtuellen ComputernClassic Virtual Machine Contributor

Ermöglicht Ihnen das Verwalten klassischer virtueller Computer, aber weder den Zugriff darauf noch auf die mit ihnen verbundenen virtuellen Netzwerke oder Speicherkonten.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* Erstellen und Verwalten von klassischen Compute-DomänennamenCreate and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* Erstellen und Verwalten von virtuellen ComputernCreate and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action Dient zum Verknüpfen einer reservierten IP-Adresse.Link a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read Ruft die reservierten IP-Adressen ab.Gets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action Führt zum Beitritt zum virtuellen Netzwerk.Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read Dient zum Abrufen des virtuellen Netzwerks.Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read Gibt den Speicherkontodatenträger zurück.Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read Gibt das Speicherkontoimage zurück.Returns the storage account image. (Veraltet.(Deprecated. Verwenden Sie „Microsoft.ClassicStorage/storageAccounts/vmImages“)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Listet die Zugriffsschlüssel für die Speicherkonten auf.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Dient zum Zurückgeben des Speicherkontos mit dem angegebenen Konto.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

VM-AdministratoranmeldungVirtual Machine Administrator Login

Anzeigen von virtuellen Computern im Portal und Anmelden als Administrator Weitere InformationenView Virtual Machines in the portal and login as administrator Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Ruft eine Definition für eine öffentliche IP-Adresse ab.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Ruft eine Lastenausgleichsdefinition ab.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Ruft eine Netzwerkschnittstellendefinition ab.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Hiermit melden Sie sich bei einem virtuellen Computer als normaler Benutzer an.Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action Hiermit melden Sie sich bei einem virtuellen Computer mit Windows-Administrator- oder Linux-Root-Benutzerrechten an.Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von virtuellen ComputernVirtual Machine Contributor

Ermöglicht Ihnen das Verwalten virtueller Computer, aber weder den Zugriff darauf, noch auf deren verbundenen virtuellen Netzwerke oder Speicherkonten.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* Erstellen und Verwalten von Compute-VerfügbarkeitsgruppenCreate and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* Erstellen und Verwalten von Compute-SpeicherortenCreate and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* Ausführen beliebiger Aktionen für virtuelle Computer, einschließlich Erstellen, Aktualisieren, Löschen, Starten, Neustarten und Ausschalten virtueller Computer.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Ausführen vordefinierter Skripts auf virtuellen Computern.Execute predefined scripts on virtual machines.
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* Erstellen und Verwalten von Skalierungsgruppen für virtuelle ComputerCreate and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write Erstellt einen neuen Datenträger oder aktualisiert einen bereits vorhandenen.Creates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read Dient zum Abrufen der Eigenschaften eines Datenträgers.Get the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete Löscht den Datenträger.Deletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action Verknüpft einen Back-End-Adresspool für ein Application Gateway.Joins an application gateway backend address pool. Nicht warnbar.Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action Verknüpft einen Back-End-Adresspool für den Lastenausgleich.Joins a load balancer backend address pool. Nicht warnbar.Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action Verknüpft einen NAT-Pool für eingehenden Datenverkehr für den Lastenausgleich.Joins a load balancer inbound NAT pool. Nicht warnbar.Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action Verknüpft eine NAT-Regel für eingehenden Datenverkehr für den Lastenausgleich.Joins a load balancer inbound nat rule. Nicht warnbar.Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action Ermöglicht die Verwendung von Prüfpunkten eines Lastenausgleichs.Allows using probes of a load balancer. Beispielsweise kann mit dieser Berechtigung die healthProbe-Eigenschaft einer VM-Skalierungsgruppe auf den Prüfpunkt verweisen.For example, with this permission healthProbe property of VM scale set can reference the probe. Nicht warnbar.Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Ruft eine Lastenausgleichsdefinition ab.Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* Erstellen und Verwalten von NetzwerkspeicherortenCreate and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* Erstellen und Verwalten von NetzwerkschnittstellenCreate and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Verknüpft eine Netzwerksicherheitsgruppe.Joins a network security group. Nicht warnbar.Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read Ruft eine Netzwerksicherheitsgruppen-Definition ab.Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action Verknüpft eine öffentliche IP-Adresse.Joins a public ip address. Nicht warnbar.Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Ruft eine Definition für eine öffentliche IP-Adresse ab.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Verknüpft ein virtuelles Netzwerk.Joins a virtual network. Nicht warnbar.Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Erstellt einen beabsichtigten Sicherungsschutz.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Gibt Objektdetails des geschützten Elements zurück.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Dient zum Erstellen eines geschützten Elements für die Sicherung.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Gibt alle Schutzrichtlinien zurück.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write Erstellt Schutzrichtlinien.Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read Der Vorgang „Tresor abrufen“ ruft ein Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Gibt Nutzungsdetails für einen Recovery Services-Tresor zurück.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write Der Vorgang „Tresor erstellen“ erstellt eine Azure-Ressource vom Typ „Tresor“.Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Gibt die Zugriffsschlüssel für das angegebene Speicherkonto zurück.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Gibt die Liste mit Speicherkonten zurück oder ruft die Eigenschaften für das angegebene Speicherkonto ab.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

VM-BenutzeranmeldungVirtual Machine User Login

Anzeigen von virtuellen Computern im Portal und Anmelden als regulärer Benutzer.View Virtual Machines in the portal and login as a regular user. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Ruft eine Definition für eine öffentliche IP-Adresse ab.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Ruft eine Lastenausgleichsdefinition ab.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Ruft eine Netzwerkschnittstellendefinition ab.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Hiermit melden Sie sich bei einem virtuellen Computer als normaler Benutzer an.Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

NetzwerkNetworking

Mitwirkender für den CDN-EndpunktCDN Endpoint Contributor

Diese Rolle kann CDN-Endpunkte verwalten, aber anderen Benutzern keinen Zugriff erteilen.Can manage CDN endpoints, but can't grant access to other users.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN-EndpunktleserCDN Endpoint Reader

Diese Rolle kann CDN-Endpunkte anzeigen, aber keine Änderungen vornehmen.Can view CDN endpoints, but can't make changes.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für das CDN-ProfilCDN Profile Contributor

Diese Rolle kann CDN-Profile und deren Endpunkte verwalten, aber anderen Benutzern keinen Zugriff erteilen.Can manage CDN profiles and their endpoints, but can't grant access to other users. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN-ProfilleserCDN Profile Reader

Diese Rolle kann CDN-Profile und deren Endpunkte anzeigen, aber keine Änderungen vornehmen.Can view CDN profiles and their endpoints, but can't make changes.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von klassischem NetzwerkClassic Network Contributor

Ermöglicht Ihnen das Verwalten von klassischen Netzwerken, nicht aber den Zugriff darauf.Lets you manage classic networks, but not access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* Erstellen und Verwalten von klassischen NetzwerkenCreate and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DNS Zone ContributorDNS Zone Contributor

Ermöglicht Ihnen die Verwaltung von DNS-Zonen und Ressourceneintragssätzen in Azure DNS, aber nicht zu steuern, wer darauf Zugriff hat.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* Erstellen und Verwalten von DNS-Zonen und -EinträgenCreate and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von virtuellem NetzwerkNetwork Contributor

Ermöglicht Ihnen das Verwalten von Netzwerken, nicht aber den Zugriff darauf.Lets you manage networks, but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* Erstellen und Verwalten von NetzwerkenCreate and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für private DNS-ZonePrivate DNS Zone Contributor

Ermöglicht Ihnen das Verwalten privater DNS-Zonenressourcen, aber nicht der virtuellen Netzwerke, mit denen sie verknüpft sind.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action Verknüpft ein virtuelles Netzwerk.Joins a virtual network. Nicht warnbar.Not Alertable.
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Traffic Manager-MitwirkenderTraffic Manager Contributor

Ermöglicht Ihnen die Verwaltung von Traffic Manager-Profilen, aber nicht die Steuerung des Zugriffs darauf.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

StorageStorage

Avere-MitwirkenderAvere Contributor

Kann einen Avere vFXT-Cluster erstellen und verwalten.Can create and manage an Avere vFXT cluster. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Ruft eine Subnetzdefinition für virtuelle Netzwerke ab.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Verknüpft ein virtuelles Netzwerk.Joins a virtual network. Nicht warnbar.Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Verknüpft Ressourcen wie etwa ein Speicherkonto oder eine SQL-Datenbank mit einem Subnetz.Joins resource such as storage account or SQL database to a subnet. Nicht warnbar.Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Verknüpft eine Netzwerksicherheitsgruppe.Joins a network security group. Nicht warnbar.Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Erstellen und Verwalten von SpeicherkontenCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read Ruft die Ressourcen für die Ressourcengruppe ab.Gets the resources for the resource group.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Gibt das Ergebnis beim Löschen eines Blobs zurück.Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Gibt ein Blob oder eine Liste von Blobs zurück.Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Gibt das Ergebnis beim Schreiben eines Blobs zurück.Returns the result of writing a blob
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Avere-BedienerAvere Operator

Wird vom Avere vFXT-Cluster zum Verwalten des Clusters verwendet Weitere InformationenUsed by the Avere vFXT cluster to manage the cluster Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read Dient zum Abrufen der Eigenschaften eines virtuellen Computers.Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Ruft eine Netzwerkschnittstellendefinition ab.Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write Erstellt eine Netzwerkschnittstelle oder aktualisiert eine vorhandene Netzwerkschnittstelle.Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Ruft eine Subnetzdefinition für virtuelle Netzwerke ab.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Verknüpft ein virtuelles Netzwerk.Joins a virtual network. Nicht warnbar.Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Verknüpft eine Netzwerksicherheitsgruppe.Joins a network security group. Nicht warnbar.Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Gibt das Ergebnis beim Löschen eines Containers zurück.Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Hiermit wird eine Liste von Containern zurückgegeben.Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Gibt das Ergebnis des PUT-Vorgangs für den Blobcontainer zurück.Returns the result of put blob container
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Gibt das Ergebnis beim Löschen eines Blobs zurück.Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Gibt ein Blob oder eine Liste von Blobs zurück.Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Gibt das Ergebnis beim Schreiben eines Blobs zurück.Returns the result of writing a blob
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für SicherungenBackup Contributor

Ermöglicht Ihnen die Verwaltung des Sicherungsdiensts. Sie können jedoch keine Tresore erstellen oder anderen Benutzern Zugriff gewähren. Weitere InformationenLets you manage backup service, but can't create vaults and give access to others Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Verwalten der Ergebnisse eines Vorgangs in der SicherungsverwaltungManage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Erstellen und Verwalten von Sicherungscontainern in Sicherungsfabrics des Recovery Services-TresorsCreate and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Aktualisiert die Containerliste.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Erstellen und Verwalten von SicherungsaufträgenCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Dient zum Exportieren von Aufträgen.Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Erstellen und Verwalten der Ergebnisse von SicherungsverwaltungsvorgängenCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* Erstellen und Verwalten von SicherungsrichtlinienCreate and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Erstellen und Verwalten von Elementen, die gesichert werden könnenCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* Erstellen und Verwalten von gesicherten ElementenCreate and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Erstellen und Verwalten von Containern mit SicherungselementenCreate and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Gibt Zusammenfassungen für geschützte Elemente und geschützte Server für einen Recovery Services-Tresor zurück.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Erstellen und Verwalten von Zertifikaten in Zusammenhang mit Sicherungen in einem Recovery Services-TresorCreate and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Erstellen und Verwalten erweiterter Informationen in Zusammenhang mit einem TresorCreate and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Ruft die Warnungen für den Recovery Services-Tresor ab.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read Der Vorgang „Tresor abrufen“ ruft ein Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Erstellen und Verwalten von registrierten IdentitätenCreate and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Erstellen und Verwalten der Nutzung des Recovery Services-TresorsCreate and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Gibt die Liste mit Speicherkonten zurück oder ruft die Eigenschaften für das angegebene Speicherkonto ab.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Überprüft Vorgang für geschütztes Element.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write Der Vorgang „Tresor erstellen“ erstellt eine Azure-Ressource vom Typ „Tresor“.Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Gibt den Status eines Sicherungsvorgangs für Recovery Services-Tresore zurück.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Gibt alle Sicherungsverwaltungsserver zurück, die beim Tresor registriert sind.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Ruft alle schützbaren Container ab.Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Überprüft den Sicherungsstatus für Recovery Services-Tresore.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Überprüft Features.Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Löst die Warnung auf.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Der Vorgang gibt die Liste der Vorgänge für einen Ressourcenanbieter zurück.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Ruft den Vorgangsstatus eines angegebenen Vorgangs ab.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listet den gesamten beabsichtigten Sicherungsschutz auf.List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SicherungsoperatorBackup Operator

Ermöglicht Ihnen das Verwalten von Sicherungsdiensten, jedoch nicht das Entfernen der Sicherung, die Tresorerstellung und das Erteilen von Zugriff an andere Benutzer. Weitere InformationenLets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Dient zum Abrufen der Definition des virtuellen Netzwerks.Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Gibt den Status des Vorgangs zurück.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Ruft das Ergebnis eines Vorgangs ab, der für den Schutzcontainer ausgeführt wurde.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Führt eine Sicherung für geschützte Elemente aus.Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Ruft das Ergebnis eines Vorgangs ab, der für geschützte Elemente ausgeführt wurde.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Gibt den Status eines Vorgangs zurück, der für geschützte Elemente ausgeführt wurde.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Gibt Objektdetails des geschützten Elements zurück.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Dient zum Bereitstellen der sofortigen Elementwiederherstellung für geschützte Elemente.Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Dient zum Abrufen von Wiederherstellungspunkten für geschützte Elemente.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Dient zum Wiederherstellen von Wiederherstellungspunkten für geschützte Elemente.Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Dient zum Widerrufen der sofortigen Elementwiederherstellung für geschützte Elemente.Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Dient zum Erstellen eines geschützten Elements für die Sicherung.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Gibt alle registrierten Container zurück.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Aktualisiert die Containerliste.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Erstellen und Verwalten von SicherungsaufträgenCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Dient zum Exportieren von Aufträgen.Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Erstellen und Verwalten der Ergebnisse von SicherungsverwaltungsvorgängenCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Dient zum Abrufen der Ergebnisse von Richtlinienvorgängen.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Gibt alle Schutzrichtlinien zurück.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Erstellen und Verwalten von Elementen, die gesichert werden könnenCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Gibt die Liste mit allen geschützten Elementen zurück.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Gibt alle zum Abonnement gehörenden Container zurück.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Gibt Zusammenfassungen für geschützte Elemente und geschützte Server für einen Recovery Services-Tresor zurück.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write Der Vorgang „Ressourcenzertifikat aktualisieren“ aktualisiert das Zertifikat für die Ressourcen-/Tresoranmeldeinformationen.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read Der Vorgang „Ausführliche Informationen abrufen“ ruft die ausführlichen Informationen zu einem Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write Der Vorgang „Ausführliche Informationen abrufen“ ruft die ausführlichen Informationen zu einem Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Ruft die Warnungen für den Recovery Services-Tresor ab.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read Der Vorgang „Tresor abrufen“ ruft ein Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read Mit dem Vorgang „Vorgangsergebnisse abrufen“ können der Vorgangsstatus und das Ergebnis für den asynchron übermittelten Vorgang abgerufen werden.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read Der Vorgang „Container abrufen“ kann zum Abrufen der für eine Ressource registrierten Container verwendet werden.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write Der Vorgang „Dienstcontainer registrieren“ kann zum Registrieren eines Containers beim Wiederherstellungsdienst verwendet werden.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Gibt Nutzungsdetails für einen Recovery Services-Tresor zurück.Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Gibt die Liste mit Speicherkonten zurück oder ruft die Eigenschaften für das angegebene Speicherkonto ab.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Überprüft Vorgang für geschütztes Element.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Gibt den Status eines Sicherungsvorgangs für Recovery Services-Tresore zurück.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Dient zum Abrufen des Status von Richtlinienvorgängen.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Erstellt einen registrierten Container.Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Führt die Abfrage für Workloads innerhalb eines Containers durch.Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Gibt alle Sicherungsverwaltungsserver zurück, die beim Tresor registriert sind.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Erstellt einen beabsichtigten Sicherungsschutz.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Ruft einen beabsichtigten Sicherungsschutz ab.Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Ruft alle schützbaren Container ab.Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Ruft alle Elemente in einem Container ab.Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Überprüft den Sicherungsstatus für Recovery Services-Tresore.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Überprüft Features.Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Löst die Warnung auf.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Der Vorgang gibt die Liste der Vorgänge für einen Ressourcenanbieter zurück.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Ruft den Vorgangsstatus eines angegebenen Vorgangs ab.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listet den gesamten beabsichtigten Sicherungsschutz auf.List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SicherungsleserBackup Reader

Kann Sicherungsdienste anzeigen, aber keine Änderungen vornehmen. Weitere InformationenCan view backup services, but can't make changes Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read „GetAllocatedStamp“ ist ein interner Vorgang des Diensts.GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Gibt den Status des Vorgangs zurück.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Ruft das Ergebnis eines Vorgangs ab, der für den Schutzcontainer ausgeführt wurde.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Ruft das Ergebnis eines Vorgangs ab, der für geschützte Elemente ausgeführt wurde.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Gibt den Status eines Vorgangs zurück, der für geschützte Elemente ausgeführt wurde.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Gibt Objektdetails des geschützten Elements zurück.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Dient zum Abrufen von Wiederherstellungspunkten für geschützte Elemente.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Gibt alle registrierten Container zurück.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read Gibt das Ergebnis von Auftragsvorgängen zurück.Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read Gibt alle Auftragsobjekte zurück.Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Dient zum Exportieren von Aufträgen.Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Gibt das Ergebnis eines Sicherungsvorgangs für Recovery Services-Tresore zurück.Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Dient zum Abrufen der Ergebnisse von Richtlinienvorgängen.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Gibt alle Schutzrichtlinien zurück.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Gibt die Liste mit allen geschützten Elementen zurück.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Gibt alle zum Abonnement gehörenden Container zurück.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Gibt Zusammenfassungen für geschützte Elemente und geschützte Server für einen Recovery Services-Tresor zurück.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read Der Vorgang „Ausführliche Informationen abrufen“ ruft die ausführlichen Informationen zu einem Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Ruft die Warnungen für den Recovery Services-Tresor ab.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read Der Vorgang „Tresor abrufen“ ruft ein Objekt ab, das die Azure-Ressource vom Typ „Tresor“ darstellt.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read Mit dem Vorgang „Vorgangsergebnisse abrufen“ können der Vorgangsstatus und das Ergebnis für den asynchron übermittelten Vorgang abgerufen werden.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read Der Vorgang „Container abrufen“ kann zum Abrufen der für eine Ressource registrierten Container verwendet werden.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Gibt die Speicherkonfiguration für Recovery Services-Tresore zurück.Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Gibt die Konfiguration für Recovery Services-Tresore zurück.Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Gibt den Status eines Sicherungsvorgangs für Recovery Services-Tresore zurück.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Dient zum Abrufen des Status von Richtlinienvorgängen.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Gibt alle Sicherungsverwaltungsserver zurück, die beim Tresor registriert sind.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Ruft einen beabsichtigten Sicherungsschutz ab.Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Ruft alle Elemente in einem Container ab.Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Überprüft den Sicherungsstatus für Recovery Services-Tresore.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Löst die Warnung auf.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Der Vorgang gibt die Liste der Vorgänge für einen Ressourcenanbieter zurück.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Ruft den Vorgangsstatus eines angegebenen Vorgangs ab.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listet den gesamten beabsichtigten Sicherungsschutz auf.List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Gibt Nutzungsdetails für einen Recovery Services-Tresor zurück.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Überprüft Features.Validate Features
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von klassischem SpeicherkontoClassic Storage Account Contributor

Ermöglicht Ihnen das Verwalten klassischer Speicherkonten, nicht aber den Zugriff darauf.Lets you manage classic storage accounts, but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* Erstellen und Verwalten von SpeicherkontenCreate and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Klassische Dienstrolle „Speicherkonto-Schlüsseloperator“Classic Storage Account Key Operator Service Role

Klassische Speicherkonto-Schlüsseloperatoren dürfen Schlüssel für klassische Speicherkonten auflisten und neu generieren. Weitere InformationenClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action Listet die Zugriffsschlüssel für die Speicherkonten auf.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action Generiert die vorhandenen Zugriffsschlüssel für das Speicherkonto neu.Regenerates the existing access keys for the storage account.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box-MitwirkenderData Box Contributor

Ermöglicht Ihnen das Verwalten aller Komponenten unter dem Data Box-Dienst, mit Ausnahme der Gewährung des Zugriffs für andere Benutzer.Lets you manage everything under Data Box Service except giving access to others. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box-LeserData Box Reader

Ermöglicht Ihnen das Verwalten des Data Box-Diensts, mit Ausnahme der Erstellung von Aufträgen oder der Bearbeitung von Auftragsdetails und der Gewährung des Zugriffs für andere Benutzer.Lets you manage Data Box Service except creating order or editing order details and giving access to others. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action Hiermit werden die unverschlüsselten Anmeldeinformationen für den Auftrag aufgelistet.Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action Mit dieser Methode wird die Liste der verfügbaren SKUs zurückgegeben.This method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action Diese Methode führt alle Arten von Prüfungen aus.This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action Diese Methode gibt die Konfigurationen für die Region zurück.This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action Hiermit wird die Lieferadresse überprüft, und es werden – sofern vorhanden – alternative Adressen bereitgestellt.Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Lake Analytics-EntwicklerData Lake Analytics Developer

Ermöglicht Ihnen das Übermitteln, Überwachen und Verwalten Ihrer eigenen Aufträge, aber nicht das Erstellen oder Löschen von Data Lake Analytics-Konten.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete Löscht ein DataLakeAnalytics-Konto.Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action Erteilt Berechtigungen zum Abbrechen von Aufträgen, die von anderen Benutzern übermittelt wurden.Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write Erstellt oder aktualisiert ein DataLakeAnalytics-Konto.Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write Erstellt oder aktualisiert ein verknüpftes DataLakeStore-Konto eines DataLakeAnalytics-Kontos.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete Hebt die Verknüpfung eines DataLakeStore-Kontos mit einem DataLakeAnalytics-Konto auf.Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write Erstellt oder aktualisiert ein verknüpftes Speicherkonto eines DataLakeAnalytics-Kontos.Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete Hebt die Verknüpfung eines Speicherkontos mit einem DataLakeAnalytics-Konto auf.Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write Dient zum Erstellen oder Aktualisieren einer Firewallregel.Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete Dient zum Löschen einer Firewallregel.Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write Erstellt oder aktualisiert eine Computerichtlinie.Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete Löscht eine Computerichtlinie.Delete a compute policy.
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lese- und DatenzugriffReader and Data Access

Ermöglicht Ihnen das Anzeigen sämtlicher Aspekte, jedoch nicht das Löschen oder Erstellen eines Speicherkontos oder einer darin enthaltenen Ressource.Lets you view everything but will not let you delete or create a storage account or contained resource. Sie können auch Lese-/Schreibzugriff auf alle Daten in einem Speicherkonto durch Zugriff auf Speicherkontoschlüssel gewähren.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Gibt die Zugriffsschlüssel für das angegebene Speicherkonto zurück.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action Gibt das Konto-SAS-Token für das angegebene Speicherkonto zurück.Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Gibt die Liste mit Speicherkonten zurück oder ruft die Eigenschaften für das angegebene Speicherkonto ab.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von SpeicherkontoStorage Account Contributor

Erlaubt die Verwaltung von Speicherkonten.Permits management of storage accounts. Ermöglicht den Zugriff auf den Kontoschlüssel, der für den Datenzugriff über die Autorisierung mit einem gemeinsam verwendetem Schlüssel genutzt werden kann.Provides access to the account key, which can be used to access data via Shared Key authorization. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Erstellt, aktualisiert oder liest die Diagnoseeinstellung für den Analysis-Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Verknüpft Ressourcen wie etwa ein Speicherkonto oder eine SQL-Datenbank mit einem Subnetz.Joins resource such as storage account or SQL database to a subnet. Nicht warnbar.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Erstellen und Verwalten von SpeicherkontenCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Dienstrolle „Speicherkonto-Schlüsseloperator“Storage Account Key Operator Service Role

Ermöglicht das Auflisten und erneute Generieren von Zugriffsschlüsseln für Speicherkonten.Permits listing and regenerating storage account access keys. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action Gibt die Zugriffsschlüssel für das angegebene Speicherkonto zurück.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action Generiert die Zugriffsschlüssel für das angegebene Speicherkonto neu.Regenerates the access keys for the specified storage account.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender an Storage-BlobdatenStorage Blob Data Contributor

Lesen, Schreiben und Löschen von Azure Storage-Containern und -Blobs.Read, write, and delete Azure Storage containers and blobs. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Löschen eines Containers.Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Zurückgeben eines Containers oder einer Liste von Containern.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Ändern der Metadaten oder Eigenschaften eines Containers.Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Gibt einen Benutzerdelegierungsschlüssel für den Blob-Dienst zurück.Returns a user delegation key for the Blob service.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Löschen eines BlobsDelete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Zurückgeben eines Blob oder einer Liste von Blobs.Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action Verschiebt das Blob aus einem Pfad in einen anderen.Moves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Schreiben in ein Blob.Write to a blob.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Besitzer von SpeicherblobdatenStorage Blob Data Owner

Bietet Vollzugriff auf Azure Storage-Blobcontainer und -daten, einschließlich POSIX-Zugriffssteuerung.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* Vollzugriffsberechtigungen für Container.Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Gibt einen Benutzerdelegierungsschlüssel für den Blob-Dienst zurück.Returns a user delegation key for the Blob service.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Vollzugriffsberechtigungen für Blobs.Full permissions on blobs.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leser von SpeicherblobdatenStorage Blob Data Reader

Lesen und Auflisten von Azure Storage-Containern und -Blobs.Read and list Azure Storage containers and blobs. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Zurückgeben eines Containers oder einer Liste von Containern.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Gibt einen Benutzerdelegierungsschlüssel für den Blob-Dienst zurück.Returns a user delegation key for the Blob service.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Zurückgeben eines Blob oder einer Liste von Blobs.Return a blob or a list of blobs.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob-DelegatorStorage Blob Delegator

Abrufen eines Benutzerdelegierungsschlüssels, mit dem dann eine SAS (Shared Access Signature) für einen Container oder Blob erstellt werden kann, die mit Azure AD-Anmeldeinformationen signiert ist.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Weitere Informationen finden Sie unter Erstellen einer SAS für die Benutzerdelegierung.For more information, see Create a user delegation SAS. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Gibt einen Benutzerdelegierungsschlüssel für den Blob-Dienst zurück.Returns a user delegation key for the Blob service.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Speicherdateidaten-SMB-FreigabemitwirkenderStorage File Data SMB Share Contributor

Ermöglicht den Lese-, Schreib- und Löschzugriff auf Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read, write, and delete access on files/directories in Azure file shares. Für diese Rolle gibt es keine integrierte Entsprechung auf Windows-Dateiservern.This role has no built-in equivalent on Windows file servers. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Gibt eine Datei oder einen Ordner oder eine Liste mit Dateien/Ordnern zurück.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Gibt das Ergebnis des Schreibens einer Datei oder des Erstellens eines Ordners zurück.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Gibt das Ergebnis des Löschens einer Datei/eines Ordners zurück.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Speicherdateidaten-SMB-Freigabemitwirkender mit erhöhten RechtenStorage File Data SMB Share Elevated Contributor

Ermöglicht das Lesen, Schreiben, Löschen und Bearbeiten von Zugriffssteuerungslisten für Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Diese Rolle entspricht einer Dateifreigabe-ACL für das Bearbeiten auf Windows-Dateiservern.This role is equivalent to a file share ACL of change on Windows file servers. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Gibt eine Datei oder einen Ordner oder eine Liste mit Dateien/Ordnern zurück.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Gibt das Ergebnis des Schreibens einer Datei oder des Erstellens eines Ordners zurück.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Gibt das Ergebnis des Löschens einer Datei/eines Ordners zurück.Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action Gibt das Ergebnis der Berechtigungsänderung für eine Datei/einen Ordner zurück.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Speicherdateidaten-SMB-FreigabeleserStorage File Data SMB Share Reader

Ermöglicht den Lesezugriff auf Dateien/Verzeichnisse in Azure-Dateifreigaben.Allows for read access on files/directories in Azure file shares. Diese Rolle entspricht einer Dateifreigabe-ACL für das Lesen auf Windows-Dateiservern.This role is equivalent to a file share ACL of read on Windows file servers. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Gibt eine Datei oder einen Ordner oder eine Liste mit Dateien/Ordnern zurück.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender an Storage-WarteschlangendatenStorage Queue Data Contributor

Lesen, Schreiben und Löschen von Azure Storage-Warteschlangen und -Warteschlangennachrichten.Read, write, and delete Azure Storage queues and queue messages. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete Löschen einer Warteschlange.Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Zurückgeben einer Warteschlange oder Liste mit Warteschlangen.Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write Ändern der Metadaten oder Eigenschaften einer Warteschlange.Modify queue metadata or properties.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete Löschen einer oder mehrerer Nachrichten aus einer Warteschlange.Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Einsehen oder Abrufen einer oder mehrerer Nachrichten aus einer Warteschlange.Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write Hinzufügen von Nachrichten zu einer Warteschlange.Add a message to a queue.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Verarbeiter von Speicherwarteschlangen-DatennachrichtenStorage Queue Data Message Processor

Einsehen, Abrufen und Löschen einer Nachricht aus einer Azure Storage-Warteschlange.Peek, retrieve, and delete a message from an Azure Storage queue. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Einsehen einer Nachricht.Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Abrufen und Löschen einer Nachricht.Retrieve and delete a message.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Absender der Speicherwarteschlangen-DatennachrichtStorage Queue Data Message Sender

Hinzufügen von Nachrichten zu einer Azure Storage-Warteschlange.Add messages to an Azure Storage queue. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action Hinzufügen von Nachrichten zu einer Warteschlange.Add a message to a queue.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage-WarteschlangendatenleserStorage Queue Data Reader

Lesen und Auflisten von Azure Storage-Warteschlangen und -Warteschlangennachrichten.Read and list Azure Storage queues and queue messages. Um zu erfahren, welche Aktionen für einen bestimmten Datenvorgang erforderlich sind, siehe Berechtigungen für den Aufruf von Datenvorgängen für Blobs und Warteschlangen.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Gibt eine Warteschlange oder eine Liste von Warteschlangen zurück.Returns a queue or a list of queues.
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Einsehen oder Abrufen einer oder mehrerer Nachrichten aus einer Warteschlange.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Azure Maps-DatenleserAzure Maps Data Reader

Gewährt Lesezugriff auf kartenbezogene Daten von einem Azure Maps-Konto.Grants access to read map related data from an Azure maps account.

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von SuchdienstSearch Service Contributor

Ermöglicht Ihnen das Verwalten von Search-Diensten, nicht aber den Zugriff darauf.Lets you manage Search services, but not access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* Erstellen und Verwalten von SuchdienstenCreate and manage search services
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von WebplanWeb Plan Contributor

Ermöglicht Ihnen das Verwalten der Webpläne für Websites, nicht aber den Zugriff darauf.Lets you manage the web plans for websites, but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* Erstellen und Verwalten von ServerfarmenCreate and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action Tritt einer App Service-Umgebung bei.Joins an App Service Environment
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von WebsiteWebsite Contributor

Ermöglicht Ihnen das Verwalten von Websites (nicht der Webpläne), nicht aber den Zugriff darauf.Lets you manage websites (not web plans), but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Erstellen und Verwalten von Insights-KomponentenCreate and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* Erstellen und Verwalten von WebsitezertifikatenCreate and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read Dient zum Abrufen der Namen von Websites, die dem Hostnamen zugewiesen sind.Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action Hiermit wird der Beitritt zu einem App Service-Plan ausgeführt.Joins an App Service Plan
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Dient zum Abrufen der Eigenschaften für einen App Service-Plan.Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* Erstellen und Verwalten von Websites (die Erstellung von Websites erfordert auch Schreibberechtigungen für den zugehörigen App Service-Plan)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContainerContainers

AcrDeleteAcrDelete

ACR-Löschvorgang Weitere Informationenacr delete Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete Löschen von Artefakten aus einer Containerregistrierung.Delete artifact in a container registry.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

ACR-Imagesignaturgeber Weitere Informationenacr image signer Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write Pushen/Pullen von Inhaltsvertrauen-Metadaten für eine ContainerregistrierungPush/Pull content trust metadata for a container registry.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

ACR-Pullvorgang Weitere Informationenacr pull Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Pullen oder Abrufen von Images aus einer ContainerregistrierungPull or Get images from a container registry.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

ACR-Pushvorgang Weitere Informationenacr push Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Pullen oder Abrufen von Images aus einer ContainerregistrierungPull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write Pushen oder Schreiben von Images in eine ContainerregistrierungPush or Write images to a container registry.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

ACR-Quarantänedatenleseracr quarantine data reader

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Pullen oder Abrufen von Images in Quarantäne aus einer ContainerregistrierungPull or Get quarantined images from container registry
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

ACR-Quarantänedatenschreiberacr quarantine data writer

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Pullen oder Abrufen von Images in Quarantäne aus einer ContainerregistrierungPull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write Schreiben/Ändern des Quarantänezustands von unter Quarantäne gestellten ImagesWrite/Modify quarantine state of quarantined images
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administratorrolle für Azure Kubernetes Service-ClusterAzure Kubernetes Service Cluster Admin Role

Listet die Aktion für Anmeldeinformationen des Clusteradministrators auf.List cluster admin credential action. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action Listet die clusterAdmin-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action Ruft ein Zugriffsprofil für verwaltete Cluster anhand des Rollennamens mithilfe der Liste der Anmeldeinformationen ab.Get a managed cluster access profile by role name using list credential
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Ruft einen verwalteten Cluster ab.Get a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Benutzerrolle für Azure Kubernetes Service-ClusterAzure Kubernetes Service Cluster User Role

Listet die Aktion für Anmeldeinformationen des Clusterbenutzer auf.List cluster user credential action. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listet die clusterUser-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterUser credential of a managed cluster
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Ruft einen verwalteten Cluster ab.Get a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rolle „Mitwirkender“ für Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role

Gewährt Lese- und Schreibzugriff auf Azure Kubernetes Service-Cluster Weitere InformationenGrants access to read and write Azure Kubernetes Service clusters Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Ruft einen verwalteten Cluster ab.Get a managed cluster
Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write Erstellt einen neuen verwalteten Cluster oder aktualisiert einen vorhandenen.Creates a new managed cluster or updates an existing one
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RBAC-Administrator von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Admin

Ermöglicht Ihnen das Verwalten aller Ressourcen unter einem Cluster/Namespace, außer das Aktualisieren oder Löschen von Ressourcenkontingenten und Namespaces.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Erstellt oder aktualisiert eine Bereitstellung.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listet die clusterUser-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterUser credential of a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write Schreibt resourcequotas.Writes resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete Löscht resourcequotas.Deletes resourcequotas
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write Schreibt namespaces.Writes namespaces
Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete Löscht namespaces.Deletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RBAC-Clusteradministrator von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Cluster Admin

Ermöglicht Ihnen das Verwalten aller Ressourcen im Cluster.Lets you manage all resources in the cluster. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Erstellt oder aktualisiert eine Bereitstellung.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listet die clusterUser-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterUser credential of a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RBAC-Leser von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Reader

Ermöglicht Ihnen das Anzeigen aller Ressourcen im Cluster/Namespace mit Ausnahme von Geheimnissen.Lets you view all resources in cluster/namespace, except secrets. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Erstellt oder aktualisiert eine Bereitstellung.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listet die clusterUser-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterUser credential of a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write
Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view all resources in cluster/namespace, except secrets.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*/read"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
        "Microsoft.ContainerService/managedClusters/secrets/*"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RBAC-Writer von Azure Kubernetes ServiceAzure Kubernetes Service RBAC Writer

Ermöglicht Ihnen das Aktualisieren aller Elemente im Cluster/Namespace mit Ausnahme von Ressourcenkontingenten, Namespaces, Pod-Sicherheitsrichtlinien, Zertifikatsignieranforderungen, (Cluster-)Rollen und (Cluster-)Rollenbindungen.Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Erstellt oder aktualisiert eine Bereitstellung.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listet die clusterUser-Anmeldeinformationen eines verwalteten Clusters auf.List the clusterUser credential of a managed cluster
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read
Microsoft.ContainerService/managedClusters/*/writeMicrosoft.ContainerService/managedClusters/*/write
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write Schreibt namespaces.Writes namespaces
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write Schreibt resourcequotas.Writes resourcequotas
Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/writeMicrosoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write Schreibt certificatesigningrequests.Writes certificatesigningrequests
Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/writeMicrosoft.ContainerService/managedClusters/policy/podsecuritypolicies/write Schreibt podsecuritypolicies.Writes podsecuritypolicies
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*/read",
        "Microsoft.ContainerService/managedClusters/*/write"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write",
        "Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/write"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DatenbankenDatabases

Cosmos DB-Rolle „Kontoleser“Cosmos DB Account Reader Role

Kann Azure Cosmos DB-Kontodaten lesen.Can read Azure Cosmos DB account data. Informationen zum Verwalten von Azure Cosmos DB-Konten finden Sie unter Mitwirkender von DocumentDB-Konto.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read Lesen einer beliebigen SammlungRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action Liest die schreibgeschützten Schlüssel für Datenbankkonten.Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cosmos DB-OperatorCosmos DB Operator

Ermöglicht das Verwalten von Azure Cosmos DB-Konten, aber nicht das Zugreifen auf deren Daten.Lets you manage Azure Cosmos DB accounts, but not access data in them. Verhindert den Zugriff auf Kontoschlüssel und Verbindungszeichenfolgen.Prevents access to account keys and connection strings. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Verknüpft Ressourcen wie etwa ein Speicherkonto oder eine SQL-Datenbank mit einem Subnetz.Joins resource such as storage account or SQL database to a subnet. Nicht warnbar.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Kann eine Wiederherstellungsanforderung für eine Cosmos DB-Datenbank oder einen Container für ein Konto übermitteln. Weitere InformationenCan submit restore request for a Cosmos DB database or a container for an account Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action Sendet eine Anforderung zum Konfigurieren der Sicherung.Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action Sendet eine Wiederherstellungsanforderung.Submit a restore request
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von DocumentDB-KontoDocumentDB Account Contributor

Kann Azure Cosmos DB-Konten verwalten.Can manage Azure Cosmos DB accounts. Azure Cosmos DB wurde früher als DocumentDB bezeichnet.Azure Cosmos DB is formerly known as DocumentDB. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Kann Azure Cosmos DB-Konten erstellen und verwaltenCreate and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Verknüpft Ressourcen wie etwa ein Speicherkonto oder eine SQL-Datenbank mit einem Subnetz.Joins resource such as storage account or SQL database to a subnet. Nicht warnbar.Not alertable.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von Redis-CacheRedis Cache Contributor

Ermöglicht Ihnen das Verwalten von Redis Caches, nicht aber den Zugriff darauf.Lets you manage Redis caches, but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Cache/register/actionMicrosoft.Cache/register/action Registriert den Ressourcenanbieter „Microsoft.Cache“ bei einem Abonnement.Registers the 'Microsoft.Cache' resource provider with a subscription
Microsoft.Cache/redis/*Microsoft.Cache/redis/* Erstellen und Verwalten von Redis-CachesCreate and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von SQL DBSQL DB Contributor

Ermöglicht Ihnen das Verwalten von SQL-Datenbanken, nicht aber den Zugriff darauf.Lets you manage SQL databases, but not access to them. Darüber hinaus können Sie deren sicherheitsbezogenen Richtlinien oder übergeordneten SQL-Server nicht verwalten.Also, you can't manage their security-related policies or their parent SQL servers. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* Erstellen und Verwalten von SQL-DatenbankenCreate and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Gibt die Liste der Server zurück oder ruft die Eigenschaften für den angegebenen Server ab.Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Überwachungsrichtlinien bearbeitenEdit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Überwachungseinstellungen bearbeitenEdit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Dient zum Abrufen der Datensätze für die Datenbankblobüberwachung.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Verbindungsrichtlinien bearbeitenEdit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Datenmaskierungsrichtlinien bearbeitenEdit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Richtlinien für Sicherheitswarnungen bearbeitenEdit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Sicherheitsmetriken bearbeitenEdit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Verwaltete SQL-Instanz: MitwirkenderSQL Managed Instance Contributor

Diese Rolle ermöglicht Ihnen das Verwalten verwalteter SQL-Instanzen und der erforderlichen Netzwerkkonfiguration, jedoch nicht das Erteilen des Zugriffs an andere.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

AktionenActions BESCHREIBUNGDescription
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL-Sicherheits-ManagerSQL Security Manager

Ermöglicht Ihnen das Verwalten von sicherheitsbezogenen Richtlinien von SQL-Server und Datenbanken, jedoch nicht den Zugriff darauf.Lets you manage the security-related policies of SQL servers and databases, but not access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Verknüpft Ressourcen wie etwa ein Speicherkonto oder eine SQL-Datenbank mit einem Subnetz.Joins resource such as storage account or SQL database to a subnet. Nicht warnbar.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* Erstellen und Verwalten von SQL Server-ÜberwachungsrichtlinienCreate and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Erstellen und Verwalten von SQL Server-ÜberwachungseinstellungenCreate and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read Dient zum Abrufen von Details zur Richtlinie für die erweiterte Serverblobüberwachung, die für einen bestimmten Server konfiguriert ist.Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Erstellen und Verwalten von Überwachungsrichtlinien von SQL Server-DatenbankenCreate and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Erstellen und Verwalten von Überwachungseinstellungen von SQL Server-DatenbankenCreate and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Dient zum Abrufen der Datensätze für die Datenbankblobüberwachung.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Erstellen und Verwalten von Verbindungsrichtlinien von SQL Server-DatenbankenCreate and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Erstellen und Verwalten von Datenmaskierungsrichtlinien von SQL Server-DatenbankenCreate and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read Dient zum Abrufen von Details zur erweiterten Blobüberwachungsrichtlinie, die für eine bestimmte Datenbank konfiguriert ist.Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read Gibt die Liste der Datenbanken zurück oder ruft die Eigenschaften für die angegebene Datenbank ab.Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read Ruft ein Datenbankschema ab.Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read Ruft eine Datenbankspalte ab.Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read Abrufen einer Datentabelle.Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Erstellen und Verwalten von Richtlinien für Sicherheitswarnungen von SQL Server-DatenbankenCreate and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Erstellen und Verwalten von Sicherheitsmetriken von SQL Server-DatenbankenCreate and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Gibt die Liste der Server zurück oder ruft die Eigenschaften für den angegebenen Server ab.Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Erstellen und Verwalten von Richtlinien für Sicherheitswarnungen von SQL ServerCreate and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von SQL ServerSQL Server Contributor

Diese Rolle ermöglicht es Ihnen, SQL-Server und -Datenbanken zu verwalten, gewährt Ihnen jedoch keinen Zugriff darauf und auch nicht auf deren sicherheitsbezogenen Richtlinien.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* Erstellen und Verwalten von SQL-ServernCreate and manage SQL servers
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* SQL Server-Überwachungsrichtlinien bearbeitenEdit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* SQL Server-Überwachungseinstellungen bearbeitenEdit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Überwachungsrichtlinien von SQL Server-Datenbanken bearbeitenEdit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Überwachungseinstellungen von SQL Server-Datenbanken bearbeitenEdit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Dient zum Abrufen der Datensätze für die Datenbankblobüberwachung.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Verbindungsrichtlinien von SQL Server-Datenbanken bearbeitenEdit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Datenmaskierungsrichtlinien von SQL Server-Datenbanken bearbeitenEdit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Richtlinien für Sicherheitswarnungen von SQL Server-Datenbanken bearbeitenEdit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Sicherheitsmetriken von SQL Server-Datenbanken bearbeitenEdit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Richtlinien für Sicherheitswarnungen von SQL Server bearbeitenEdit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnalyticsAnalytics

Azure Event Hubs-DatenbesitzerAzure Event Hubs Data Owner

Ermöglicht den uneingeschränkten Zugriff auf die Azure Event Hubs-Ressourcen.Allows for full access to Azure Event Hubs resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs-DatenempfängerAzure Event Hubs Data Receiver

Ermöglicht Empfängern den Zugriff auf die Azure Event Hubs-Ressourcen.Allows receive access to Azure Event Hubs resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs-DatensenderAzure Event Hubs Data Sender

Ermöglicht Absendern den Zugriff auf die Azure Event Hubs-Ressourcen.Allows send access to Azure Event Hubs resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von Data FactoryData Factory Contributor

Erstellen und verwalten Sie Data Factorys sowie die darin enthaltenen untergeordneten Ressourcen.Create and manage data factories, as well as child resources within them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Erstellt und verwaltet Data Factorys und darin enthaltene untergeordnete Ressourcen.Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* Erstellt und verwaltet Data Factorys und darin enthaltene untergeordnete Ressourcen.Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write Erstellt oder aktualisiert eventSubscription.Create or update an eventSubscription
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DatenpurgerData Purger

Kann Analysedaten endgültig löschen. Weitere InformationenCan purge analytics data Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action Daten werden aus Application Insights gelöschtPurging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Anzeigen von Log Analytics-DatenView log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action Löscht die angegebenen Daten aus dem Arbeitsbereich.Delete specified data from workspace
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight-ClusteroperatorHDInsight Cluster Operator

Ermöglicht Ihnen das Lesen und Ändern von HDInsight-Clusterkonfigurationen.Lets you read and modify HDInsight cluster configurations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action Ruft Gatewayeinstellungen für HDInsight-Cluster ab.Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action Aktualisiert Gatewayeinstellungen für HDInsight-Cluster.Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Ruft Bereitstellungsvorgänge ab oder listet sie auf.Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für die HDInsight-DomänendiensteHDInsight Domain Services Contributor

Ermöglicht Ihnen, Vorgänge im Zusammenhang mit Domänendiensten, die für das HDInsight Enterprise-Sicherheitspaket erforderlich sind, zu lesen, zu erstellen, zu ändern und zu löschen. Weitere InformationenCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics-MitwirkenderLog Analytics Contributor

Ein Log Analytics-Mitwirkender kann alle Überwachungsdaten lesen und Überwachungseinstellungen bearbeiten.Log Analytics Contributor can read all monitoring data and edit monitoring settings. Das Bearbeiten von Überwachungseinstellungen schließt folgende Aufgaben ein: Hinzufügen der VM-Erweiterung zu VMs, Lesen von Speicherkontoschlüsseln zum Konfigurieren von Protokollsammlungen aus Azure Storage, Erstellen und Konfigurieren von Automation-Konten, Hinzufügen von Lösungen, Konfigurieren der Azure-Diagnose für alle Azure-Ressourcen.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
*/Lesen*/read Lesen von Ressourcen aller Typen mit Ausnahme geheimer SchlüsselRead resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Listet die Zugriffsschlüssel für die Speicherkonten auf.Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Installiert oder aktualisiert eine Azure Arc-ErweiterungInstalls or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Erstellt, aktualisiert oder liest die Diagnoseeinstellung für den Analysis-Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Gibt die Zugriffsschlüssel für das angegebene Speicherkonto zurück.Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics-LeserLog Analytics Reader

Ein Log Analytics-Leser kann alle Überwachungsdaten anzeigen und durchsuchen sowie Überwachungseinstellungen anzeigen. Hierzu zählt auch die Anzeige der Konfiguration von Azure-Diagnosen für alle Azure-Ressourcen.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
*/Lesen*/read Lesen von Ressourcen aller Typen mit Ausnahme geheimer SchlüsselRead resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Führt eine Suche mit der neuen Engine aus.Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Führt eine Suchabfrage aus.Executes a search query
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read Ruft die gemeinsam verwendeten Schlüssel für den Arbeitsbereich ab.Retrieves the shared keys for the workspace. Diese Schlüssel werden verwendet, um Microsoft Operational Insights-Agents mit dem Arbeitsbereich zu verbinden.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BlockchainBlockchain

Zugriff auf Blockchainmitgliedsknoten (Vorschauversion)Blockchain Member Node Access (Preview)

Ermöglicht den Zugriff auf Blockchainmitgliedsknoten. Weitere InformationenAllows for access to Blockchain Member nodes Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read Ruft die vorhandenen Transaktionsknoten eines Blockchainmitglieds ab oder listet sie aufGets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action Stellt eine Verbindung mit dem Transaktionsknoten eines Blockchainmitglieds herConnects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

KI und Machine LearningAI + machine learning

Mitwirkender für Cognitive ServicesCognitive Services Contributor

Ermöglicht Ihnen das Erstellen, Lesen, Aktualisieren, Löschen und Verwalten von Cognitive Services-Schlüsseln.Lets you create, read, update, delete and manage keys of Cognitive Services. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read Ruft die Features eines Abonnements ab.Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read Ruft das Feature eines Abonnements in einem angegebenen Ressourcenanbieter ab.Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Erstellt, aktualisiert oder liest die Diagnoseeinstellung für den Analysis-Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Dient zum Lesen von Protokolldefinitionen.Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Ruft Bereitstellungsvorgänge ab oder listet sie auf.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-Datenleser (Vorschau)Cognitive Services Data Reader (Preview)

Ermöglicht das Lesen von Cognitive Services-Daten.Lets you read Cognitive Services data.

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services-BenutzerCognitive Services User

Ermöglicht Ihnen das Lesen und Auflisten von Cognitive Services-Schlüsseln.Lets you read and list keys of Cognitive Services. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action Dient zum Auflisten von Schlüsseln.List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read Liest eine klassische Metrikwarnung.Read a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read Liest eine Diagnoseeinstellung für eine Ressource.Read a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Dient zum Lesen von Protokolldefinitionen.Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Dient zum Lesen von Metrikdefinitionen.Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Dient zum Lesen von Metriken.Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Ruft Bereitstellungsvorgänge ab oder listet sie auf.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Dient zum Abrufen der Ergebnisse des Abonnementvorgangs.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Ruft die Abonnementliste ab.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mixed RealityMixed reality

Remote Rendering-AdministratorRemote Rendering Administrator

Bietet dem Benutzer Konvertierungs-, Sitzungsverwaltungs-, Rendering- und Diagnosefunktionen für Azure Remote Rendering. Weitere InformationenProvides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.MixedReality/RemoteRenderingAccounts/convert/actionMicrosoft.MixedReality/RemoteRenderingAccounts/convert/action Startet die Objektkonvertierung.Start asset conversion
Microsoft.MixedReality/RemoteRenderingAccounts/convert/readMicrosoft.MixedReality/RemoteRenderingAccounts/convert/read Ruft die Objektkonvertierungseigenschaften ab.Get asset conversion properties
Microsoft.MixedReality/RemoteRenderingAccounts/convert/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/convert/delete Beendet die Objektkonvertierung.Stop asset conversion
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read Ruft Sitzungseigenschaften ab.Get session properties
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action Startet Sitzungen.Start sessions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete Beendet Sitzungen.Stop sessions
Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read Stellt eine Verbindung mit einer Sitzung her.Connect to a session
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read Stellt eine Verbindung mit der Remote Rendering-Prüfung her.Connect to the Remote Rendering inspector
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Remote Rendering-ClientRemote Rendering Client

Bietet dem Benutzer Sitzungsverwaltungs-, Rendering- und Diagnosefunktionen für Azure Remote Rendering.Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read Ruft Sitzungseigenschaften ab.Get session properties
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action Startet Sitzungen.Start sessions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete Beendet Sitzungen.Stop sessions
Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read Stellt eine Verbindung mit einer Sitzung her.Connect to a session
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read Stellt eine Verbindung mit der Remote Rendering-Prüfung her.Connect to the Remote Rendering inspector
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "name": "d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Client",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors-KontomitwirkenderSpatial Anchors Account Contributor

Ermöglicht Ihnen das Verwalten von Raumankern in Ihrem Konto, nicht jedoch das Löschen von Ankern. Weitere InformationenLets you manage spatial anchors in your account, but not delete them Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action Hiermit werden Raumanker erstellt.Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Hiermit werden Raumanker in räumlicher Nähe ermittelt.Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Hiermit werden die Eigenschaften von Raumankern abgerufen.Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Hiermit finden Sie Raumanker.Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Hiermit übermitteln Sie Diagnosedaten, um die Qualität des Azure Spatial Anchors-Diensts zu verbessern.Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write Hiermit aktualisieren Sie die Eigenschaften von Raumankern.Update spatial anchors properties
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, but not delete them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors-KontobesitzerSpatial Anchors Account Owner

Ermöglicht Ihnen das Verwalten von Raumankern in Ihrem Konto, einschließlich der Löschung von Ankern. Weitere InformationenLets you manage spatial anchors in your account, including deleting them Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action Hiermit werden Raumanker erstellt.Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete Hiermit werden Raumanker gelöscht.Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Hiermit werden Raumanker in räumlicher Nähe ermittelt.Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Hiermit werden die Eigenschaften von Raumankern abgerufen.Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Hiermit finden Sie Raumanker.Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Hiermit übermitteln Sie Diagnosedaten, um die Qualität des Azure Spatial Anchors-Diensts zu verbessern.Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write Hiermit aktualisieren Sie die Eigenschaften von Raumankern.Update spatial anchors properties
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, including deleting them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
  "name": "70bbe301-9835-447d-afdd-19eb3167307c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors-KontoleserSpatial Anchors Account Reader

Ermöglicht Ihnen das Ermitteln und Lesen von Eigenschaften für Raumanker in Ihrem Dokument. Weitere InformationenLets you locate and read properties of spatial anchors in your account Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Hiermit werden Raumanker in räumlicher Nähe ermittelt.Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Hiermit werden die Eigenschaften von Raumankern abgerufen.Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Hiermit finden Sie Raumanker.Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Hiermit übermitteln Sie Diagnosedaten, um die Qualität des Azure Spatial Anchors-Diensts zu verbessern.Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you locate and read properties of spatial anchors in your account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IntegrationIntegration

Mitwirkender des API-VerwaltungsdienstesAPI Management Service Contributor

Kann Dienst und APIs verwalten. Weitere InformationenCan manage service and the APIs Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* Erstellen und Verwalten des API Management-DienstsCreate and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operatorrolle des API Management-DienstsAPI Management Service Operator Role

Kann Dienst, aber nicht die APIs verwalten. Weitere InformationenCan manage service but not the APIs Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read Dient zum Lesen von API Management-Dienstinstanzen.Read API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action Dient zum Sichern des API Management-Diensts im angegebenen Container in einem vom Benutzer bereitgestellten Speicherkonto.Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete Dient zum Löschen einer API Management-Dienstinstanz.Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action Dient zum Ändern der SKU/Einheiten sowie zum Hinzufügen/Entfernen regionaler Bereitstellungen des API Management-Diensts.Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read Dient zum Lesen der Metadaten für eine API Management-Dienstinstanz.Read metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action Dient zum Wiederherstellen des API Management-Diensts aus dem angegebenen Container in einem vom Benutzer bereitgestellten Speicherkonto.Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action Dient zum Hochladen eines TLS/SSL-Zertifikats für einen API Management-DienstUpload TLS/SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action Dient zum Einrichten, Aktualisieren oder Entfernen benutzerdefinierter Domänennamen für einen API Management-Dienst.Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write Erstellen oder Aktualisieren einer API Management-DienstinstanzCreate or Update API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read Abrufen von Benutzern zugeordneten SchlüsselnGet keys associated with user
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leserrolle des API Management-DienstsAPI Management Service Reader Role

Schreibgeschützter Zugriff auf Dienst und APIs Weitere InformationenRead-only access to service and APIs Learn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read Dient zum Lesen von API Management-Dienstinstanzen.Read API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read Dient zum Lesen der Metadaten für eine API Management-Dienstinstanz.Read metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read Abrufen von Benutzern zugeordneten SchlüsselnGet keys associated with user
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

App Configuration-DatenbesitzerApp Configuration Data Owner

Ermöglicht den Vollzugriff auf App Configuration-Daten.Allows full access to App Configuration data. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write
Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

App Configuration-DatenleserApp Configuration Data Reader

Ermöglicht den Lesezugriff auf App Configuration-Daten.Allows read access to App Configuration data. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus-DatenbesitzerAzure Service Bus Data Owner

Ermöglicht den uneingeschränkten Zugriff auf die Azure Service Bus-Ressourcen.Allows for full access to Azure Service Bus resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus-DatenempfängerAzure Service Bus Data Receiver

Ermöglicht Empfängern den Zugriff auf die Azure Service Bus-Ressourcen.Allows for receive access to Azure Service Bus resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus-DatensenderAzure Service Bus Data Sender

Ermöglicht Absendern den Zugriff auf die Azure Service Bus-Ressourcen.Allows for send access to Azure Service Bus resources. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Besitzer der Azure Stack-RegistrierungAzure Stack Registration Owner

Ermöglicht Ihnen die Verwaltung von Azure Stack-Registrierungen.Lets you manage Azure Stack registrations.

AktionenActions BESCHREIBUNGDescription
Microsoft.AzureStack/edgeSubscriptions/readMicrosoft.AzureStack/edgeSubscriptions/read Ruft die Eigenschaften eines Azure Stack Edge-Abonnements ab.Get the properties of an Azure Stack Edge Subscription
Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read Ruft die Eigenschaften eines Azure Stack-Marketplace-Produkts ab.Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read Ruft die Eigenschaften einer Azure Stack-Registrierung ab.Gets the properties of an Azure Stack registration
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Stack registrations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureStack/edgeSubscriptions/read",
        "Microsoft.AzureStack/registrations/products/*/action",
        "Microsoft.AzureStack/registrations/products/read",
        "Microsoft.AzureStack/registrations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Stack Registration Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription-MitwirkenderEventGrid EventSubscription Contributor

Ermöglicht die Verwaltung von EventGrid-Ereignisabonnementvorgängen.Lets you manage EventGrid event subscription operations. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/*
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read Listet globale Ereignisabonnements nach Thematyp auf.List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read Listet regionale Ereignisabonnements auf.List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read Listet regionale Ereignisabonnements nach Thematyp auf.List regional event subscriptions by topictype
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription-LeserEventGrid EventSubscription Reader

Ermöglicht das Lesen von EventGrid-Ereignisabonnements.Lets you read EventGrid event subscriptions. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read Liest eventSubscription.Read an eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read Listet globale Ereignisabonnements nach Thematyp auf.List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read Listet regionale Ereignisabonnements auf.List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read Listet regionale Ereignisabonnements nach Thematyp auf.List regional event subscriptions by topictype
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender an FHIR-DatenFHIR Data Contributor

Die Rolle ermöglicht dem Benutzer oder Prinzipal vollen Zugriff auf FHIR-Daten. Weitere InformationenRole allows user or principal full access to FHIR Data Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/*
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal full access to FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR-DatenexportiererFHIR Data Exporter

Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen und Exportieren von FHIR-Daten. Weitere InformationenRole allows user or principal to read and export FHIR Data Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read Liest FHIR-Ressourcen (einschließlich Suche und Verlauf mit Versionsangabe).Read FHIR resources (includes searching and versioned history).
Microsoft.HealthcareApis/services/fhir/resources/export/actionMicrosoft.HealthcareApis/services/fhir/resources/export/action Exportvorgang ($export).Export operation ($export).
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and export FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
  "name": "3db33094-8700-4567-8da5-1501d4e7e843",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/export/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Exporter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR-DatenleserFHIR Data Reader

Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen von FHIR-Daten. Weitere InformationenRole allows user or principal to read FHIR Data Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read Liest FHIR-Ressourcen (einschließlich Suche und Verlauf mit Versionsangabe).Read FHIR resources (includes searching and versioned history).
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR-DatenschreiberFHIR Data Writer

Die Rolle ermöglicht dem Benutzer oder Prinzipal das Lesen und Schreiben von FHIR-Daten. Weitere InformationenRole allows user or principal to read and write FHIR Data Learn more

AktionenActions BESCHREIBUNGDescription
keinenone
NotActionsNotActions
keinenone
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/*
NotDataActionsNotDataActions
Microsoft.HealthcareApis/services/fhir/resources/hardDelete/actionMicrosoft.HealthcareApis/services/fhir/resources/hardDelete/action Endgültiger Löschvorgang (einschließlich Versionsverlauf).Hard Delete (including version history).
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and write FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
  "name": "3f88fce4-5892-4214-ae73-ba5294559913",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*"
      ],
      "notDataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/hardDelete/action"
      ]
    }
  ],
  "roleName": "FHIR Data Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für IntegrationsdienstumgebungenIntegration Service Environment Contributor

Hiermit wird das Verwalten von Integrationsdienstumgebungen ermöglicht, nicht aber der Zugriff auf diese.Lets you manage integration service environments, but not access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Logic/integrationServiceEnvironments/*Microsoft.Logic/integrationServiceEnvironments/*
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage integration service environments, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Entwickler für IntegrationsdienstumgebungenIntegration Service Environment Developer

Hiermit wird Entwicklern das Erstellen und Aktualisieren von Workflows, Integrationskonten und API-Verbindungen in Integrationsdienstumgebungen ermöglicht.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
Microsoft.Logic/integrationServiceEnvironments/readMicrosoft.Logic/integrationServiceEnvironments/read Hiermit wird die Integrationsdienstumgebung gelesen.Reads the integration service environment.
Microsoft.Logic/integrationServiceEnvironments/join/actionMicrosoft.Logic/integrationServiceEnvironments/join/action Hiermit erfolgt ein Beitritt zur Integrationsdienstumgebung.Joins the Integration Service Environment.
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/read",
        "Microsoft.Logic/integrationServiceEnvironments/join/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender von Intelligent Systems-KontoIntelligent Systems Account Contributor

Ermöglicht Ihnen das Verwalten von Intelligent Systems-Konten, nicht aber den Zugriff darauf.Lets you manage Intelligent Systems accounts, but not access to them.

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* Erstellen und Verwalten von Intelligent Systems-KontenCreate and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Ruft den Verfügbarkeitsstatus für alle Ressourcen im angegebenen Bereich ab.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Ruft Ressourcengruppen ab oder listet sie auf.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Erstellen und Aktualisieren eines SupportticketsCreate and update a support ticket
NotActionsNotActions
keinenone
DataActionsDataActions
keinenone
NotDataActionsNotDataActions
keinenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Intelligent Systems accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
  "name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.IntelligentSystems/accounts/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Intelligent Systems Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mitwirkender für Logik-AppsLogic App Contributor

Ermöglicht Ihnen die Verwaltung von Logik-Apps. Sie können aber nicht den App-Zugriff ändern.Lets you manage logic apps, but not change access to them. Weitere InformationenLearn more

AktionenActions BESCHREIBUNGDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lesen von Rollen und RollenzuweisungenRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Listet die Zugriffsschlüssel für die Speicherkonten auf.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Dient zum Zurückgeben des Speicherkontos mit dem angegebenen Konto.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Erstellen und Verwalten einer klassischen MetrikwarnungCreate and manage a classic metric alert
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Erstellt, aktualisiert oder liest die Diagnoseeinstellung für den Analysis-Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* Diese Berechtigung ist für Benutzer notwendig, die über das Portal auf Aktivitätsprotokolle zugreifen müssen.This permission is necessary for users who need access to Activity Logs via the portal. Auflisten der Protokollkategorien im Aktivitätsprotokoll.List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* Lesen von Metrikdefinitionen (Liste der verfügbaren Metriktypen für eine Ressource).Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/*Microsoft.Logic/* Verwaltet Logic Apps-Ressourcen.Manages Logic Apps resources.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Erstellen und Verwalten einer BereitstellungCreate and manage a deployment
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Re