Roles integrados de Azure para Monitor
En este artículo se enumeran los roles integrados de Azure en la categoría Supervisión.
Colaborador de componentes de Application Insights
Puede administrar los componentes de Application Insights
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Crear y administrar reglas de alertas clásicas |
| Microsoft.Insights/generateLiveToken/read | Obtención del token de las métricas en vivo |
| Microsoft.Insights/metricAlerts/* | Crear y administrar nuevas reglas de alertas |
| Microsoft.Insights/components/* | Crear y administrar componentes de Insights |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/topology/read | Leer topología |
| Microsoft.Insights/transactions/read | Leer transacciones |
| Microsoft.Insights/webtests/* | Crear y administrar pruebas web de Insights |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtiene los estados de disponibilidad de todos los recursos en el ámbito especificado |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/generateLiveToken/read",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/topology/read",
"Microsoft.Insights/transactions/read",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Depurador de instantáneas de Application Insights
Concede permiso al usuario para ver y descargar las instantáneas de depuración que se recopilan con Snapshot Debugger de Application Insights. Tenga en cuenta que estos permisos no se incluyen en los roles Propietario ni Colaborador. Si concede el rol Depurador de instantáneas de Application Insights a los usuarios, debe concederlo directamente al usuario. El rol no se reconoce cuando se agrega a un rol personalizado.
| Acciones | Descripción |
|---|---|
| Microsoft.Authorization/*/read | Leer roles y asignaciones de roles |
| Microsoft.Insights/alertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/components/*/read | |
| Microsoft.Resources/deployments/* | Creación y administración de una implementación |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de Grafana
Realice todas las operaciones de Grafana, incluida la capacidad de administrar orígenes de datos, crear paneles y administrar asignaciones de roles en Grafana.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafana Administración/action | Actuar como rol de Administración de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana admin role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41",
"name": "22926164-76b3-42b3-bc55-97df8dab3e41",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Editor de Grafana
Vea y edite una instancia de Grafana, incluidos sus paneles y alertas.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action | Actuar como rol de editor de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Editor role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f",
"name": "a79a5197-3a5c-4973-a920-486035ffd60f",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaEditor/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Editor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de Grafana
Vea una instancia de Grafana, incluidos sus paneles y alertas.
| Acciones | Descripción |
|---|---|
| none | |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action | Actuar como rol de visor de Grafana |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Built-in Grafana Viewer role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769",
"name": "60921a7e-fef1-4a43-9b16-a26c52ad4769",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Dashboard/grafana/ActAsGrafanaViewer/action"
],
"notDataActions": []
}
],
"roleName": "Grafana Viewer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de supervisión
Puede leer todos los datos de supervisión y editar la configuración de supervisión. Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.AlertsManagement/alerts/* | |
| Microsoft.AlertsManagement/alertsSummary/* | |
| Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/* | Creación y administración de una alerta de métricas clásica |
| Microsoft.Insights/components/* | Crear y administrar componentes de Insights |
| Microsoft.Insights/createNotifications/* | |
| Microsoft.Insights/dataCollectionEndpoints/* | |
| Microsoft.Insights/dataCollectionRules/* | |
| Microsoft.Insights/dataCollectionRuleAssociations/* | |
| Microsoft.Insights/DiagnosticSettings/* | Crea, actualiza o lee la configuración de diagnóstico de Analysis Server. |
| Microsoft.Insights/eventtypes/* | Enumerar eventos del registro de actividades (eventos de administración) de una suscripción. Este permiso es aplicable para el acceso mediante programación y mediante el portal al registro de actividades. |
| Microsoft.Insights/LogDefinitions/* | Este permiso es necesario para los usuarios que necesitan acceder a registros de actividades a través del portal. Enumere las categorías de registro del registro de actividad. |
| Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/* | Leer definiciones de métrica (lista de tipos de métricas disponibles para un recurso). |
| Microsoft.Insights/Metrics/* | Leer las métricas de un recurso. |
| Microsoft.Insights/notificationStatus/* | |
| Microsoft.Insights/Register/Action | Registra el proveedor de Microsoft Insights. |
| Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/* | Crear y administrar pruebas web de Insights |
| Microsoft.Insights/workbooks/* | |
| Microsoft.Insights/workbooktemplates/* | |
| Microsoft.Insights/privateLinkScopes/* | |
| Microsoft.Insights/privateLinkScopeOperationStatuses/* | |
| Microsoft.OperationalInsights/workspaces/write | Crea una nueva área de trabajo o vincula a un área de trabajo que ya existe proporcionando el identificador de cliente de esta. |
| Microsoft.OperationalInsights/workspaces/intelligencepacks/* | Lee, escribe o elimina paquetes de soluciones de Log Analytics. |
| Microsoft.OperationalInsights/workspaces/savedSearches/* | Lee, escribe o elimina búsquedas guardadas de Log Analytics. |
| Microsoft.OperationalInsights/workspaces/search/action | Ejecuta una consulta de búsqueda |
| Microsoft.OperationalInsights/workspaces/sharedKeys/action | Recupera las claves compartidas del área de trabajo. Estas claves se utilizan para conectar los agentes de Microsoft Operational Insights al área de trabajo. |
| Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* | Lee, escribe o elimina configuraciones de visión de almacenamiento de Log Analytics. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.AlertsManagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsManagement/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/* | |
| Microsoft.AlertsManagement/migrateFromSmartDetection/* | |
| Microsoft.AlertsManagement/investigations/* | |
| Microsoft.Monitor/investigations/* | |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/createNotifications/*",
"Microsoft.Insights/dataCollectionEndpoints/*",
"Microsoft.Insights/dataCollectionRules/*",
"Microsoft.Insights/dataCollectionRuleAssociations/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/notificationStatus/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/workbooktemplates/*",
"Microsoft.Insights/privateLinkScopes/*",
"Microsoft.Insights/privateLinkScopeOperationStatuses/*",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*",
"Microsoft.AlertsManagement/migrateFromSmartDetection/*",
"Microsoft.AlertsManagement/investigations/*",
"Microsoft.Monitor/investigations/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Supervisión del publicador de métricas
Permite publicar las métricas de los recursos de Azure.
| Acciones | Descripción |
|---|---|
| Microsoft.Insights/Register/Action | Registra el proveedor de Microsoft Insights. |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtiene o enumera los grupos de recursos. |
| NotActions | |
| none | |
| DataActions | |
| Microsoft.Insights/Metrics/Write | Escribe métricas. |
| Microsoft.Insights/Telemetry/Write | Escribe datos de telemetría. |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write",
"Microsoft.Insights/Telemetry/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de supervisión
Puede leer todos los datos de supervisión (métricas, registros, etc.). Consulte también Introducción a roles, permisos y seguridad con Azure Monitor.
| Acciones | Descripción |
|---|---|
| */read | Leer recursos de todos los tipos, excepto secretos. |
| Microsoft.OperationalInsights/workspaces/search/action | Ejecuta una consulta de búsqueda |
| Microsoft.Support/* | Creación y actualización de una incidencia de soporte técnico |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador de libros
Puede guardar los libros compartidos.
| Acciones | Descripción |
|---|---|
| Microsoft.Insights/workbooks/write | Crea o actualiza un libro. |
| Microsoft.Insights/workbooks/delete | Elimina un libro. |
| Microsoft.Insights/workbooks/read | Lee un libro. |
| Microsoft.Insights/workbooks/revisions/read | Obtiene las revisiones del libro |
| Microsoft.Insights/workbooktemplates/write | Crea o actualiza una plantilla de libro. |
| Microsoft.Insights/workbooktemplates/delete | Elimina una plantilla de libro. |
| Microsoft.Insights/workbooktemplates/read | Lee una plantilla de libro. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read",
"Microsoft.Insights/workbooks/revisions/read",
"Microsoft.Insights/workbooktemplates/write",
"Microsoft.Insights/workbooktemplates/delete",
"Microsoft.Insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lector de libros
Puede leer libros.
| Acciones | Descripción |
|---|---|
| microsoft.insights/workbooks/read | Lee un libro. |
| microsoft.insights/workbooks/revisions/read | Obtiene las revisiones del libro |
| microsoft.insights/workbooktemplates/read | Lee una plantilla de libro. |
| NotActions | |
| none | |
| DataActions | |
| none | |
| NotDataActions | |
| none |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read",
"microsoft.insights/workbooks/revisions/read",
"microsoft.insights/workbooktemplates/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}