Roles integrados de AzureAzure built-in roles

El control de acceso basado en rol de Azure (Azure RBAC) tiene varios roles integrados de Azure que se pueden asignar a usuarios, grupos, entidades de servicio e identidades administradas.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Las asignaciones de roles sirven para controlar el acceso a los recursos de Azure.Role assignments are the way you control access to Azure resources. Si los roles integrados no satisfacen las necesidades específicas de la organización, puede crear roles personalizados de Azure propios.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

En este artículo se enumeran los roles integrados de Azure, que están en constante evolución.This article lists the Azure built-in roles, which are always evolving. Para obtener los últimos roles, use Get-AzRoleDefinition o az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Si desea ver los roles de administrador de Azure Active Directory (Azure AD), consulte Permisos de roles de administrador en Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

En la tabla siguiente se proporciona una breve descripción y el identificador único de cada rol integrado.The following table provides a brief description and the unique ID of each built-in role. Haga clic en el nombre del rol para ver la lista de Actions, NotActions, DataActions y NotDataActions para cada rol.Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. Para obtener información sobre lo que significan estas acciones y cómo se aplican a la administración y a los planos de datos, consulte Descripción de definiciones de roles de Azure.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

AllAll

Rol integradoBuilt-in role DescripciónDescription IDID
GeneralGeneral
ColaboradorContributor Concede acceso completo para administrar todos los recursos, pero no le permite asignar roles en Azure RBAC, administrar asignaciones en Azure Blueprints ni compartir galerías de imágenes.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
PropietarioOwner Permite conceder acceso total para administrar todos los recursos, incluida la posibilidad de asignar roles en Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
LectorReader Permite ver todos los recursos, pero no realizar ningún cambio.View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
Administrador de acceso de usuarioUser Access Administrator Permite administrar el acceso de usuario a los recursos de Azure.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
ProcesoCompute
Colaborador de la máquina virtual clásicaClassic Virtual Machine Contributor Permite administrar máquinas virtuales clásicas, pero no acceder a ellas, ni tampoco a la red virtual ni la cuenta de almacenamiento a las que están conectadas.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
Inicio de sesión de administrador de Virtual MachineVirtual Machine Administrator Login Visualización de máquinas virtuales en el portal e inicio de sesión como administradorView Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Colaborador de la máquina virtualVirtual Machine Contributor Permite administrar máquinas virtuales, pero no acceder a ellas, ni tampoco a la red virtual ni la cuenta de almacenamiento a las que están conectadas.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Inicio de sesión de usuario de Virtual MachineVirtual Machine User Login Visualización de máquinas virtuales en el portal e inicio de sesión como usuario normal.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
RedesNetworking
Colaborador de punto de conexión de CDNCDN Endpoint Contributor Puede administrar puntos de conexión de CDN, pero no conceder acceso a otros usuarios.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Lector de punto de conexión de CDNCDN Endpoint Reader Puede ver puntos de conexión de CDN, pero no hacer cambios.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
Colaborador de perfil de CDNCDN Profile Contributor Puede administrar perfiles de CDN y sus puntos de conexión, pero no conceder acceso a otros usuarios.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
Lector de perfil de CDNCDN Profile Reader Puede ver perfiles de CDN y sus puntos de conexión, pero no hacer cambios.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Colaborador de la red clásicaClassic Network Contributor Permite administrar las redes clásicas, pero no acceder a ellas.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
Colaborador de zona DNSDNS Zone Contributor Permite administrar zonas y conjuntos de registros DNS en Azure DNS, pero no controlar los usuarios que tienen acceso.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Colaborador de la redNetwork Contributor Permite administrar redes, pero no acceder a ellas.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
Colaborador de zona DNS privadaPrivate DNS Zone Contributor Permite administrar recursos de zonas DNS privadas, pero no las redes virtuales a las que están vinculados.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Colaborador de Traffic ManagerTraffic Manager Contributor Le permite administrar perfiles de Traffic Manager, pero no controlar los usuarios que tienen acceso a ellos.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Colaborador de AvereAvere Contributor Puede crear y administrar un clúster de Avere vFXT.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Operador de AvereAvere Operator Lo usa el clúster de Avere vFXT para su administración.Used by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Colaborador de copias de seguridadBackup Contributor Permite administrar el servicio de copias de seguridad, pero no puede crear almacenes ni conceder acceso a otros usuariosLets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Operador de copias de seguridadBackup Operator Permite administrar los servicios de copias de seguridad, excepto la eliminación de copias de seguridad, la creación de almacenes y la concesión de acceso a otros usuariosLets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Lector de copias de seguridadBackup Reader Puede ver servicios de copia de seguridad, pero no puede realizar cambios.Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Colaborador de cuentas de almacenamiento clásicoClassic Storage Account Contributor Permite administrar cuentas de almacenamiento clásicas, pero no acceder a ellas.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
Rol de servicio de operador de claves de cuentas de almacenamiento clásicasClassic Storage Account Key Operator Service Role Los operadores de claves de cuentas de almacenamiento clásicas pueden enumerar y regenerar claves en cuentas de almacenamiento clásicasClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Colaborador de Data BoxData Box Contributor Permite administrarlo todo en el servicio Data Box, excepto dar acceso a otros usuarios.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Lector de Data BoxData Box Reader Permite administrar el servicio Data Box excepto la creación o edición de detalles de pedido y dar acceso a otros usuarios.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Desarrollador de Data Lake AnalyticsData Lake Analytics Developer Le permite enviar, supervisar y administrar sus propios trabajos, pero no crear ni eliminar cuentas de Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Lector y acceso a los datosReader and Data Access Permite ver todo el contenido, pero no eliminar ni crear una cuenta de almacenamiento ni un recurso incluido.Lets you view everything but will not let you delete or create a storage account or contained resource. También permitirá el acceso de lectura o escritura para todos los datos incluidos en una cuenta de almacenamiento a través del acceso a las claves de la cuenta de almacenamiento.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Colaborador de la cuenta de almacenamientoStorage Account Contributor Permite la administración de cuentas de almacenamiento.Permits management of storage accounts. Proporciona acceso a la clave de cuenta, que puede usarse para tener acceso a datos a través de la autorización de clave compartida.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
Rol de servicio de operador de claves de cuentas de almacenamientoStorage Account Key Operator Service Role Permite enumerar y regenerar claves de acceso de la cuenta de almacenamiento.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Colaborador de datos de blobs de almacenamientoStorage Blob Data Contributor Lee, escribe y elimina blobs y contenedores de Azure Storage.Read, write, and delete Azure Storage containers and blobs. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Propietario de datos de blobs de almacenamientoStorage Blob Data Owner Proporciona acceso total a los contenedores de blobs y los datos de Azure Storage, incluida la asignación de control de acceso POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Lector de datos de blobs de almacenamientoStorage Blob Data Reader Lee y enumera blobs y contenedores de Azure Storage.Read and list Azure Storage containers and blobs. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Delegador de Blob StorageStorage Blob Delegator Obtiene una clave de delegación de usuarios, que se puede usar a continuación para crear una firma de acceso compartido para un contenedor o un blob firmado con credenciales de Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Para más información, vea Creación de SAS de delegación de usuarios.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Colaborador de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Contributor Permite el acceso de lectura, escritura y eliminación a los archivos y directorios de los recursos compartidos de Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Este rol no tiene ningún equivalente integrado en los servidores de archivos de Windows.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Colaborador elevado de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Elevated Contributor Permite el acceso de lectura, escritura, eliminación y modificación de ACL en los archivos y directorios de los recursos compartidos de Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Este rol es equivalente a una ACL de recurso compartido de cambio en los servidores de archivos de Windows.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Lector de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Reader Permite el acceso de lectura a los archivos y directorios de los recursos compartidos de Azure.Allows for read access on files/directories in Azure file shares. Este rol es equivalente a una ACL de recurso compartido de lectura en los servidores de archivos de Windows.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Colaborador de datos de la cola de StorageStorage Queue Data Contributor Lee, escribe y elimina los mensajes de la cola y a la cola de Azure Storage.Read, write, and delete Azure Storage queues and queue messages. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Procesador de mensajes de datos de la cola de StorageStorage Queue Data Message Processor Consulta, recupera y elimina un mensaje de una cola de Azure Storage.Peek, retrieve, and delete a message from an Azure Storage queue. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Emisor de mensajes de datos de la cola de StorageStorage Queue Data Message Sender Agrega mensaje a una cola de Azure Storage.Add messages to an Azure Storage queue. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Lector de datos de la cola de StorageStorage Queue Data Reader Lee y enumera los mensajes de la cola y las colas de Azure Storage.Read and list Azure Storage queues and queue messages. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Colaborador de datos de Azure MapsAzure Maps Data Contributor Conde acceso para leer, escribir y eliminar datos relacionados con mapas desde una cuenta de mapas de Azure.Grants access to read, write, and delete access to map related data from an Azure maps account. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Azure Maps Data ReaderAzure Maps Data Reader Concede acceso de lectura a los datos de los mapas de una cuenta de Azure Maps.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Colaborador del servicio SearchSearch Service Contributor Permite administrar los servicios de Búsqueda, pero no acceder a ellos.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Lector AccessKey de SignalRSignalR AccessKey Reader Lee las claves de acceso de SignalR Service.Read SignalR Service Access Keys 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e
Servidor de aplicaciones de SignalR (versión preliminar)SignalR App Server (Preview) Permite que el servidor de aplicaciones acceda al servicio SignalR con opciones de autenticación de AAD.Lets your app server access SignalR Service with AAD auth options. 420fcaa2-552c-430f-98ca-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7
Colaborador de SignalRSignalR Contributor Crea, lee, actualiza y elimina recursos del servicio SignalR.Create, Read, Update, and Delete SignalR service resources 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
Colaborador sin servidor de SignalR (versión preliminar)SignalR Serverless Contributor (Preview) Permite que el servicio de acceso a la aplicación esté en modo sin servidor con opciones de autenticación de AAD.Lets your app access service in serverless mode with AAD auth options. fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521
Propietario de SignalR Service (versión preliminar)SignalR Service Owner (Preview) Acceso completo a las API REST de Azure SignalR Service.Full access to Azure SignalR Service REST APIs 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3
Lector de SignalR Service (versión preliminar)SignalR Service Reader (Preview) Acceso de solo lectura a las API REST de Azure SignalR Service.Read-only access to Azure SignalR Service REST APIs ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035
Colaborador de plan webWeb Plan Contributor Permite administrar los planes web para sitios web, pero no acceder a ellos.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Colaborador de sitio webWebsite Contributor Permite administrar los sitios web (no planes web), pero no acceder a ellos.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContenedoresContainers
AcrDeleteAcrDelete Eliminar artefactoacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner Firmante de imagen de ACRacr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull extracción de ACRacr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush inserción de ACRacr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader Lector de datos de cuarentena de ACRacr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter Escritura de datos de cuarentena de ACRacr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Rol de administrador de clúster de Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role Enumerar la acción de credenciales administrativas del clúster.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Rol de usuario de clúster de Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role Enumerar la acción de credenciales de usuario del clúster.List cluster user credential action. 4abbcc35-e782-43D8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Rol de colaborador de Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role Concede acceso de lectura y escritura a los clústeres de Azure Kubernetes ServiceGrants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Administrador de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Admin Permite administrar todos los recursos en un clúster o espacio de nombres, excepto actualizar o eliminar cuotas de recursos y espacios de nombres.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Administrador de clúster de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Cluster Admin Permite administrar todos los recursos del clúster.Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Lector de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Reader Permite el acceso de solo lectura para ver la mayoría de los objetos en un espacio de nombres.Allows read-only access to see most objects in a namespace. No permite la visualización de roles o enlaces de roles.It does not allow viewing roles or role bindings. Este rol no permite visualización de secretos, ya que leer el contenido de estos permite el acceso a las credenciales de ServiceAccount en el espacio de nombres, que permitiría el acceso a la API como cualquier ServiceAccount en el espacio de nombres (una forma de elevación de privilegios).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Al aplicar este rol en el ámbito del clúster, se proporcionará acceso a todos los espacios de nombres.Applying this role at cluster scope will give access across all namespaces. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Escritor de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Writer Permite el acceso de lectura y escritura a la mayoría de los objetos de un espacio de nombres. Este rol no permite ver ni modificar roles ni enlaces de roles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Sin embargo, este rol permite acceder a secretos y ejecutar pods como cualquier ServiceAccount en el espacio de nombres, por lo que se puede usar para obtener los niveles de acceso de la API de cualquier ServiceAccount en el espacio de nombres.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Al aplicar este rol en el ámbito del clúster, se proporcionará acceso a todos los espacios de nombres.Applying this role at cluster scope will give access across all namespaces. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
Bases de datosDatabases
Rol de lector de cuentas de Cosmos DBCosmos DB Account Reader Role Puede leer los datos de cuentas de Azure Cosmos DB.Can read Azure Cosmos DB account data. Vea Colaborador de cuenta de DocumentDB para administrar cuentas de Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Operador de Cosmos DBCosmos DB Operator Permite administrar las cuentas de Azure Cosmos DB, pero no acceder a los datos que contienen.Lets you manage Azure Cosmos DB accounts, but not access data in them. Evita el acceso a las claves de cuenta y a las cadenas de conexión.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Puede enviar una solicitud de restauración para una base de datos de Cosmos DB o un contenedor de una cuentaCan submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperatorCosmosRestoreOperator Puede realizar una acción de restauración en la cuenta de la base de datos de Cosmos DB con el modo de copia de seguridad continuaCan perform restore action for Cosmos DB database account with continuous backup mode 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f
Colaborador de cuenta de DocumentDBDocumentDB Account Contributor Puede administrar cuentas de Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB se llamaba anteriormente DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Colaborador de la memoria caché de RedisRedis Cache Contributor Permite administrar cachés de Redis, pero no acceder a ellas.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
Colaborador de Base de datos de SQLSQL DB Contributor Permite administrar las bases de datos de SQL, pero no acceder a ellas.Lets you manage SQL databases, but not access to them. Además, no puede administrar sus directivas relacionadas con la seguridad ni los servidores SQL primarios.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Colaborador de Instancia administrada de SQLSQL Managed Instance Contributor Permite administrar Instancias administradas de SQL y la configuración de red necesaria, pero no puede conceder acceso a otros usuarios.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
Administrador de seguridad SQLSQL Security Manager Permite administrar las directivas relacionadas con seguridad de bases de datos y servidores SQL, pero no acceder a ellas.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
Colaborador de SQL ServerSQL Server Contributor Permite administrar bases de datos y servidores SQL, pero no acceder a ellos, ni a sus directivas relacionadas con la seguridad.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyticsAnalytics
Propietario de los datos de Azure Event HubsAzure Event Hubs Data Owner Concede acceso total a los recursos de Azure Event Hubs.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Receptor de datos de Azure Event HubsAzure Event Hubs Data Receiver Concede acceso de recepción a los recursos de Azure Event Hubs.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Emisor de datos de Azure Event HubsAzure Event Hubs Data Sender Concede acceso de emisión a los recursos de Azure Event Hubs.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Colaborador de Factoría de datosData Factory Contributor Crea y administra factorías de datos, así como recursos secundarios dentro de ellas.Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Purgador de datosData Purger Puede purgar datos de análisis.Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
Operador de clústeres de HDInsightHDInsight Cluster Operator Permite leer y modificar las configuraciones de clúster de HDInsight.Lets you read and modify HDInsight cluster configurations. 61ed4efc-Fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
Colaborador de Domain Services para HDInsightHDInsight Domain Services Contributor Puede leer, crear, modificar y eliminar operaciones relacionadas con Domain Services para HDInsight Enterprise Security PackageCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Colaborador de Log AnalyticsLog Analytics Contributor Un colaborador de Log Analytics puede leer todos los datos de supervisión y editar la configuración de supervisión.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La edición de la configuración de supervisión incluye la posibilidad de añadir la extensión de máquina virtual a las máquinas virtuales, leer las claves de las cuentas de almacenamiento para poder configurar la recopilación de registros de Azure Storage, crear y configurar cuentas de Automation, añadir soluciones y configurar Azure Diagnostics en todos los recursos de Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Lector de Log AnalyticsLog Analytics Reader Un lector de Log Analytics puede ver y buscar todos los datos de supervisión, así como consultar la configuración de supervisión, incluida la de Azure Diagnostics en todos los recursos de Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
Conservador de datos de PurviewPurview Data Curator El conservador de datos de Microsoft.Purview puede crear, leer, modificar y eliminar objetos de datos del catálogo y establecer relaciones entre objetos.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change. 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347
Lector de datos de PurviewPurview Data Reader El lector de datos de Microsoft.Purview puede leer objetos de datos del catálogo.The Microsoft.Purview data reader can read catalog data objects. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change. ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db
Administrador de orígenes de datos de PurviewPurview Data Source Administrator El administrador de orígenes de datos de Microsoft.Purview puede administrar orígenes de datos y análisis de datos.The Microsoft.Purview data source administrator can manage data sources and data scans. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change. 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803
Colaborador del registro de esquemas (versión preliminar)Schema Registry Contributor (Preview) Leer, escribir y eliminar esquemas y grupos del registro de esquemas.Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
Lector del registro de esquemas (versión preliminar)Schema Registry Reader (Preview) Leer y enumerar grupos y esquemas del registro de esquemas.Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
BlockchainBlockchain
Acceso al nodo de miembro de la cadena de bloques (versión preliminar)Blockchain Member Node Access (Preview) Permite acceder a los nodos de miembro de la cadena de bloques.Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
Inteligencia artificial y aprendizaje automáticoAI + machine learning
Colaborador de Cognitive ServicesCognitive Services Contributor Le permite crear, leer, actualizar, eliminar y administrar las claves de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Colaborador de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Contributor Acceso completo al proyecto, lo que incluye la capacidad para ver, crear, editar o eliminar proyectos.Full access to the project, including the ability to view, create, edit, or delete projects. c1ff6cc2-c111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
Implementación de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Deployment Publicar, anular publicaciones o exportar modelos.Publish, unpublish or export models. La implementación puede ver el proyecto pero no puede actualizarlo.Deployment can view the project but can't update. 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f
Etiquetador de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Labeler Ver y editar imágenes de entrenamiento, además de crear, agregar, quitar o eliminar etiquetas de imágenes.View, edit training images and create, add, remove, or delete the image tags. Los etiquetadores pueden ver el proyecto, pero no pueden actualizar nada más que las imágenes y etiquetas de entrenamiento.Labelers can view the project but can't update anything other than training images and tags. 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c
Lector de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Reader Acciones de solo lectura en el proyecto.Read-only actions in the project. Los lectores no pueden crear ni actualizar el proyecto.Readers can't create or update the project. 93586559-c37d-4a6b-ba08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73
Entrenador de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Trainer Ver, editar proyectos y entrenar los modelos, lo que incluye la capacidad de publicar, anular la publicación y exportar los modelos.View, edit projects and train the models, including the ability to publish, unpublish, export the models. Los entrenadores no pueden crear ni eliminar el proyecto.Trainers can't create or delete the project. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
Lector de datos de Cognitive Services (versión preliminar)Cognitive Services Data Reader (Preview) Permite leer los datos de Cognitive Services.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Administrador de Metrics Advisor de Cognitive ServicesCognitive Services Metrics Advisor Administrator Acceso total al proyecto, lo que incluye la configuración del nivel de sistema.Full access to the project, including the system level configuration. cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a
Editor de QnA Maker de Cognitive ServicesCognitive Services QnA Maker Editor Permite crear, editar, importar y exportar un knowledge base.Let's you create, edit, import and export a KB. No se puede publicar ni eliminar un knowledge base.You cannot publish or delete a KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025
Lector de QnA Maker de Cognitive ServicesCognitive Services QnA Maker Reader Permite leer y probar solo un knowledge base.Let's you read and test a KB only. 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126
Usuario de Cognitive ServicesCognitive Services User Le permite leer y mostrar las claves de Cognitive Services.Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Realidad mixtaMixed reality
Administrador de Remote RenderingRemote Rendering Administrator Proporciona al usuario funcionalidades de conversión, administración de sesiones, representación y diagnóstico para Azure Remote Rendering.Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Cliente de Remote RenderingRemote Rendering Client Proporciona al usuario funcionalidades de administración de sesiones, representación y diagnóstico para Azure Remote Rendering.Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Colaborador de la cuenta de Spatial AnchorsSpatial Anchors Account Contributor Permite administrar los anclajes espaciales en su cuenta, pero no eliminarlos.Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Propietario de la cuenta de Spatial AnchorsSpatial Anchors Account Owner Permite administrar los anclajes espaciales en su cuenta y eliminarlos.Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Lector de la cuenta de Spatial AnchorsSpatial Anchors Account Reader Permite encontrar y leer propiedades de los anclajes espaciales en la cuenta.Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
IntegraciónIntegration
Colaborador de servicio de administración de APIAPI Management Service Contributor Puede administrar servicios y las API.Can manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
Rol del operador del servicio API ManagementAPI Management Service Operator Role Puede administrar el servicio, pero no las API.Can manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Rol de lector del servicio API ManagementAPI Management Service Reader Role Acceso de solo lectura al servicio y las API.Read-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
Propietario de los datos de App ConfigurationApp Configuration Data Owner Permite el acceso completo a los datos de App Configuration.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
Lector de los datos de App ConfigurationApp Configuration Data Reader Permite el acceso de lectura a los datos de App Configuration.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Propietario de los datos de Azure Service BusAzure Service Bus Data Owner Concede acceso total a los recursos de Azure Service Bus.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Receptor de datos de Azure Service BusAzure Service Bus Data Receiver Concede acceso de recepción a los recursos de Azure Service Bus.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Emisor de datos de Azure Service BusAzure Service Bus Data Sender Concede acceso de emisión a los recursos de Azure Service Bus.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Propietario del registro de Azure StackAzure Stack Registration Owner Permite administrar los registros de Azure Stack.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Colaborador de EventGrid EventSubscriptionEventGrid EventSubscription Contributor Permite administrar las operaciones de suscripción de eventos de EventGrid.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Lector de EventGrid EventSubscriptionEventGrid EventSubscription Reader Permite leer las suscripciones de eventos de EventGrid.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Colaborador de datos de FHIRFHIR Data Contributor El rol permite el acceso completo del usuario o la entidad de seguridad a los datos de FHIR.Role allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
Exportador de datos de FHIRFHIR Data Exporter El rol permite al usuario o a la entidad de seguridad leer y exportar datos de FHIR.Role allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
Lector de datos de FHIRFHIR Data Reader El rol permite al usuario o a la entidad de seguridad leer datos de FHIR.Role allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
Escritor de datos de FHIRFHIR Data Writer El rol permite al usuario o a la entidad de seguridad leer y escribir datos de FHIR.Role allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
Colaborador del Entorno del servicio de integraciónIntegration Service Environment Contributor Permite administrar entornos de servicio de integración, pero no acceder a ellos.Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
Desarrollador del Entorno del servicio de integraciónIntegration Service Environment Developer Permite a los desarrolladores crear y actualizar flujos de trabajo, cuentas de integración y conexiones API en entornos de servicios de integración.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Colaborador de la cuenta de Sistemas inteligentesIntelligent Systems Account Contributor Permite administrar las cuentas de Intelligent Systems, pero no acceder a ellas.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Colaborador de aplicación lógicaLogic App Contributor Le permite administrar aplicaciones lógicas, pero no cambiar el acceso a ellas.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Operador de aplicación lógicaLogic App Operator Le permite leer, habilitar y deshabilitar aplicaciones lógicas, pero no permite editarlas ni actualizarlas.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IdentidadIdentity
Colaborador de identidad administradaManaged Identity Contributor Le permite crear, leer, actualizar y eliminar identidades asignadas por el usuario.Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Operador de identidad administradaManaged Identity Operator Le permite leer y asignar identidades asignadas por el usuario.Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SeguridadSecurity
Colaborador de atestaciónAttestation Contributor Puede leer, escribir o eliminar la instancia del proveedor de atestaciónCan read write or delete the attestation provider instance bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e
Lector de atestaciónAttestation Reader No se pueden leer las propiedades del proveedor de atestaciónCan read the attestation provider properties fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Colaborador de Azure SentinelAzure Sentinel Contributor Colaborador de Azure SentinelAzure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Lector de Azure SentinelAzure Sentinel Reader Lector de Azure SentinelAzure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Respondedor de Azure SentinelAzure Sentinel Responder Respondedor de Azure SentinelAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Administrador de almacén de claves (versión preliminar)Key Vault Administrator (preview) Permite realizar todas las operaciones de plano de datos en un almacén de claves y en todos los objetos que contiene, incluidos los certificados, las claves y los secretos.Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. No permite administrar los recursos del almacén de claves ni administrar las asignaciones de roles.Cannot manage key vault resources or manage role assignments. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Responsable de certificados de almacén de claves (versión preliminar)Key Vault Certificates Officer (preview) Permite realizar cualquier acción en los certificados de un almacén de claves, excepto administrar permisos.Perform any action on the certificates of a key vault, except manage permissions. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Colaborador de almacén de clavesKey Vault Contributor Permite administrar almacenes de claves, per no asignar roles en Azure RBAC ni acceder a secretos, claves o certificados.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Responsable criptográfico de almacén de claves (versión preliminar)Key Vault Crypto Officer (preview) Permite realizar cualquier acción en las claves de un almacén de claves, excepto administrar permisos.Perform any action on the keys of a key vault, except manage permissions. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Usuario de cifrado de servicio criptográfico de Key Vault (versión preliminar)Key Vault Crypto Service Encryption User (preview) Permite leer los metadatos de las claves y realizar operaciones de encapsulado/desencapsulado.Read metadata of keys and perform wrap/unwrap operations. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Usuario criptográfico de almacén de claves (versión preliminar)Key Vault Crypto User (preview) Permite realizar operaciones criptográficas mediante claves.Perform cryptographic operations using keys. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Lector de almacén de claves (versión preliminar)Key Vault Reader (preview) Permite leer metadatos de almacenes de claves y sus certificados, claves y secretos.Read metadata of key vaults and its certificates, keys, and secrets. No se pueden leer valores confidenciales, como el contenido de los secretos o el material de las claves.Cannot read sensitive values such as secret contents or key material. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Responsable de secretos de almacén de claves (versión preliminar)Key Vault Secrets Officer (preview) Permite realizar cualquier acción en los secretos de un almacén de claves, excepto administrar permisos.Perform any action on the secrets of a key vault, except manage permissions. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Usuario de secretos de almacén de claves (versión preliminar)Key Vault Secrets User (preview) Permite leer el contenido de los secretos.Read secret contents. Solo funciona para almacenes de claves que usan el modelo de permisos "Control de acceso basado en rol de Azure".Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
Colaborador de HSM administradoManaged HSM contributor Permite administrar grupos de HSM administrados, pero no accede a ellas.Lets you manage managed HSM pools, but not access to them. 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d
Administrador de seguridadSecurity Admin Vea y actualice los permisos para Security Center.View and update permissions for Security Center. Tiene los mismos permisos que el rol de lector de seguridad, y también puede actualizar la directiva de seguridad y descartar las alertas y las recomendaciones.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Colaborador de evaluación de la seguridadSecurity Assessment Contributor Permite insertar evaluaciones en Security Center.Lets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
Administrador de seguridad (heredado)Security Manager (Legacy) Se trata de un rol heredado.This is a legacy role. En su lugar, use el Administrador de seguridad.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Lector de seguridadSecurity Reader Vea los permisos para Security Center.View permissions for Security Center. Puede ver las recomendaciones, las alertas, una directiva de seguridad y los estados de seguridad, pero no puede realizar cambios.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
Usuario de DevTest LabsDevTest Labs User Permite conectarse a sus máquinas virtuales, así como iniciarlas, reiniciarlas y apagarlas, en su instancia de Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Creador de laboratorioLab Creator Permite crear nuevos laboratorios en las cuentas de Azure Lab.Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
SupervisiónMonitor
Colaborador de componentes de Application InsightsApplication Insights Component Contributor Puede administrar los componentes de Application InsightsCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Depurador de instantáneas de Application InsightsApplication Insights Snapshot Debugger Concede permiso al usuario para ver y descargar las instantáneas de depuración que se recopilan con Snapshot Debugger de Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Tenga en cuenta que estos permisos no se incluyen en los roles Propietario ni Colaborador.Note that these permissions are not included in the Owner or Contributor roles. Si concede el rol Depurador de instantáneas de Application Insights a los usuarios, debe concederlo directamente al usuario.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. El rol no se reconoce cuando se agrega a un rol personalizado.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Colaborador de supervisiónMonitoring Contributor Puede leer todos los datos de supervisión y editar la configuración de supervisión.Can read all monitoring data and edit monitoring settings. Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
Supervisión del publicador de métricasMonitoring Metrics Publisher Permite publicar las métricas de los recursos de Azure.Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Lector de supervisiónMonitoring Reader Puede leer todos los datos de supervisión (métricas, registros, etc.).Can read all monitoring data (metrics, logs, etc.). Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
Colaborador de librosWorkbook Contributor Puede guardar los libros compartidos.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
Lector de librosWorkbook Reader Puede leer libros.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
Administración y gobernanzaManagement + governance
Operador de trabajos de AutomationAutomation Job Operator Permite crear y administrar trabajos con los runbooks de Automation.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Operador de AutomationAutomation Operator Los operadores de automatización pueden iniciar, detener, suspender y reanudar trabajos.Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Operador de runbooks de AutomationAutomation Runbook Operator Permite leer las propiedades de runbook para poder crear trabajos del runbook.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Incorporación de Azure Connected MachineAzure Connected Machine Onboarding Puede incorporar máquinas conectadas a Azure.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Administrador de recursos de Azure Connected MachineAzure Connected Machine Resource Administrator Puede leer, escribir, eliminar y volver a incorporar máquinas conectadas a Azure.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
Lector de facturaciónBilling Reader Permite acceso de lectura a los datos de facturación.Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Colaborador de plano técnicoBlueprint Contributor Puede administrar las definiciones del plano técnico, pero no asignarlas.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
Operador del plano técnicoBlueprint Operator Puede asignar los planos técnicos publicados existentes, pero no puede crear nuevos.Can assign existing published blueprints, but cannot create new blueprints. Tenga en cuenta que esto solo funciona si la asignación se realiza con una identidad administrada asignada por el usuario.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Colaborador de Cost ManagementCost Management Contributor Puede ver los costos y administrar la configuración de estos (por ejemplo, presupuestos, exportaciones)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Lector de Cost ManagementCost Management Reader Puede ver los datos de costo y la configuración (por ejemplo, presupuestos, exportaciones)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Administrador de configuración de jerarquíaHierarchy Settings Administrator Permite a los usuarios editar y eliminar la configuración de jerarquía.Allows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Clúster de Kubernetes: incorporación de Azure ArcKubernetes Cluster - Azure Arc Onboarding Definición de roles para permitir crear el recurso connectedClusters a cualquier usuario o servicioRole definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
Rol Colaborador de la aplicación administradaManaged Application Contributor Role Permite crear recursos de aplicaciones administradas.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Rol de operador de aplicación administradaManaged Application Operator Role Permite leer y realizar acciones en los recursos de aplicación administrada.Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Lector de aplicaciones administradasManaged Applications Reader Le permite leer los recursos de una aplicación administrada y solicitar acceso JIT.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
Rol para eliminar la asignación de registros de servicios administradosManaged Services Registration assignment Delete Role El rol para eliminar la asignación de registros de servicios administrados permite que los usuarios que administran el inquilino eliminen la asignación de registros asignada a su inquilino.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
Colaborador de grupo de administraciónManagement Group Contributor Rol de colaborador de grupo de administraciónManagement Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Lector de grupo de administraciónManagement Group Reader Rol de lector de grupo de administraciónManagement Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
Colaborador de la cuenta de NewRelic APMNew Relic APM Account Contributor Le permite administrar las aplicaciones y cuentas de Application Performance Management de New Relic, pero no acceder a ellas.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Escritor de datos de Policy Insights (versión preliminar)Policy Insights Data Writer (Preview) Permite el acceso de lectura a las directivas de los recursos y el acceso de escritura a los eventos de directiva de los componentes de los recursos.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
Comprador de reservasReservation Purchaser Permite comprar reservasLets you purchase reservations f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689
Colaborador de directivas de recursosResource Policy Contributor Los usuarios con derechos para crear o modificar la directiva de recursos pueden crear solicitudes de soporte técnico y leer los recursos o la jerarquía.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Colaborador de Site RecoverySite Recovery Contributor Permite administrar el servicio Site Recovery, excepto la creación de almacenes y la asignación de roles.Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Operador de Site RecoverySite Recovery Operator Permite realizar una conmutación por error o una conmutación por recuperación, pero no otras operaciones de administración de Site Recovery.Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Lector de Site RecoverySite Recovery Reader Permite visualizar el estado de Site Recovery, pero no realizar otras operaciones de administración.Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Colaborador de la solicitud de soporte técnicoSupport Request Contributor Permite crear y administrar solicitudes de soporte técnico.Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Colaborador de etiquetasTag Contributor Permite administrar etiquetas en las entidades sin proporcionar acceso a las entidades mismas.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
OtrosOther
Propietario de datos de Azure Digital TwinsAzure Digital Twins Data Owner Rol de acceso completo para plano de datos de Digital TwinsFull access role for Digital Twins data-plane bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe
Lector de datos de Azure Digital TwinsAzure Digital Twins Data Reader Rol de solo lectura para las propiedades del plano de datos de Digital TwinsRead-only role for Digital Twins data-plane properties d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3
Colaborador de BizTalkBizTalk Contributor Permite administrar los servicios de BizTalk, pero no acceder a ellos.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
Colaborador del grupo de aplicaciones de Desktop VirtualizationDesktop Virtualization Application Group Contributor Colaborador del grupo de aplicaciones de Desktop Virtualization.Contributor of the Desktop Virtualization Application Group. 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8
Lector del grupo de aplicaciones de Desktop VirtualizationDesktop Virtualization Application Group Reader Lector del grupo de aplicaciones de Desktop Virtualization.Reader of the Desktop Virtualization Application Group. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
Colaborador de virtualización del escritorioDesktop Virtualization Contributor Colaborador de Desktop Virtualization.Contributor of Desktop Virtualization. 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387
Colaborador del grupo de hosts de Desktop VirtualizationDesktop Virtualization Host Pool Contributor Colaborador del grupo de hosts de Desktop Virtualization.Contributor of the Desktop Virtualization Host Pool. e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc
Lector del grupo de hosts de Desktop VirtualizationDesktop Virtualization Host Pool Reader Lector del grupo de hosts de Desktop Virtualization.Reader of the Desktop Virtualization Host Pool. ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822
Lector de virtualización del escritorioDesktop Virtualization Reader Lector de Desktop Virtualization.Reader of Desktop Virtualization. 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868
Operador de host de sesión de Desktop VirtualizationDesktop Virtualization Session Host Operator Operador del host de sesión de Desktop Virtualization.Operator of the Desktop Virtualization Session Host. 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408
Usuario de Desktop VirtualizationDesktop Virtualization User Permite al usuario emplear las aplicaciones de un grupo de aplicaciones.Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Operador de sesión de usuario de Desktop VirtualizationDesktop Virtualization User Session Operator Operador de sesión de usuario de Desktop Virtualization.Operator of the Desktop Virtualization Uesr Session. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
Colaborador del área de trabajo de Desktop VirtualizationDesktop Virtualization Workspace Contributor Colaborador del área de trabajo de Desktop Virtualization.Contributor of the Desktop Virtualization Workspace. 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b
Lector del área de trabajo de Desktop VirtualizationDesktop Virtualization Workspace Reader Lector del área de trabajo de Desktop Virtualization.Reader of the Desktop Virtualization Workspace. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
Lector de copias de seguridad de discoDisk Backup Reader Proporciona permiso para realizar copias de seguridad del almacén para realizar copias de seguridad de disco.Provides permission to backup vault to perform disk backup. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24
Operador de restauración de discoDisk Restore Operator Proporciona permiso para realizar copias de seguridad del almacén para realizar restauraciones de disco.Provides permission to backup vault to perform disk restore. b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13
Colaborador de instantáneas de discosDisk Snapshot Contributor Proporciona permiso para realizar copias de seguridad del almacén para administrar instantáneas de disco.Provides permission to backup vault to manage disk snapshots. 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce
Colaborador de colecciones de trabajos de SchedulerScheduler Job Collections Contributor Permite administrar colecciones de trabajos de Scheduler, pero no acceder a ellas.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
Services Hub OperatorServices Hub Operator Services Hub Operator permite realizar todas las operaciones de lectura, escritura y eliminación relacionadas con los conectores de Services Hub.Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b

GeneralGeneral

ColaboradorContributor

Concede acceso completo para administrar todos los recursos, pero no le permite asignar roles en Azure RBAC, administrar asignaciones en Azure Blueprints ni compartir galerías de imágenes.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. Más informaciónLearn more

AccionesActions DescripciónDescription
* Crear y administrar recursos de todos los tiposCreate and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete Eliminar roles, asignaciones de directivas, definiciones de directiva y definiciones del conjunto de directivasDelete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write Crear roles, asignaciones de roles, asignaciones de directivas, definiciones de directiva y definiciones del conjunto de directivasCreate roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/actionMicrosoft.Authorization/elevateAccess/Action Concede al llamador acceso de administrador de acceso de usuario en el ámbito de inquilinosGrants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write Crear o actualizar cualquier asignación de planos técnicosCreate or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete Eliminar cualquier asignación de planos técnicosDelete any blueprint assignments
Microsoft.Compute/galleries/share/actionMicrosoft.Compute/galleries/share/action Permite compartir una galería con ámbitos diferentes.Shares a Gallery to different scopes
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

PropietarioOwner

Permite conceder acceso total para administrar todos los recursos, incluida la posibilidad de asignar roles en Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. Más informaciónLearn more

AccionesActions DescripciónDescription
* Crear y administrar recursos de todos los tiposCreate and manage resources of all types
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

LectorReader

Permite ver todos los recursos, pero no realizar ningún cambio.View all resources, but does not allow you to make any changes. Más informaciónLearn more

AccionesActions DescripciónDescription
*/read*/read Leer recursos de todos los tipos, excepto secretos.Read resources of all types, except secrets.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de acceso de usuarioUser Access Administrator

Permite administrar el acceso de usuario a los recursos de Azure.Lets you manage user access to Azure resources. Más informaciónLearn more

AccionesActions DescripciónDescription
*/read*/read Leer recursos de todos los tipos, excepto secretos.Read resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* Administrar la autorizaciónManage authorization
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ProcesoCompute

Colaborador de la máquina virtual clásicaClassic Virtual Machine Contributor

Permite administrar máquinas virtuales clásicas, pero no acceder a ellas, ni tampoco a la red virtual ni la cuenta de almacenamiento a las que están conectadas.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* Crear y administrar nombres de dominio de proceso clásicoCreate and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* Crear y administrar máquinas virtualesCreate and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action Vincula una IP reservadaLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read Obtiene las IP reservadasGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action Une la red virtual.Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read Obtiene la red virtual.Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read Devuelve el disco de la cuenta de almacenamiento.Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read Devuelve la imagen de la cuenta de almacenamiento.Returns the storage account image. (En desuso.(Deprecated. Use "Microsoft.ClassicStorage/storageAccounts/vmImages").Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Enumera las claves de acceso de las cuentas de almacenamiento.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Devuelve la cuenta de almacenamiento con la cuenta especificada.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Inicio de sesión de administrador de Virtual MachineVirtual Machine Administrator Login

Visualización de máquinas virtuales en el portal e inicio de sesión como administrador. Más informaciónView Virtual Machines in the portal and login as administrator Learn more

AccionesActions DescripciónDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtiene una definición de la dirección ip pública.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtiene una definición del equilibrador de cargaGets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtiene una definición de interfaz de red.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Iniciar sesión en una máquina virtual como usuario habitualLog in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action Iniciar de sesión en una máquina virtual con privilegios de administrador de Windows o de usuario raíz de LinuxLog in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de la máquina virtualVirtual Machine Contributor

Permite administrar máquinas virtuales, pero no acceder a ellas, ni tampoco a la red virtual ni la cuenta de almacenamiento a las que están conectadas.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* Crear y administrar conjuntos de disponibilidad de procesoCreate and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* Crear y administrar ubicaciones de procesoCreate and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* Realizar todas las acciones de las máquinas virtuales, como las de creación, actualización, eliminación, inicio, reinicio y apagado.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Ejecutar scripts predefinidos en máquinas virtuales.Execute predefined scripts on virtual machines.
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* Crear y administrar conjuntos de escalado de máquinas virtualesCreate and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write Crea un nuevo disco o actualiza uno ya existenteCreates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read Obtiene las propiedades de un discoGet the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete Elimina el discoDeletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action Se une a un grupo de direcciones de back-end de una puerta de enlace de aplicaciones.Joins an application gateway backend address pool. No genera alertas.Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action Se une a un grupo de direcciones de back-end del equilibrador de carga.Joins a load balancer backend address pool. No genera alertas.Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action Se une a conjuntos NAT de entrada del equilibrador de carga.Joins a load balancer inbound NAT pool. No genera alertas.Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action Se une a una regla NAT de entrada del equilibrador de carga.Joins a load balancer inbound nat rule. No genera alertas.Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action Permite usar sondeos de un equilibrador de carga.Allows using probes of a load balancer. Por ejemplo, con este permiso, la propiedad healthProbe de un conjunto de escalado de máquinas virtuales puede hacer referencia al sondeo.For example, with this permission healthProbe property of VM scale set can reference the probe. No genera alertas.Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtiene una definición del equilibrador de cargaGets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* Crear y administrar ubicaciones de redCreate and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* Crear y administrar interfaces de redCreate and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Se une a un grupo de seguridad de red.Joins a network security group. No genera alertas.Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read Obtiene una definición de grupo de seguridad de redGets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action Se une a una dirección IP pública.Joins a public ip address. No genera alertas.Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtiene una definición de la dirección ip pública.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Se une a una red virtual.Joins a virtual network. No genera alertas.Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crea una intención de protección de la copia de seguridad.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Devuelve detalles de objeto del elemento protegidoReturns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Crea un elemento protegido de copia de seguridadCreate a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Devuelve todas las directivas de protecciónReturns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write Crea una directiva de protecciónCreates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read La operación Get Vault obtiene un objeto que representa el recurso de Azure del tipo "almacén"The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Devuelve los detalles de uso de un almacén de Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write La operación Create Vault crea un recurso de Azure del tipo "almacén"Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Devuelve las claves de acceso de la cuenta de almacenamiento especificada.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Devuelve la lista de cuentas de almacenamiento u obtiene las propiedades de la cuenta de almacenamiento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Inicio de sesión de usuario de Virtual MachineVirtual Machine User Login

Visualización de máquinas virtuales en el portal e inicio de sesión como usuario normal.View Virtual Machines in the portal and login as a regular user. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtiene una definición de la dirección ip pública.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtiene una definición del equilibrador de cargaGets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtiene una definición de interfaz de red.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Iniciar sesión en una máquina virtual como usuario habitualLog in to a virtual machine as a regular user
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RedesNetworking

Colaborador de punto de conexión de CDNCDN Endpoint Contributor

Puede administrar puntos de conexión de CDN, pero no conceder acceso a otros usuarios.Can manage CDN endpoints, but can't grant access to other users.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de punto de conexión de CDNCDN Endpoint Reader

Puede ver puntos de conexión de CDN, pero no hacer cambios.Can view CDN endpoints, but can't make changes.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de perfil de CDNCDN Profile Contributor

Puede administrar perfiles de CDN y sus puntos de conexión, pero no conceder acceso a otros usuarios.Can manage CDN profiles and their endpoints, but can't grant access to other users. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de perfil de CDNCDN Profile Reader

Puede ver perfiles de CDN y sus puntos de conexión, pero no hacer cambios.Can view CDN profiles and their endpoints, but can't make changes.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de la red clásicaClassic Network Contributor

Permite administrar las redes clásicas, pero no acceder a ellas.Lets you manage classic networks, but not access to them. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* Crear y administrar redes clásicasCreate and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de zona DNSDNS Zone Contributor

Permite administrar zonas y conjuntos de registros DNS en Azure DNS, pero no controlar los usuarios que tienen acceso.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* Crear y administrar registros y zonas DNSCreate and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de la redNetwork Contributor

Permite administrar redes, pero no acceder a ellas.Lets you manage networks, but not access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* Crear y administrar redesCreate and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de zona DNS privadaPrivate DNS Zone Contributor

Permite administrar recursos de zonas DNS privadas, pero no las redes virtuales a las que están vinculados.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action Se une a una red virtual.Joins a virtual network. No genera alertas.Not Alertable.
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Traffic ManagerTraffic Manager Contributor

Le permite administrar perfiles de Traffic Manager, pero no controlar los usuarios que tienen acceso a ellos.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

StorageStorage

Colaborador de AvereAvere Contributor

Puede crear y administrar un clúster de Avere vFXT.Can create and manage an Avere vFXT cluster. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtiene una definición de subred de red virtualGets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Se une a una red virtual.Joins a virtual network. No genera alertas.Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Combina un recurso como una cuenta de almacenamiento o una instancia de SQL Database con una subred.Joins resource such as storage account or SQL database to a subnet. No genera alertas.Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Se une a un grupo de seguridad de red.Joins a network security group. No genera alertas.Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Crear y administrar cuentas de almacenamientoCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read Obtiene los recursos del grupo de recursos.Gets the resources for the resource group.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Devuelve el resultado de la eliminación de un blob.Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Devuelve un blob o una lista de blobs.Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Devuelve el resultado de la escritura de un blob.Returns the result of writing a blob
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de AvereAvere Operator

Lo usa el clúster de Avere vFXT para su administración. Más informaciónUsed by the Avere vFXT cluster to manage the cluster Learn more

AccionesActions DescripciónDescription
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read Obtiene las propiedades de una máquina virtualGet the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtiene una definición de interfaz de red.Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write Crea una interfaz de red o actualiza una interfaz de red existente.Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtiene una definición de subred de red virtualGets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Se une a una red virtual.Joins a virtual network. No genera alertas.Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Se une a un grupo de seguridad de red.Joins a network security group. No genera alertas.Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Devuelve el resultado de la eliminación de un contenedor.Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Devuelve una lista de contenedores.Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Devuelve el resultado del contenedor de blobs de colocación.Returns the result of put blob container
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Devuelve el resultado de la eliminación de un blob.Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Devuelve un blob o una lista de blobs.Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Devuelve el resultado de la escritura de un blob.Returns the result of writing a blob
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de copias de seguridadBackup Contributor

Permite administrar el servicio de copias de seguridad, pero no puede crear almacenes ni conceder acceso a otros usuarios. Más informaciónLets you manage backup service, but can't create vaults and give access to others Learn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Administrar los resultados de la operación de administración de copias de seguridadManage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Crear y administrar contenedores de copias de seguridad dentro de tejidos de copia de seguridad del almacén de Recovery ServicesCreate and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualiza la lista de contenedoresRefreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Crear y administrar trabajos de copia de seguridadCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exporta trabajosExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Crear y administrar resultados de operaciones de administración de copias de seguridadCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* Crear y administrar directivas de copia de seguridadCreate and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Crear y administrar elementos de los que se puede realizar una copia de seguridadCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* Crear y administrar elementos de los que se ha realizado una copia de seguridadCreate and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Crear y administrar contenedores que incluyen elementos de copia de seguridadCreate and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Devuelve resúmenes de los elementos y servidores protegidos para un almacén de Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Crear y administrar certificados relacionados con copias de seguridad en el almacén de Recovery ServicesCreate and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Crear y administrar información ampliada relacionada con el almacénCreate and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtiene las alertas del almacén de Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read La operación Get Vault obtiene un objeto que representa el recurso de Azure del tipo "almacén"The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Crear y administrar identidades registradasCreate and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Crear y administrar el uso del almacén de Recovery ServicesCreate and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Devuelve la lista de cuentas de almacenamiento u obtiene las propiedades de la cuenta de almacenamiento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valida la operación en el elemento protegido.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write La operación Create Vault crea un recurso de Azure del tipo "almacén"Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Devuelve el estado de la operación de Backup para el almacén de Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Devuelve todos los servidores de administración de copia de seguridad que se registraron con el almacén.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtiene todos los contenedores que se pueden proteger.Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Comprueba el estado de la copia de seguridad de los almacenes de Recovery Services.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valida las características.Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resuelve la alerta.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read La operación devuelve la lista de operaciones de un proveedor de recursos.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtiene el estado de la operación para una operación determinada.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Enumera todas las intenciones de protección de la copia de seguridad.List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de copias de seguridadBackup Operator

Permite administrar los servicios de copias de seguridad, excepto la eliminación de copias de seguridad, la creación de almacenes y la concesión de acceso a otros usuarios. Más informaciónLets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtiene la definición de red virtualGet the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Devuelve el estado de la operaciónReturns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtiene los resultados de la operación realizada en el contenedor de protección.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Hace una copia de seguridad del elemento protegido.Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtiene el resultado de la operación realizada en los elementos protegidos.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Devuelve el estado de la operación realizada en los elementos protegidos.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Devuelve detalles de objeto del elemento protegidoReturns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Aprovisiona una recuperación de elementos instantánea para los elementos protegidosProvision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/actionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action Obtiene AccessToken para la restauración entre regiones.Get AccessToken for Cross Region Restore.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtiene los puntos de recuperación de los elementos protegidos.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Restaura los puntos de recuperación de los elementos protegidos.Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Revoca la recuperación de elementos instantánea para los elementos protegidosRevoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Crea un elemento protegido de copia de seguridadCreate a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Devuelve todos los contenedores registradosReturns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualiza la lista de contenedoresRefreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Crear y administrar trabajos de copia de seguridadCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exporta trabajosExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Crear y administrar resultados de operaciones de administración de copias de seguridadCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtiene los resultados de la operación de directiva.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Devuelve todas las directivas de protecciónReturns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Crear y administrar elementos de los que se puede realizar una copia de seguridadCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Devuelve la lista de todos los elementos protegidos.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Devuelve todos los contenedores que pertenecen a la suscripciónReturns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Devuelve resúmenes de los elementos y servidores protegidos para un almacén de Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write La operación Actualizar certificado de recursos permite actualizar el certificado de credencial de recursos o almacenes.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read La operación Obtener información adicional obtiene la información adicional de un objeto que representa el recurso de Azure de tipo ?almacén?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write La operación Obtener información adicional obtiene la información adicional de un objeto que representa el recurso de Azure de tipo ?almacén?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtiene las alertas del almacén de Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read La operación Get Vault obtiene un objeto que representa el recurso de Azure del tipo "almacén"The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read La operación Obtener resultados de la operación se puede usar para obtener el estado y el resultado de la operación enviada de forma asincrónicaThe Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read La operación Obtener contenedores se puede usar para obtener los contenedores registrados para un recurso.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write La operación Registrar contenedor de servicios se puede usar para registrar un contenedor con servicio de recuperación.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Devuelve los detalles de uso de un almacén de Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Devuelve la lista de cuentas de almacenamiento u obtiene las propiedades de la cuenta de almacenamiento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valida la operación en el elemento protegido.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Devuelve el estado de la operación de Backup para el almacén de Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtiene el estado de la operación de directiva.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Crea un contenedor registrado.Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Realiza consultas para las cargas de trabajo de un contenedor.Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Devuelve todos los servidores de administración de copia de seguridad que se registraron con el almacén.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crea una intención de protección de la copia de seguridad.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Obtiene una intención de protección de la copia de seguridad.Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtiene todos los contenedores que se pueden proteger.Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtiene todos los elementos de un contenedor.Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Comprueba el estado de la copia de seguridad de los almacenes de Recovery Services.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valida las características.Validate Features
Microsoft.RecoveryServices/locations/backupAadProperties/readMicrosoft.RecoveryServices/locations/backupAadProperties/read Obtiene las propiedades de AAD para la autenticación en la tercera región para la restauración entre regiones.Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft.RecoveryServices/locations/backupCrrJobs/actionMicrosoft.RecoveryServices/locations/backupCrrJobs/action Enumera los trabajos de restauración entre regiones en la región secundaria del almacén de Recovery Services.List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrJob/actionMicrosoft.RecoveryServices/locations/backupCrrJob/action Obtiene los detalles del trabajo de restauración entre regiones en la región secundaria del almacén de Recovery Services.Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/actionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action Desencadena la restauración entre regiones.Trigger Cross region restore.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/readMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read Devuelve el resultado de la operación CRR para el almacén de Recovery Services.Returns CRR Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/readMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read Devuelve el estado de la operación CRR para el almacén de Recovery Services.Returns CRR Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resuelve la alerta.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read La operación devuelve la lista de operaciones de un proveedor de recursos.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtiene el estado de la operación para una operación determinada.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Enumera todas las intenciones de protección de la copia de seguridad.List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de copias de seguridadBackup Reader

Puede ver servicios de copia de seguridad, pero no puede realizar cambios. Más informaciónCan view backup services, but can't make changes Learn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp es una operación interna que el servicio usaGetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Devuelve el estado de la operaciónReturns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtiene los resultados de la operación realizada en el contenedor de protección.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtiene el resultado de la operación realizada en los elementos protegidos.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Devuelve el estado de la operación realizada en los elementos protegidos.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Devuelve detalles de objeto del elemento protegidoReturns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtiene los puntos de recuperación de los elementos protegidos.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Devuelve todos los contenedores registradosReturns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read Devuelve el resultado de la operación de trabajo.Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read Devuelve todos los objetos de trabajoReturns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exporta trabajosExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Devuelve el resultado de la operación de Backup para el almacén de Recovery Services.Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtiene los resultados de la operación de directiva.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Devuelve todas las directivas de protecciónReturns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Devuelve la lista de todos los elementos protegidos.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Devuelve todos los contenedores que pertenecen a la suscripciónReturns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Devuelve resúmenes de los elementos y servidores protegidos para un almacén de Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read La operación Obtener información adicional obtiene la información adicional de un objeto que representa el recurso de Azure de tipo ?almacén?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtiene las alertas del almacén de Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read La operación Get Vault obtiene un objeto que representa el recurso de Azure del tipo "almacén"The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read La operación Obtener resultados de la operación se puede usar para obtener el estado y el resultado de la operación enviada de forma asincrónicaThe Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read La operación Obtener contenedores se puede usar para obtener los contenedores registrados para un recurso.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Devuelve la configuración de almacenamiento del almacén de Recovery Services.Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Devuelve la configuración del almacén de Recovery Services.Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Devuelve el estado de la operación de Backup para el almacén de Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtiene el estado de la operación de directiva.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Devuelve todos los servidores de administración de copia de seguridad que se registraron con el almacén.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Obtiene una intención de protección de la copia de seguridad.Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtiene todos los elementos de un contenedor.Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Comprueba el estado de la copia de seguridad de los almacenes de Recovery Services.Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resuelve la alerta.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read La operación devuelve la lista de operaciones de un proveedor de recursos.Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtiene el estado de la operación para una operación determinada.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Enumera todas las intenciones de protección de la copia de seguridad.List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Devuelve los detalles de uso de un almacén de Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valida las características.Validate Features
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de cuentas de almacenamiento clásicoClassic Storage Account Contributor

Permite administrar cuentas de almacenamiento clásicas, pero no acceder a ellas.Lets you manage classic storage accounts, but not access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* Crear y administrar cuentas de almacenamientoCreate and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rol de servicio de operador de claves de cuentas de almacenamiento clásicasClassic Storage Account Key Operator Service Role

Los operadores de claves de cuentas de almacenamiento clásicas pueden enumerar y regenerar claves en cuentas de almacenamiento clásicas. Más informaciónClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

AccionesActions DescripciónDescription
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action Enumera las claves de acceso de las cuentas de almacenamiento.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action Regenera las claves de acceso existentes de la cuenta de almacenamiento.Regenerates the existing access keys for the storage account.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Data BoxData Box Contributor

Permite administrarlo todo en el servicio Data Box, excepto dar acceso a otros usuarios.Lets you manage everything under Data Box Service except giving access to others. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de Data BoxData Box Reader

Permite administrar el servicio Data Box excepto la creación o edición de detalles de pedido y dar acceso a otros usuarios.Lets you manage Data Box Service except creating order or editing order details and giving access to others. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action Enumera las credenciales sin cifrar relacionadas con el pedido.Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action Este método devuelve la lista de SKU disponibles.This method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action Este método realiza todo tipo de validaciones.This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action Este método devuelve las configuraciones de la región.This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action Valida la dirección de envío y proporciona direcciones alternativas, si existen.Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Desarrollador de Data Lake AnalyticsData Lake Analytics Developer

Le permite enviar, supervisar y administrar sus propios trabajos, pero no crear ni eliminar cuentas de Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete Elimina la cuenta de DataLakeAnalytics.Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action Concede permisos para cancelar trabajos que enviaron otros usuarios.Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write Crea o actualiza una cuenta de DataLakeAnalytics.Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write Crea o actualiza una cuenta vinculada de DataLakeStore en la cuenta de DataLakeAnalytics.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete Anula la vinculación de una cuenta de DataLakeStore a la cuenta de DataLakeAnalytics.Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write Crea o actualiza una cuenta de almacenamiento vinculada a una cuenta de DataLakeAnalytics.Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete Anula la vinculación de una cuenta de almacenamiento a la cuenta de DataLakeAnalytics.Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write Crea o actualiza una regla de firewall.Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete Elimina una regla de firewall.Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write Crea o actualiza una directiva de proceso.Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete Elimina una directiva de proceso.Delete a compute policy.
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector y acceso a los datosReader and Data Access

Permite ver todo el contenido, pero no eliminar ni crear una cuenta de almacenamiento ni un recurso incluido.Lets you view everything but will not let you delete or create a storage account or contained resource. También permitirá el acceso de lectura o escritura para todos los datos incluidos en una cuenta de almacenamiento a través del acceso a las claves de la cuenta de almacenamiento.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Devuelve las claves de acceso de la cuenta de almacenamiento especificada.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action Devuelve el token de SAS de la cuenta de almacenamiento especificada.Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Devuelve la lista de cuentas de almacenamiento u obtiene las propiedades de la cuenta de almacenamiento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de la cuenta de almacenamientoStorage Account Contributor

Permite la administración de cuentas de almacenamiento.Permits management of storage accounts. Proporciona acceso a la clave de cuenta, que puede usarse para tener acceso a datos a través de la autorización de clave compartida.Provides access to the account key, which can be used to access data via Shared Key authorization. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crea, actualiza o lee la configuración de diagnóstico de Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Combina un recurso como una cuenta de almacenamiento o una instancia de SQL Database con una subred.Joins resource such as storage account or SQL database to a subnet. No genera alertas.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Crear y administrar cuentas de almacenamientoCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rol de servicio de operador de claves de cuentas de almacenamientoStorage Account Key Operator Service Role

Permite enumerar y regenerar claves de acceso de la cuenta de almacenamiento.Permits listing and regenerating storage account access keys. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action Devuelve las claves de acceso de la cuenta de almacenamiento especificada.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action Regenera las claves de acceso de la cuenta de almacenamiento especificada.Regenerates the access keys for the specified storage account.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de datos de blobs de almacenamientoStorage Blob Data Contributor

Lee, escribe y elimina blobs y contenedores de Azure Storage.Read, write, and delete Azure Storage containers and blobs. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Elimina un contenedor.Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Devuelve un contenedor o una lista de contenedores.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Modifica los metadatos o las propiedades de un contenedor.Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Devuelve una clave de delegación de usuarios para la instancia de Blob service.Returns a user delegation key for the Blob service.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Eliminar un blob.Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Devuelve un blob o una lista de blobs.Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action Mueve el blob de una ruta de acceso a otra.Moves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Escribe en un blob.Write to a blob.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propietario de datos de blobs de almacenamientoStorage Blob Data Owner

Proporciona acceso total a los contenedores de blobs y los datos de Azure Storage, incluida la asignación de control de acceso POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* Todos los permisos en los contenedores.Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Devuelve una clave de delegación de usuarios para la instancia de Blob service.Returns a user delegation key for the Blob service.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Todos los permisos en los blobs.Full permissions on blobs.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de datos de blobs de almacenamientoStorage Blob Data Reader

Lee y enumera blobs y contenedores de Azure Storage.Read and list Azure Storage containers and blobs. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Devuelve un contenedor o una lista de contenedores.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Devuelve una clave de delegación de usuarios para la instancia de Blob service.Returns a user delegation key for the Blob service.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Devuelve un blob o una lista de blobs.Return a blob or a list of blobs.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Delegador de Blob StorageStorage Blob Delegator

Obtiene una clave de delegación de usuarios, que se puede usar a continuación para crear una firma de acceso compartido para un contenedor o un blob firmado con credenciales de Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Para más información, vea Creación de SAS de delegación de usuarios.For more information, see Create a user delegation SAS. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Devuelve una clave de delegación de usuarios para la instancia de Blob service.Returns a user delegation key for the Blob service.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Contributor

Permite el acceso de lectura, escritura y eliminación a los archivos y directorios de los recursos compartidos de Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Este rol no tiene ningún equivalente integrado en los servidores de archivos de Windows.This role has no built-in equivalent on Windows file servers. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Devuelve un archivo o una carpeta, o bien una lista de archivos o carpetas.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Devuelve el resultado de escribir un archivo o de crear una carpeta.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Devuelve el resultado de eliminar un archivo o una carpeta.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador elevado de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Elevated Contributor

Permite el acceso de lectura, escritura, eliminación y modificación de ACL en los archivos y directorios de los recursos compartidos de Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Este rol es equivalente a una ACL de recurso compartido de cambio en los servidores de archivos de Windows.This role is equivalent to a file share ACL of change on Windows file servers. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Devuelve un archivo o una carpeta, o bien una lista de archivos o carpetas.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Devuelve el resultado de escribir un archivo o de crear una carpeta.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Devuelve el resultado de eliminar un archivo o una carpeta.Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action Devuelve el resultado de modificar el permiso en un archivo o una carpeta.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de recursos compartidos de SMB de datos de archivos de StorageStorage File Data SMB Share Reader

Permite el acceso de lectura a los archivos y directorios de los recursos compartidos de Azure.Allows for read access on files/directories in Azure file shares. Este rol es equivalente a una ACL de recurso compartido de lectura en los servidores de archivos de Windows.This role is equivalent to a file share ACL of read on Windows file servers. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Devuelve un archivo o una carpeta, o bien una lista de archivos o carpetas.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de datos de la cola de StorageStorage Queue Data Contributor

Lee, escribe y elimina los mensajes de la cola y a la cola de Azure Storage.Read, write, and delete Azure Storage queues and queue messages. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete Elimina una cola.Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Devuelve una cola o una lista de colas.Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write Modifica las propiedades o los metadatos de la cola.Modify queue metadata or properties.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete Elimina uno o más mensajes de una cola.Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Consulta o recupera uno o más mensajes de una cola.Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write Agrega un mensaje a una cola.Add a message to a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Devuelve el resultado de procesar un mensaje.Returns the result of processing a message
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Procesador de mensajes de datos de la cola de StorageStorage Queue Data Message Processor

Consulta, recupera y elimina un mensaje de una cola de Azure Storage.Peek, retrieve, and delete a message from an Azure Storage queue. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Consulta un mensaje.Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Recupera y elimina un mensaje.Retrieve and delete a message.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Emisor de mensajes de datos de la cola de StorageStorage Queue Data Message Sender

Agrega mensaje a una cola de Azure Storage.Add messages to an Azure Storage queue. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action Agrega un mensaje a una cola.Add a message to a queue.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de datos de la cola de StorageStorage Queue Data Reader

Lee y enumera los mensajes de la cola y las colas de Azure Storage.Read and list Azure Storage queues and queue messages. Para aprender qué acciones son necesarias para una operación de datos determinada, consulte Permissions for calling blob and queue data operations (Permisos para llamar a operaciones de datos de blob y de cola).To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Devuelve una cola o una lista de colas.Returns a queue or a list of queues.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Consulta o recupera uno o más mensajes de una cola.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Colaborador de datos de Azure MapsAzure Maps Data Contributor

Conde acceso para leer, escribir y eliminar datos relacionados con mapas desde una cuenta de mapas de Azure.Grants access to read, write, and delete access to map related data from an Azure maps account. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
Microsoft.Maps/accounts/*/writeMicrosoft.Maps/accounts/*/write
Microsoft.Maps/accounts/*/deleteMicrosoft.Maps/accounts/*/delete
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Maps Data ReaderAzure Maps Data Reader

Concede acceso de lectura a los datos de los mapas de una cuenta de Azure Maps.Grants access to read map related data from an Azure maps account. Más informaciónLearn more

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador del servicio de búsquedaSearch Service Contributor

Permite administrar los servicios de Búsqueda, pero no acceder a ellos.Lets you manage Search services, but not access to them. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* Crear y administrar servicios de búsquedaCreate and manage search services
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector AccessKey de SignalRSignalR AccessKey Reader

Lee las claves de acceso de SignalR Service.Read SignalR Service Access Keys

AccionesActions DescripciónDescription
Microsoft.SignalRService/*/readMicrosoft.SignalRService/*/read
Microsoft.SignalRService/SignalR/listkeys/actionMicrosoft.SignalRService/SignalR/listkeys/action Visualiza el valor de las claves de acceso de SignalR en el portal de administración o mediante de la API.View the value of SignalR access keys in the management portal or through API
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Servidor de aplicaciones de SignalR (versión preliminar)SignalR App Server (Preview)

Permite que el servidor de aplicaciones acceda al servicio SignalR con opciones de autenticación de AAD.Lets your app server access SignalR Service with AAD auth options.

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.SignalRService/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action Genera una clave AccessKey temporal para firmar ClientTokens.Generate a temporary AccessKey for signing ClientTokens.
Microsoft.SignalRService/SignalR/serverConnection/writeMicrosoft.SignalRService/SignalR/serverConnection/write Inicia una conexión de servidor.Start a server connection.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de SignalRSignalR Contributor

Crea, lee, actualiza y elimina recursos del servicio SignalR.Create, Read, Update, and Delete SignalR service resources

AccionesActions DescripciónDescription
Microsoft.SignalRService/*Microsoft.SignalRService/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador sin servidor de SignalR (versión preliminar)SignalR Serverless Contributor (Preview)

Permite que el servicio de acceso a la aplicación esté en modo sin servidor con opciones de autenticación de AAD.Lets your app access service in serverless mode with AAD auth options.

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.SignalRService/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action Genera un ClientToken para iniciar una conexión de cliente.Generate a ClientToken for starting a client connection.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app access service in serverless mode with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Serverless Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propietario de SignalR Service (versión preliminar)SignalR Service Owner (Preview)

Acceso completo a las API REST de Azure SignalR Service.Full access to Azure SignalR Service REST APIs

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.SignalRService/SignalR/hub/send/actionMicrosoft.SignalRService/SignalR/hub/send/action Difunde mensajes a todas las conexiones de cliente en el concentrador.Broadcast messages to all client connections in hub.
Microsoft.SignalRService/SignalR/group/send/actionMicrosoft.SignalRService/SignalR/group/send/action Difunde el mensaje al grupo.Broadcast message to group.
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read Comprueba la existencia del grupo o la existencia del usuario en el grupo.Check group existence or user existence in group.
Microsoft.SignalRService/SignalR/group/writeMicrosoft.SignalRService/SignalR/group/write Se une a grupos o los abandona.Join / Leave group.
Microsoft.SignalRService/SignalR/clientConnection/send/actionMicrosoft.SignalRService/SignalR/clientConnection/send/action Envía mensajes directamente a una conexión de cliente.Send messages directly to a client connection.
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read Comprueba la existencia de la conexión de cliente.Check client connection existence.
Microsoft.SignalRService/SignalR/clientConnection/writeMicrosoft.SignalRService/SignalR/clientConnection/write Cierra la conexión de cliente.Close client connection.
Microsoft.SignalRService/SignalR/user/send/actionMicrosoft.SignalRService/SignalR/user/send/action Envía mensajes a un usuario, que puede tener varias conexiones de cliente.Send messages to user, who may consist of multiple client connections.
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read Comprueba la existencia del usuario.Check user existence.
Microsoft.SignalRService/SignalR/user/writeMicrosoft.SignalRService/SignalR/user/write
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de SignalR Service (versión preliminar)SignalR Service Reader (Preview)

Acceso de solo lectura a las API REST de Azure SignalR Service.Read-only access to Azure SignalR Service REST APIs

AccionesActions DescripciónDescription
Ningunanone
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read Comprueba la existencia del grupo o la existencia del usuario en el grupo.Check group existence or user existence in group.
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read Comprueba la existencia de la conexión de cliente.Check client connection existence.
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read Comprueba la existencia del usuario.Check user existence.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de plan webWeb Plan Contributor

Permite administrar los planes web para sitios web, pero no acceder a ellos.Lets you manage the web plans for websites, but not access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* Crear y administrar granjas de servidoresCreate and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action Se une a App Service Environment.Joins an App Service Environment
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de sitio webWebsite Contributor

Permite administrar los sitios web (no planes web), pero no acceder a ellos.Lets you manage websites (not web plans), but not access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Crear y administrar componentes de InsightsCreate and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* Crear y administrar certificados de sitios webCreate and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read Obtiene los nombres de sitios asignados al nombre de host.Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action Unirse a un plan de App ServiceJoins an App Service Plan
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Obtiene las propiedades de un plan de App ServiceGet the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* Crear y administrar sitios web (la creación de sitios también requiere permisos de escritura para el plan de App Service asociado)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContenedoresContainers

AcrDeleteAcrDelete

EliminarACR Más informaciónacr delete Learn more

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete Eliminar artefacto de un registro de contenedor.Delete artifact in a container registry.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

Firmante la imagen de ACR Más informaciónacr image signer Learn more

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write Inserta o extrae metadatos de confianza en el contenido para un registro de contenedor.Push/Pull content trust metadata for a container registry.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

Extraer ACR Más informaciónacr pull Learn more

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Extrae u obtiene imágenes de un registro de contenedor.Pull or Get images from a container registry.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

Insertar ACR Más informaciónacr push Learn more

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Extrae u obtiene imágenes de un registro de contenedor.Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write Inserta o escribe imágenes en un registro de contenedor.Push or Write images to a container registry.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

Lector de datos de cuarentena de ACRacr quarantine data reader

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Extrae u obtiene imágenes en cuarentena de un registro de contenedorPull or Get quarantined images from container registry
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

Escritura de datos de cuarentena de ACRacr quarantine data writer

AccionesActions DescripciónDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Extrae u obtiene imágenes en cuarentena de un registro de contenedorPull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write Escribe o modifica el estado de cuarentena de las imágenes que estén en cuarentenaWrite/Modify quarantine state of quarantined images
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rol de administrador de clúster de Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role

Enumerar la acción de credenciales administrativas del clúster.List cluster admin credential action. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action Muestra la credencial clusterAdmin de un clúster administrado.List the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action Obtiene el perfil de acceso de un clúster administrados por nombre de rol mediante las credenciales de la listaGet a managed cluster access profile by role name using list credential
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtiene un clúster administradoGet a managed cluster
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rol de usuario de clúster de Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role

Enumerar la acción de credenciales de usuario del clúster.List cluster user credential action. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Muestra la credencial clusterUser de un clúster administrado.List the clusterUser credential of a managed cluster
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtiene un clúster administradoGet a managed cluster
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rol de colaborador de Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role

Concede acceso de lectura y escritura a los clústeres de Azure Kubernetes Service Más informaciónGrants access to read and write Azure Kubernetes Service clusters Learn more

AccionesActions DescripciónDescription
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtiene un clúster administradoGet a managed cluster
Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write Crea un nuevo clúster administrado o actualiza uno existente.Creates a new managed cluster or updates an existing one
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Admin

Permite administrar todos los recursos en un clúster o espacio de nombres, excepto actualizar o eliminar cuotas de recursos y espacios de nombres.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crea o actualiza una implementación.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtiene los resultados de la operación de suscripción.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtiene la lista de suscripciones.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Muestra la credencial clusterUser de un clúster administrado.List the clusterUser credential of a managed cluster
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write Escribe resourcequotas.Writes resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete Elimina resourcequotas.Deletes resourcequotas
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write Escribe espacios de nombres.Writes namespaces
Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete Elimina espacios de nombres.Deletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de clúster de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Cluster Admin

Permite administrar todos los recursos del clúster.Lets you manage all resources in the cluster. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crea o actualiza una implementación.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtiene los resultados de la operación de suscripción.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtiene la lista de suscripciones.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Muestra la credencial clusterUser de un clúster administrado.List the clusterUser credential of a managed cluster
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Reader

Permite el acceso de solo lectura para ver la mayoría de los objetos en un espacio de nombres.Allows read-only access to see most objects in a namespace. No permite la visualización de roles o enlaces de roles.It does not allow viewing roles or role bindings. Este rol no permite visualización de secretos, ya que leer el contenido de estos permite el acceso a las credenciales de ServiceAccount en el espacio de nombres, que permitiría el acceso a la API como cualquier ServiceAccount en el espacio de nombres (una forma de elevación de privilegios).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Al aplicar este rol en el ámbito del clúster, se proporcionará acceso a todos los espacios de nombres.Applying this role at cluster scope will give access across all namespaces. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crea o actualiza una implementación.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtiene los resultados de la operación de suscripción.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtiene la lista de suscripciones.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lee controllerrevisions.Reads controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/readMicrosoft.ContainerService/managedClusters/apps/daemonsets/read Lee daemonsets.Reads daemonsets
Microsoft.ContainerService/managedClusters/apps/deployments/readMicrosoft.ContainerService/managedClusters/apps/deployments/read Lee implementaciones.Reads deployments
Microsoft.ContainerService/managedClusters/apps/replicasets/readMicrosoft.ContainerService/managedClusters/apps/replicasets/read Lee replicasets.Reads replicasets
Microsoft.ContainerService/managedClusters/apps/statefulsets/readMicrosoft.ContainerService/managedClusters/apps/statefulsets/read Lee statefulsets.Reads statefulsets
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/readMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read Lee horizontalpodautoscalers.Reads horizontalpodautoscalers
Microsoft.ContainerService/managedClusters/batch/cronjobs/readMicrosoft.ContainerService/managedClusters/batch/cronjobs/read Lee cronjobs.Reads cronjobs
Microsoft.ContainerService/managedClusters/batch/jobs/readMicrosoft.ContainerService/managedClusters/batch/jobs/read Lee trabajos.Reads jobs
Microsoft.ContainerService/managedClusters/configmaps/readMicrosoft.ContainerService/managedClusters/configmaps/read Lee configmaps.Reads configmaps
Microsoft.ContainerService/managedClusters/endpoints/readMicrosoft.ContainerService/managedClusters/endpoints/read Lee puntos de conexión.Reads endpoints
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lee eventos.Reads events
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read Lee eventos.Reads events
Microsoft.ContainerService/managedClusters/extensions/daemonsets/readMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read Lee daemonsets.Reads daemonsets
Microsoft.ContainerService/managedClusters/extensions/deployments/readMicrosoft.ContainerService/managedClusters/extensions/deployments/read Lee implementaciones.Reads deployments
Microsoft.ContainerService/managedClusters/extensions/ingresses/readMicrosoft.ContainerService/managedClusters/extensions/ingresses/read Lee entradas.Reads ingresses
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/readMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read Lee networkpolicies.Reads networkpolicies
Microsoft.ContainerService/managedClusters/extensions/replicasets/readMicrosoft.ContainerService/managedClusters/extensions/replicasets/read Lee replicasets.Reads replicasets
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read Lee limitranges.Reads limitranges
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read Lee espacios de nombres.Reads namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read Lee entradas.Reads ingresses
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read Lee networkpolicies.Reads networkpolicies
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/readMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read Lee persistentvolumeclaims.Reads persistentvolumeclaims
Microsoft.ContainerService/managedClusters/pods/readMicrosoft.ContainerService/managedClusters/pods/read Lee pods.Reads pods
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/readMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read Lee poddisruptionbudgets.Reads poddisruptionbudgets
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lee replicationcontrollers.Reads replicationcontrollers
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lee replicationcontrollers.Reads replicationcontrollers
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Lee resourcequotas.Reads resourcequotas
Microsoft.ContainerService/managedClusters/serviceaccounts/readMicrosoft.ContainerService/managedClusters/serviceaccounts/read Lee serviceaccounts.Reads serviceaccounts
Microsoft.ContainerService/managedClusters/services/readMicrosoft.ContainerService/managedClusters/services/read Lee servicios.Reads services
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Escritor de Azure Kubernetes Service RBACAzure Kubernetes Service RBAC Writer

Permite el acceso de lectura y escritura a la mayoría de los objetos de un espacio de nombres. Este rol no permite ver ni modificar roles ni enlaces de roles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Sin embargo, este rol permite acceder a secretos y ejecutar pods como cualquier ServiceAccount en el espacio de nombres, por lo que se puede usar para obtener los niveles de acceso de la API de cualquier ServiceAccount en el espacio de nombres.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Al aplicar este rol en el ámbito del clúster, se proporcionará acceso a todos los espacios de nombres.Applying this role at cluster scope will give access across all namespaces. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crea o actualiza una implementación.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtiene los resultados de la operación de suscripción.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtiene la lista de suscripciones.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lee controllerrevisions.Reads controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/*
Microsoft.ContainerService/managedClusters/apps/deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/*
Microsoft.ContainerService/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/*
Microsoft.ContainerService/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/*
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft.ContainerService/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/*
Microsoft.ContainerService/managedClusters/batch/jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/*
Microsoft.ContainerService/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/*
Microsoft.ContainerService/managedClusters/endpoints/*Microsoft.ContainerService/managedClusters/endpoints/*
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lee eventos.Reads events
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read Lee eventos.Reads events
Microsoft.ContainerService/managedClusters/extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/*
Microsoft.ContainerService/managedClusters/extensions/deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/*
Microsoft.ContainerService/managedClusters/extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/*
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*
Microsoft.ContainerService/managedClusters/extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/*
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read Lee limitranges.Reads limitranges
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read Lee espacios de nombres.Reads namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
Microsoft.ContainerService/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/*
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Lee resourcequotas.Reads resourcequotas
Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
Microsoft.ContainerService/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/*
Microsoft.ContainerService/managedClusters/services/*Microsoft.ContainerService/managedClusters/services/*
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Bases de datosDatabases

Rol de lector de cuentas de Cosmos DBCosmos DB Account Reader Role

Puede leer los datos de cuentas de Azure Cosmos DB.Can read Azure Cosmos DB account data. Vea Colaborador de cuenta de DocumentDB para administrar cuentas de Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read Leer cualquier colecciónRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action Lee las claves de solo lectura de la cuenta de base de datos.Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read Lee definiciones de métricasRead metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read Lee métricasRead metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de Cosmos DBCosmos DB Operator

Permite administrar las cuentas de Azure Cosmos DB, pero no acceder a los datos que contienen.Lets you manage Azure Cosmos DB accounts, but not access data in them. Evita el acceso a las claves de cuenta y a las cadenas de conexión.Prevents access to account keys and connection strings. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Combina un recurso como una cuenta de almacenamiento o una instancia de SQL Database con una subred.Joins resource such as storage account or SQL database to a subnet. No genera alertas.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Puede enviar una solicitud de restauración para una base de datos de Cosmos DB o un contenedor de una cuenta. Más informaciónCan submit restore request for a Cosmos DB database or a container for an account Learn more

AccionesActions DescripciónDescription
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action Envía una solicitud para configurar la copia de seguridad.Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action Envía una solicitud de restauración.Submit a restore request
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperatorCosmosRestoreOperator

Puede realizar una acción de restauración en la cuenta de la base de datos de Cosmos DB con el modo de copia de seguridad continuaCan perform restore action for Cosmos DB database account with continuous backup mode

AccionesActions DescripciónDescription
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/actionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action Envía una solicitud de restauración.Submit a restore request
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read Lee una cuenta de base de datos restaurable o enumera todas las cuentas de base de datos restaurables.Read a restorable database account or List all the restorable database accounts
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de cuenta de DocumentDBDocumentDB Account Contributor

Puede administrar cuentas de Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB se llamaba anteriormente DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Crear y administrar cuentas de Azure Cosmos DBCreate and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Combina un recurso como una cuenta de almacenamiento o una instancia de SQL Database con una subred.Joins resource such as storage account or SQL database to a subnet. No genera alertas.Not alertable.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de la memoria caché de RedisRedis Cache Contributor

Permite administrar cachés de Redis, pero no acceder a ellas.Lets you manage Redis caches, but not access to them.

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Cache/register/actionMicrosoft.Cache/register/action Registra el proveedor de recursos "Microsoft.Cache" con una suscripciónRegisters the 'Microsoft.Cache' resource provider with a subscription
Microsoft.Cache/redis/*Microsoft.Cache/redis/* Crear y administrar memorias caché de RedisCreate and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Base de datos de SQLSQL DB Contributor

Permite administrar las bases de datos de SQL, pero no acceder a ellas.Lets you manage SQL databases, but not access to them. Además, no puede administrar sus directivas relacionadas con la seguridad ni los servidores SQL primarios.Also, you can't manage their security-related policies or their parent SQL servers. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* Crear y administrar bases de datos SQLCreate and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Devuelve la lista de servidores u obtiene las propiedades de un servidor específico.Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lee métricasRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lee definiciones de métricasRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Edita la configuración de auditoríaEdit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Recupera los registros de auditoría de blobs de bases de datosRetrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Edita directivas de enmascaramientoEdit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Edita las directivas de alerta de seguridadEdit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Edita las métricas de seguridadEdit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Instancia administrada de SQLSQL Managed Instance Contributor

Permite administrar Instancias administradas de SQL y la configuración de red necesaria, pero no puede conceder acceso a otros usuarios.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

AccionesActions DescripciónDescription
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lee métricasRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lee definiciones de métricasRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/deleteMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete Elimina solo el objeto de autenticación de un servidor administrado específico de Azure Active Directory.Deletes a specific managed server Azure Active Directory only authentication object
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/writeMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write Agrega o actualiza solo el objeto de autenticación de un servidor administrado específico de Azure Active Directory.Adds or updates a specific managed server Azure Active Directory only authentication object
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de seguridad SQLSQL Security Manager

Permite administrar las directivas relacionadas con seguridad de bases de datos y servidores SQL, pero no acceder a ellas.Lets you manage the security-related policies of SQL servers and databases, but not access to them. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Combina un recurso como una cuenta de almacenamiento o una instancia de SQL Database con una subred.Joins resource such as storage account or SQL database to a subnet. No genera alertas.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read Obtiene el resultado de las operaciones de administrador asincrónico de Azure de instancia administrada.Gets the Managed instance azure async administrator operations result.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Crear y administrar configuración de auditoría de SQL ServerCreate and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read Recupera los detalles de la directiva de auditoría de blobs del servidor extendido que está configurada en un servidor determinado.Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Crear y administrar configuración de auditoría de bases de datos de SQL ServerCreate and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Recupera los registros de auditoría de blobs de bases de datosRetrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Crear y administrar directivas de enmascaramiento de datos de bases de datos de SQL ServerCreate and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read Recupera los detalles de la directiva de auditoría de blobs extendida y configurada en una base de datos determinada.Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read Devuelve la lista de bases de datos u obtiene las propiedades de una base de datos específica.Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read Obtiene un esquema de la base de datos.Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read Obtiene una columna de la base de datos.Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read Obtiene una tabla de la base de datos.Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Crear y administrar directivas de alerta de seguridad de bases de datos de SQL ServerCreate and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Crear y administrar métricas de seguridad de bases de datos de SQL ServerCreate and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Devuelve la lista de servidores u obtiene las propiedades de un servidor específico.Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Crear y administrar directivas de alerta de seguridad de SQL ServerCreate and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
Microsoft.Sql/managedInstances/readMicrosoft.Sql/managedInstances/read Devuelve la lista de instancias administradas u obtiene las propiedades de una instancia administrada específica.Return the list of managed instances or gets the properties for the specified managed instance.
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft.Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/*
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de SQL ServerSQL Server Contributor

Permite administrar bases de datos y servidores SQL, pero no acceder a ellos, ni a sus directivas relacionadas con la seguridad.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* Crear y administrar servidores de SQL ServerCreate and manage SQL servers
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lee métricasRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lee definiciones de métricasRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Edita la configuración de auditoría de SQL ServerEdit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Edita la configuración de auditoría de bases de datos de SQL ServerEdit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Recupera los registros de auditoría de blobs de bases de datosRetrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Edita las directivas de enmascaramiento de datos de bases de datos de SQL ServerEdit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Edita las directivas de alerta de seguridad de bases de datos de SQL ServerEdit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Edita las métricas de seguridad de bases de datos de SQL ServerEdit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Edita las directivas de alerta de seguridad de SQL ServerEdit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete Elimina solo el objeto de autenticación de un servidor específico de Azure Active Directory.Deletes a specific server Azure Active Directory only authentication object
Microsoft.Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write Agrega o actualiza solo el objeto de autenticación de un servidor específico de Azure Active Directory.Adds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnálisisAnalytics

Propietario de los datos de Azure Event HubsAzure Event Hubs Data Owner

Concede acceso total a los recursos de Azure Event Hubs.Allows for full access to Azure Event Hubs resources. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Receptor de datos de Azure Event HubsAzure Event Hubs Data Receiver

Concede acceso de recepción a los recursos de Azure Event Hubs.Allows receive access to Azure Event Hubs resources. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Emisor de datos de Azure Event HubsAzure Event Hubs Data Sender

Concede acceso de emisión a los recursos de Azure Event Hubs.Allows send access to Azure Event Hubs resources. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Factoría de datosData Factory Contributor

Crea y administra factorías de datos, así como recursos secundarios dentro de ellas.Create and manage data factories, as well as child resources within them. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Crear y administrar factorías de datos y recursos secundarios dentro de ellos.Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* Crear y administrar factorías de datos y recursos secundarios dentro de ellos.Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write Crea o actualiza una suscripción a eventos.Create or update an eventSubscription
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Purgador de datosData Purger

Puede purgar datos de análisis. Más informaciónCan purge analytics data Learn more

AccionesActions DescripciónDescription
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action Purga datos de Application Insights.Purging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Consulta datos de Log Analytics.View log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action Elimina los datos especificados del área de trabajo.Delete specified data from workspace
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de clústeres de HDInsightHDInsight Cluster Operator

Permite leer y modificar las configuraciones de clúster de HDInsight.Lets you read and modify HDInsight cluster configurations. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action Obtiene la configuración de puerta de enlace para el clúster de HDInsight.Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action Actualiza la configuración de puerta de enlace para el clúster de HDInsight.Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtiene o enumera las operaciones de implementación.Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Domain Services para HDInsightHDInsight Domain Services Contributor

Puede leer, crear, modificar y eliminar operaciones relacionadas con Domain Services para HDInsight Enterprise Security Package. Más informaciónCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

AccionesActions DescripciónDescription
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Log AnalyticsLog Analytics Contributor

Un colaborador de Log Analytics puede leer todos los datos de supervisión y editar la configuración de supervisión.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La edición de la configuración de supervisión incluye la posibilidad de añadir la extensión de máquina virtual a las máquinas virtuales, leer las claves de las cuentas de almacenamiento para poder configurar la recopilación de registros de Azure Storage, crear y configurar cuentas de Automation, añadir soluciones y configurar Azure Diagnostics en todos los recursos de Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. Más informaciónLearn more

AccionesActions DescripciónDescription
*/read*/read Leer recursos de todos los tipos, excepto secretos.Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Enumera las claves de acceso de las cuentas de almacenamiento.Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Instala o actualiza las extensiones de Azure Arc.Installs or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crea, actualiza o lee la configuración de diagnóstico de Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Devuelve las claves de acceso de la cuenta de almacenamiento especificada.Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de Log AnalyticsLog Analytics Reader

Un lector de Log Analytics puede ver y buscar todos los datos de supervisión, así como consultar la configuración de supervisión, incluida la de Azure Diagnostics en todos los recursos de Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. Más informaciónLearn more

AccionesActions DescripciónDescription
*/read*/read Leer recursos de todos los tipos, excepto secretos.Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Realiza búsquedas mediante el nuevo motor.Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Ejecuta una consulta de búsquedaExecutes a search query
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read Recupera las claves compartidas del área de trabajo.Retrieves the shared keys for the workspace. Estas claves se utilizan para conectar los agentes de Microsoft Operational Insights al área de trabajo.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Conservador de datos de PurviewPurview Data Curator

El conservador de datos de Microsoft.Purview puede crear, leer, modificar y eliminar objetos de datos del catálogo y establecer relaciones entre objetos.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change.

AccionesActions DescripciónDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lea el recurso de cuenta del proveedor de Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read Lea objetos de datos.Read data objects.
Microsoft.Purview/accounts/data/writeMicrosoft.Purview/accounts/data/write Cree, actualice y elimine objetos de datos.Create, update and delete data objects.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de datos de PurviewPurview Data Reader

El lector de datos de Microsoft.Purview puede leer objetos de datos del catálogo.The Microsoft.Purview data reader can read catalog data objects. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change.

AccionesActions DescripciónDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lea el recurso de cuenta del proveedor de Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read Lea objetos de datos.Read data objects.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de orígenes de datos de PurviewPurview Data Source Administrator

El administrador de orígenes de datos de Microsoft.Purview puede administrar orígenes de datos y análisis de datos.The Microsoft.Purview data source administrator can manage data sources and data scans. Este rol está en versión preliminar y está sujeto a cambios.This role is in preview and subject to change.

AccionesActions DescripciónDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lea el recurso de cuenta del proveedor de Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Purview/accounts/scan/readMicrosoft.Purview/accounts/scan/read Lea análisis y orígenes de datos.Read data sources and scans.
Microsoft.Purview/accounts/scan/writeMicrosoft.Purview/accounts/scan/write Cree, actualice y elimine orígenes de datos, y administre exámenes.Create, update and delete data sources and manage scans.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador del registro de esquemas (versión preliminar)Schema Registry Contributor (Preview)

Leer, escribir y eliminar esquemas y grupos del registro de esquemas.Read, write, and delete Schema Registry groups and schemas.

AccionesActions DescripciónDescription
Microsoft.EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector del registro de esquemas (versión preliminar)Schema Registry Reader (Preview)

Leer y enumerar grupos y esquemas del registro de esquemas.Read and list Schema Registry groups and schemas.

AccionesActions DescripciónDescription
Microsoft.EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read Obtiene una lista de descripciones de recursos de SchemaGroupGet list of SchemaGroup Resource Descriptions
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read Recuperación de esquemasRetrieve schemas
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BlockchainBlockchain

Acceso al nodo de miembro de la cadena de bloques (versión preliminar)Blockchain Member Node Access (Preview)

Permite acceder a los nodos de miembro de la cadena de bloques. Más informaciónAllows for access to Blockchain Member nodes Learn more

AccionesActions DescripciónDescription
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read Obtiene o enumera los nodos de transacción de miembro de la cadena de bloques existentes.Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action Se conecta a un nodo de transacción de miembro de la cadena de bloques.Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Inteligencia artificial y aprendizaje automáticoAI + machine learning

Colaborador de Cognitive ServicesCognitive Services Contributor

Le permite crear, leer, actualizar, eliminar y administrar las claves de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Leer roles y asignaciones de rolesRead roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read Obtiene las características de una suscripción.Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read Obtiene la característica de una suscripción de un proveedor de recursos determinado.Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Creación y administración de una alerta de métricas clásicaCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crea, actualiza o lee la configuración de diagnóstico de Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Lee definiciones de registroRead log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Lee definiciones de métricasRead metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lee métricasRead metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificadoGets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Creación y administración de una implementaciónCreate and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtiene o enumera las operaciones de implementación.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtiene los resultados de la operación de suscripción.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtiene la lista de suscripciones.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtiene o enumera los grupos de recursos.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Creación y actualización de una incidencia de soporte técnicoCreate and update a support ticket
NotActionsNotActions
Ningunanone
DataActionsDataActions
Ningunanone
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Contributor

Acceso completo al proyecto, lo que incluye la capacidad para ver, crear, editar o eliminar proyectos.Full access to the project, including the ability to view, create, edit, or delete projects. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActionsNotDataActions
Ningunanone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Implementación de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Deployment

Publicar, anular publicaciones o exportar modelos.Publish, unpublish or export models. La implementación puede ver el proyecto pero no puede actualizarlo.Deployment can view the project but can't update. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Microsoft.CognitiveServices/accounts/CustomVision/classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Microsoft.CognitiveServices/accounts/CustomVision/detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActionsNotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read Exporta un proyecto.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Etiquetador de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Labeler

Ver y editar imágenes de entrenamiento, además de crear, agregar, quitar o eliminar etiquetas de imágenes.View, edit training images and create, add, remove, or delete the image tags. Los etiquetadores pueden ver el proyecto, pero no pueden actualizar nada más que las imágenes y etiquetas de entrenamiento.Labelers can view the project but can't update anything other than training images and tags. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action Obtiene las imágenes que se enviaron al punto de conexión de predicción.Get images that were sent to your prediction endpoint.
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action Esta API obtendrá etiquetas y regiones sugeridas para una matriz o lote de imágenes sin etiquetar, junto con las confianzas de las etiquetas.This API will get suggested tags and regions for an array/batch of untagged images along with confidences for the tags. Devuelve una matriz vacía si no se encuentra ninguna etiqueta.It returns an empty array if no tags are found.
NotDataActionsNotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read Exporta un proyecto.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lector de Custom Vision de Cognitive ServicesCognitive Services Custom Vision Reader

Acciones de solo lectura en el proyecto.Read-only actions in the project. Los lectores no pueden crear ni actualizar el proyecto.Readers can't create or update the project. Más informaciónLearn more

AccionesActions DescripciónDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Ningunanone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/read