Rôles intégrés Azure pour la gestion et la gouvernance
Cet article répertorie les rôles intégrés Azure dans la catégorie Gestion et gouvernance.
Contributeur Automation
Permet de gérer les ressources Azure Automation et d’autres ressources en utilisant Azure Automation.
Actions | Description |
---|---|
Microsoft.Automation/automationAccounts/* | |
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
Microsoft.Insights/ActionGroups/* | |
Microsoft.Insights/ActivityLogAlerts/* | |
Microsoft.Insights/MetricAlerts/* | |
Microsoft.Insights/ScheduledQueryRules/* | |
Microsoft.Insights/diagnosticSettings/* | Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server. |
Microsoft.OperationalInsights/workspaces/sharedKeys/action | Récupère les clés partagées de l’espace de travail. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de travaux Automation
Permet de créer et de gérer des travaux avec des runbooks Automation.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | Lit un groupe de Runbooks Workers hybrides |
Microsoft.Automation/automationAccounts/jobs/read | Obtient un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/resume/action | Reprend un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/stop/action | Arrête un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/streams/read | Obtient un flux de travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/suspend/action | Suspend un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/write | Crée un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/output/read | Obtient le résultat d’un travail |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur Automation
Les opérateurs d’Automation sont en mesure de démarrer, d’arrêter, de suspendre et de reprendre des travaux
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | Lit un groupe de Runbooks Workers hybrides |
Microsoft.Automation/automationAccounts/jobs/read | Obtient un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/resume/action | Reprend un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/stop/action | Arrête un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/streams/read | Obtient un flux de travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/suspend/action | Suspend un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobs/write | Crée un travail Azure Automation |
Microsoft.Automation/automationAccounts/jobSchedules/read | Obtient une planification du travail Azure Automation |
Microsoft.Automation/automationAccounts/jobSchedules/write | Crée une planification du travail Azure Automation |
Microsoft.Automation/automationAccounts/linkedWorkspace/read | Obtient l’espace de travail lié au compte Automation. |
Microsoft.Automation/automationAccounts/read | Obtient un compte Azure Automation |
Microsoft.Automation/automationAccounts/runbooks/read | Obtient un runbook Azure Automation |
Microsoft.Automation/automationAccounts/schedules/read | Obtient une ressource de planification Azure Automation |
Microsoft.Automation/automationAccounts/schedules/write | Crée ou met à jour une ressource de planification Azure Automation |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Automation/automationAccounts/jobs/output/read | Obtient le résultat d’un travail |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de runbook Automation
Propriétés de lecture du runbook : pour pouvoir créer des travaux depuis le runbook.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Automation/automationAccounts/runbooks/read | Obtient un runbook Azure Automation |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Intégration de machine connectée à Azure
Peut intégrer des machines connectées à Azure.
Actions | Description |
---|---|
Microsoft.HybridCompute/machines/read | Lit des machines Azure Arc |
Microsoft.HybridCompute/machines/write | Écrit toutes les machines Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/read | Lit tous les privateLinkScopes Azure Arc |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Obtient l’attribution de la configuration des invités. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrateur des ressources de la machine connectée à Azure
Peut lire, écrire, supprimer et réintégrer des machines connectées à Azure.
Actions | Description |
---|---|
Microsoft.HybridCompute/machines/read | Lit des machines Azure Arc |
Microsoft.HybridCompute/machines/write | Écrit toutes les machines Azure Arc |
Microsoft.HybridCompute/machines/delete | Supprime toutes les machines Azure Arc |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Met à niveau les extensions sur les machines Azure Arc |
Microsoft.HybridCompute/machines/extensions/read | Lit toutes les extensions Azure Arc |
Microsoft.HybridCompute/machines/extensions/write | Installe ou met à jour toutes les extensions Azure Arc |
Microsoft.HybridCompute/machines/extensions/delete | Supprime toutes les extensions Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/* | |
Microsoft.HybridCompute/*/read | |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.HybridCompute/licenses/write | Installe ou Mises à jour une licence Azure Arc |
Microsoft.HybridCompute/licenses/delete | Supprime des licences Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Lit n’importe quelle licence Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | Installe ou Mises à jour une licence Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Supprime une licence Azure ArcProfiles |
Microsoft.HybridCompute/machines/runCommands/read | Lit toutes les commandes d’exécution Azure Arc |
Microsoft.HybridCompute/machines/runCommands/write | Installe ou Mises à jour des runcommandes Azure Arc |
Microsoft.HybridCompute/machines/runCommands/delete | Supprime des runcommandes Azure Arc |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/runCommands/read",
"Microsoft.HybridCompute/machines/runCommands/write",
"Microsoft.HybridCompute/machines/runCommands/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Gestionnaire des ressources Azure Connected Machine
Rôle personnalisé pour point de rétention AzureStackHCI pour gérer les machines de calcul hybrides et les points de terminaison de connectivité hybride dans un groupe de ressources
Actions | Description |
---|---|
Microsoft.HybridConnectivity/endpoints/read | Obtient le point de terminaison de la ressource. |
Microsoft.HybridConnectivity/endpoints/write | Mettez à jour le point de terminaison vers la ressource cible. |
Microsoft.Hybrid Connecter ivity/endpoints/serviceConfigurations/read | Obtient les détails du service à la ressource. |
Microsoft.Hybrid Connecter ivity/endpoints/serviceConfigurations/write | Mettez à jour les détails du service dans les configurations de service de la ressource cible. |
Microsoft.HybridCompute/machines/read | Lit des machines Azure Arc |
Microsoft.HybridCompute/machines/write | Écrit toutes les machines Azure Arc |
Microsoft.HybridCompute/machines/delete | Supprime toutes les machines Azure Arc |
Microsoft.HybridCompute/machines/extensions/read | Lit toutes les extensions Azure Arc |
Microsoft.HybridCompute/machines/extensions/write | Installe ou met à jour toutes les extensions Azure Arc |
Microsoft.HybridCompute/machines/extensions/delete | Supprime toutes les extensions Azure Arc |
Microsoft.HybridCompute/*/read | |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Met à niveau les extensions sur les machines Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Lit n’importe quelle licence Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/write | Installe ou Mises à jour une licence Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Supprime une licence Azure ArcProfiles |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Obtient l’attribution de la configuration des invités. |
Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
Microsoft.GuestConfiguration/guestConfigurationAssignments/write | Crée une nouvelle attribution de configuration des invités. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de facturation
Autorise l’accès en lecture aux données de facturation
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Billing/*/read | Lire les informations de facturation |
Microsoft.Commerce/*/read | |
Microsoft.Consumption/*/read | |
Microsoft.Management/managementGroups/read | Répertorie les groupes d’administration de l’utilisateur authentifié. |
Microsoft.CostManagement/*/read | |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur blueprint
Peut gérer les définitions blueprint, mais ne peut pas les affecter.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Blueprint/blueprints/* | Créer et gérer des définitions de blueprint ou des artefacts de blueprint. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur blueprint
Peut affecter des blueprints publiés existants, mais ne peut pas en créer de nouveaux. Notez que cela fonctionne uniquement si l’affectation est effectuée avec une identité managée affectée par l’utilisateur.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Blueprint/blueprintAssignments/* | Créer et gérer des affectations de blueprint |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur d’optimisation du carbone
Autoriser l’accès en lecture aux données Azure Carbon Optimization
Actions | Description |
---|---|
Microsoft.Carbon/carbonEmissionReports/action | API pour les rapports sur les émissions de carbone |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Cost Management
Peut afficher les coûts et gérer la configuration des coûts (par exemple, budgets, exportations)
Actions | Description |
---|---|
Microsoft.Consumption/* | |
Microsoft.CostManagement/* | |
Microsoft.Billing/billingPeriods/read | |
Microsoft.Resources/subscriptions/read | Obtient la liste des abonnements. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
Microsoft.Advisor/configurations/read | Obtenir des configurations |
Microsoft.Advisor/recommendations/read | Lit les recommandations |
Microsoft.Management/managementGroups/read | Répertorie les groupes d’administration de l’utilisateur authentifié. |
Microsoft.Billing/billingProperty/read | Obtient les propriétés de facturation d’un abonnement |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Cost Management
Peut afficher les données et la configuration des coûts (par exemple, budgets, exportations)
Actions | Description |
---|---|
Microsoft.Consumption/*/read | |
Microsoft.CostManagement/*/read | |
Microsoft.Billing/billingPeriods/read | |
Microsoft.Resources/subscriptions/read | Obtient la liste des abonnements. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
Microsoft.Advisor/configurations/read | Obtenir des configurations |
Microsoft.Advisor/recommendations/read | Lit les recommandations |
Microsoft.Management/managementGroups/read | Répertorie les groupes d’administration de l’utilisateur authentifié. |
Microsoft.Billing/billingProperty/read | Obtient les propriétés de facturation d’un abonnement |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrateur de paramètres de hiérarchie
Permet aux utilisateurs de modifier et de supprimer des paramètres de hiérarchie
Actions | Description |
---|---|
Microsoft.Management/managementGroups/settings/write | Crée ou met à jour les paramètres de hiérarchie de groupe d’administration. |
Microsoft.Management/managementGroups/settings/delete | Supprime les paramètres de hiérarchie de groupe d’administration. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle Contributeur d'application managée
Permet de créer des ressources d’application managées.
Actions | Description |
---|---|
*/read | Lire les ressources de tous les types, à l’exception des secrets. |
Microsoft.Solutions/applications/* | |
Microsoft.Solutions/register/action | Inscrire l’abonnement pour Microsoft.Solutions |
Microsoft.Resources/subscriptions/resourceGroups/* | |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle opérateur d’application managée
Permet de lire les ressources d’application managée et d’effectuer des actions sur ces ressources.
Actions | Description |
---|---|
*/read | Lire les ressources de tous les types, à l’exception des secrets. |
Microsoft.Solutions/applications/read | Répertorie toutes les applications au sein d’un abonnement. |
Microsoft.Solutions/*/action | |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Applications managées
Vous permet de lire les ressources dans une application managée et de demander un accès JIT.
Actions | Description |
---|---|
*/read | Lire les ressources de tous les types, à l’exception des secrets. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Solutions/jitRequests/* | |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Suppression du rôle d’attribution d’inscription de services managé
La suppression du rôle d’attribution d’inscription de services managés permet aux utilisateurs du client gérant de supprimer l’attribution d’inscription assignée à leur locataire.
Actions | Description |
---|---|
Microsoft.ManagedServices/registrationAssignments/read | Récupère la liste des affectations d'inscription des services managés. |
Microsoft.ManagedServices/registrationAssignments/delete | Supprime l'affectation d'inscription des services managés. |
Microsoft.ManagedServices/operationStatuses/read | Lit l’état de l’opération pour la ressource. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Collaborateur du groupe d’administration
Rôle de collaborateur du groupe d’administration
Actions | Description |
---|---|
Microsoft.Management/managementGroups/delete | Supprime un groupe d’administration. |
Microsoft.Management/managementGroups/read | Répertorie les groupes d’administration de l’utilisateur authentifié. |
Microsoft.Management/managementGroups/subscriptions/delete | Dissocie un abonnement du groupe d’administration. |
Microsoft.Management/managementGroups/subscriptions/write | Associe un abonnement existant au groupe d’administration. |
Microsoft.Management/managementGroups/write | Crée ou met à jour un groupe d’administration. |
Microsoft.Management/managementGroups/subscriptions/read | Répertorie les abonnements associés au groupe d'administration donné |
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur du groupe d’administration
Rôle de lecteur du groupe d’administration
Actions | Description |
---|---|
Microsoft.Management/managementGroups/read | Répertorie les groupes d’administration de l’utilisateur authentifié. |
Microsoft.Management/managementGroups/subscriptions/read | Répertorie les abonnements associés au groupe d'administration donné |
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de compte NewRelic APM
Vous permet de gérer des comptes et applications New Relic Application Performance Management, mais pas d’y accéder.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NewRelic.APM/accounts/* | |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Policy Insights Data Writer (préversion)
Permet de lire les stratégies de ressources et d’écrire les événements de stratégie de composant de ressource.
Actions | Description |
---|---|
Microsoft.Authorization/policyassignments/read | Obtenez des informations sur une affectation de stratégie. |
Microsoft.Authorization/policydefinitions/read | Obtenez des informations sur une définition de stratégie. |
Microsoft.Authorization/policyexemptions/read | Obtenir des informations sur une exemption de stratégie. |
Microsoft.Authorization/policysetdefinitions/read | Obtient des informations sur une définition d’ensemble de stratégies |
NotActions | |
aucune | |
DataActions | |
Microsoft.PolicyInsights/checkDataPolicyCompliance/action | Vérifie l’état de conformité d’un composant donné par rapport aux stratégies de données. |
Microsoft.PolicyInsights/policyEvents/logDataEvents/action | Journalise les événements de stratégie de composant de ressource. |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de requête de quota
Lisez et créez des requêtes de quota, obtenez l’état de la requête de quota et créez des tickets de support.
Actions | Description |
---|---|
Microsoft.Capacity/resourceProviders/locations/serviceLimits/read | Obtenir la limite du service actuel, ou le quota de la ressource et de l’emplacement spécifiés |
Microsoft.Capacity/resourceProviders/locations/serviceLimits/write | Créer une limite du service actuel, ou un quota pour la ressource et l’emplacement spécifiés |
Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read | Obtenir les demandes de limite du service pour la ressource et l’emplacement spécifiés |
Microsoft.Capacity/register/action | Inscrit le fournisseur de ressources de capacité et active la création de ressources de capacité. |
Microsoft.Quota/usages/read | Obtenir les utilisations pour les fournisseurs de ressources |
Microsoft.Quota/quotas/read | Obtenir la limite du service actuel ou le quota de la ressource spécifiée |
Microsoft.Quota/quotas/write | Crée la limite de service ou la demande de quota pour la ressource spécifiée |
Microsoft.Quota/quotaRequests/read | Obtenir les demandes de limite du service pour la ressource spécifiée |
Microsoft.Quota/register/action | Inscrire l’abonnement auprès du fournisseur de ressources Microsoft.Quota |
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Acheteur de réservation
Vous permet d’acheter des réservations
Actions | Description |
---|---|
Microsoft.Authorization/roleAssignments/read | Obtenez des informations sur une affectation de rôle. |
Microsoft.Capacity/catalogs/read | Lire le catalogue de réservation |
Microsoft.Capacity/register/action | Inscrit le fournisseur de ressources de capacité et active la création de ressources de capacité. |
Microsoft.Compute/register/action | Inscrit l’abonnement auprès du fournisseur de ressources Microsoft.Compute |
Microsoft.Consumption/register/action | S’inscrire auprès d’un fournisseur de ressources de consommation |
Microsoft.Consumption/reservationRecommendationDetails/read | Répertorier les détails de la recommandation de réservation |
Microsoft.Consumption/reservationRecommendations/read | Répertorie les recommandations uniques ou partagées pour les instances réservées concernant un abonnement. |
Microsoft.Resources/subscriptions/read | Obtient la liste des abonnements. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.SQL/register/action | Inscrit l’abonnement pour le fournisseur de ressources Microsoft SQL Database et permet la création de bases de données Microsoft SQL. |
Microsoft.Support/supporttickets/write | Permet de créer et de mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrateur de réservations
Permet de lire et de gérer toutes les réservations dans un locataire
Actions | Description |
---|---|
Microsoft.Capacity/*/read | |
Microsoft.Capacity/*/action | |
Microsoft.Capacity/*/write | |
Microsoft.Authorization/roleAssignments/read | Obtenez des informations sur une affectation de rôle. |
Microsoft.Authorization/roleDefinitions/read | Obtenez des informations sur une définition de rôle. |
Microsoft.Authorization/roleAssignments/write | Créez une affectation de rôle au niveau de la portée spécifiée. |
Microsoft.Authorization/roleAssignments/delete | Supprimez une affectation de rôle au niveau de la portée spécifiée. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read and manage all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8889054-8d42-49c9-bc1c-52486c10e7cd",
"name": "a8889054-8d42-49c9-bc1c-52486c10e7cd",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Capacity/*/action",
"Microsoft.Capacity/*/write",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de réservations
Permet de lire toutes les réservations dans un locataire
Actions | Description |
---|---|
Microsoft.Capacity/*/read | |
Microsoft.Authorization/roleAssignments/read | Obtenez des informations sur une affectation de rôle. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de la stratégie de ressource
Utilisateurs dotés de droits pour créer ou modifier une stratégie de ressource, créer un ticket de support et lire des ressources ou la hiérarchie.
Actions | Description |
---|---|
*/read | Lire les ressources de tous les types, à l’exception des secrets. |
Microsoft.Authorization/policyassignments/* | Créer et gérer des attributions de stratégies |
Microsoft.Authorization/policydefinitions/* | Créer et gérer des définitions de stratégies |
Microsoft.Authorization/policyexemptions/* | Créer et gérer des exemptions de stratégie |
Microsoft.Authorization/policysetdefinitions/* | Créer et gérer des ensembles de stratégies |
Microsoft.PolicyInsights/* | |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de mise à jour corrective planifiée
Fournit l’accès à la gestion des configurations de maintenance avec l’étendue de maintenance InGuestPatch et les affectations de configuration correspondantes
Actions | Description |
---|---|
Microsoft.Maintenance/maintenanceConfigurations/read | Lire la configuration de la maintenance. |
Microsoft.Maintenance/maintenanceConfigurations/write | Créez ou mettez à jour la configuration de maintenance. |
Microsoft.Maintenance/maintenanceConfigurations/delete | Supprimez la configuration de maintenance. |
Microsoft.Maintenance/configurationAssignments/read | Lire l’affectation de configuration de maintenance. |
Microsoft.Maintenance/configurationAssignments/write | Créez ou mettez à jour l’affectation de configuration de maintenance. |
Microsoft.Maintenance/configurationAssignments/delete | Supprimez l’affectation de configuration de maintenance. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | Lire l’attribution de configuration de maintenance pour l’étendue de maintenance InGuestPatch. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | Créez ou mettez à jour une affectation de configuration de maintenance pour l’étendue de maintenance InGuestPatch. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | Supprimez l’attribution de configuration de maintenance pour l’étendue de maintenance InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | Lisez la configuration de la maintenance pour l’étendue de maintenance InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | Créez ou mettez à jour une configuration de maintenance pour l’étendue de maintenance InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | Supprimez la configuration de maintenance pour l’étendue de maintenance InGuestPatch. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Site Recovery
Permet de gérer le service Site Recovery sauf la création de coffre et l’attribution de rôle
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel. |
Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp est une opération interne utilisée par le service. |
Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp est une opération interne utilisée par le service. |
Microsoft.RecoveryServices/Vaults/certificates/write | L’opération de mise à jour de certificat de ressource met à jour le certificat d’identification du coffre/de la ressource. |
Microsoft.RecoveryServices/Vaults/extendedInformation/* | Créer et gérer des informations étendues associées au coffre |
Microsoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ». |
Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Créer et gérer les identités inscrites |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | Créer ou mettre à jour les paramètres d’alerte de réplication |
Microsoft.RecoveryServices/vaults/replicationEvents/read | Lire des événements. |
Microsoft.RecoveryServices/vaults/replicationFabrics/* | Créer et gérer des structures de réplication |
Microsoft.RecoveryServices/vaults/replicationJobs/* | Créer et gérer des travaux de réplication |
Microsoft.RecoveryServices/vaults/replicationPolicies/* | Créer et gérer des stratégies de réplication |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | Créer et gérer des plans de récupération |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/* | |
Microsoft.RecoveryServices/Vaults/storageConfig/* | Créer et gérer la configuration de stockage du coffre Recovery Services |
Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
Microsoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services. |
Microsoft.RecoveryServices/Vaults/vaultTokens/read | L’opération de jeton de coffre peut être utilisée pour obtenir un jeton de coffre pour les opérations de serveur principal au niveau du coffre. |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Lire les alertes pour le coffre Recovery Services |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
Microsoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié. |
Microsoft.RecoveryServices/vaults/replicationOperationStatus/read | Lit tout état de l’opération de réplication du coffre |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur Site Recovery
Permet de basculer et de restaurer mais pas d’effectuer d’autres opérations de gestion de Site Recovery
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel. |
Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp est une opération interne utilisée par le service. |
Microsoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp est une opération interne utilisée par le service. |
Microsoft.RecoveryServices/Vaults/extendedInformation/read | L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ». |
Microsoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ». |
Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone. |
Microsoft.RecoveryServices/Vaults/registeredIdentities/read | L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource. |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | Lire des paramètres d’alertes. |
Microsoft.RecoveryServices/vaults/replicationEvents/read | Lire des événements. |
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | Vérifie la cohérence de la structure. |
Microsoft.RecoveryServices/vaults/replicationFabrics/read | Lire des structures. |
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | Réassocier une passerelle. |
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | Renouveler le certificat pour Fabric |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | Lire des réseaux. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | Lire des mappages réseau. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | Lire des conteneurs de protection. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | Lire des éléments pouvant être protégés. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | Appliquer un point de récupération. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | Validation du basculement. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | Basculement planifié. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | Lire des éléments protégés. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | Lire des points de récupération de réplication. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | Réparer la réplication. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | Reprotéger l’élément protégé. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | Basculer un conteneur de protection. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | Test Failover |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | Nettoyage de basculement test. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | Basculement |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | Mettre à jour le service Mobilité. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | Lire des mappages de conteneurs de protection. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | Lire des fournisseurs Recovery Services. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | Actualiser un fournisseur. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | Lire des classifications de stockage. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | Lire des mappages de classifications de stockage. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | Lire des serveurs vCenter. |
Microsoft.RecoveryServices/vaults/replicationJobs/* | Créer et gérer des travaux de réplication |
Microsoft.RecoveryServices/vaults/replicationPolicies/read | Lire des stratégies. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | Plan de récupération de validation de basculement. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | Plan de récupération de basculement planifié. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | Lire des plans de récupération. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | Reprotéger le plan de récupération. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | Plan de récupération de basculement test. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | Plan de récupération de nettoyage de basculement test. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | Plan de récupération de basculement. |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Lire tout |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Lire les alertes pour le coffre Recovery Services |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
Microsoft.RecoveryServices/Vaults/storageConfig/read | |
Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
Microsoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services. |
Microsoft.RecoveryServices/Vaults/vaultTokens/read | L’opération de jeton de coffre peut être utilisée pour obtenir un jeton de coffre pour les opérations de serveur principal au niveau du coffre. |
Microsoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Site Recovery
Permet d’afficher l’état de Site Recovery mais pas d’effectuer d’autres opérations de gestion
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp est une opération interne utilisée par le service. |
Microsoft.RecoveryServices/Vaults/extendedInformation/read | L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ». |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/read | Obtient les alertes pour le coffre Recovery Services. |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
Microsoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ». |
Microsoft.RecoveryServices/Vaults/refreshContainers/read | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone. |
Microsoft.RecoveryServices/Vaults/registeredIdentities/read | L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource. |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/read | Lire des paramètres d’alertes. |
Microsoft.RecoveryServices/vaults/replicationEvents/read | Lire des événements. |
Microsoft.RecoveryServices/vaults/replicationFabrics/read | Lire des structures. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | Lire des réseaux. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | Lire des mappages réseau. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | Lire des conteneurs de protection. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | Lire des éléments pouvant être protégés. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | Lire des éléments protégés. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | Lire des points de récupération de réplication. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | Lire des mappages de conteneurs de protection. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | Lire des fournisseurs Recovery Services. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | Lire des classifications de stockage. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | Lire des mappages de classifications de stockage. |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | Lire des serveurs vCenter. |
Microsoft.RecoveryServices/vaults/replicationJobs/read | Lire des travaux. |
Microsoft.RecoveryServices/vaults/replicationPolicies/read | Lire des stratégies. |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read | Lire des plans de récupération. |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Lire tout |
Microsoft.RecoveryServices/Vaults/storageConfig/read | |
Microsoft.RecoveryServices/Vaults/tokenInfo/read | |
Microsoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services. |
Microsoft.RecoveryServices/Vaults/vaultTokens/read | L’opération de jeton de coffre peut être utilisée pour obtenir un jeton de coffre pour les opérations de serveur principal au niveau du coffre. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de demande de support
Permet de créer et de gérer des demandes de support
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur d’étiquette
Vous permet de gérer les étiquettes sur les entités, sans fournir l’accès aux entités elles-mêmes.
Actions | Description |
---|---|
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
Microsoft.Resources/subscriptions/resourceGroups/resources/read | Obtient les ressources du groupe de ressources. |
Microsoft.Resources/subscriptions/resources/read | Obtient les ressources d’un abonnement. |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
Microsoft.Support/* | Créer et mettre à jour un ticket de support |
Microsoft.Resources/tags/* | |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de spécifications de modèle
Autorise l’accès complet aux opérations de spécification de modèle au niveau de l’étendue affectée.
Actions | Description |
---|---|
Microsoft.Resources/templateSpecs/* | Créer et gérer des spécifications de modèle et des versions de spécifications de modèle |
Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de spécifications de modèle
Autorise l’accès en lecture aux spécifications de modèle au niveau de l’étendue affectée.
Actions | Description |
---|---|
Microsoft.Resources/templateSpecs/*/read | Obtenir ou répertorier les spécifications des modèles et les versions des spécifications de modèle |
NotActions | |
aucune | |
DataActions | |
aucune | |
NotDataActions | |
aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}