Rôles intégrés Azure pour Analytics
Cet article répertorie les rôles intégrés Azure dans la catégorie Analytics.
Propriétaire de données Azure Event Hubs
Permet un accès complet aux ressources Azure Event Hubs.
| Actions | Description |
|---|---|
| Microsoft.EventHub/* | |
| NotActions | |
| aucune | |
| DataActions | |
| Microsoft.EventHub/* | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Récepteur de données Azure Event Hubs
Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.
| Actions | Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActions | |
| aucune | |
| DataActions | |
| Microsoft.EventHub/*/receive/action | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Expéditeur de données Azure Event Hubs
Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.
| Actions | Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/read | |
| NotActions | |
| aucune | |
| DataActions | |
| Microsoft.EventHub/*/send/action | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeurs de fabrique de données
Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.
| Actions | Description |
|---|---|
| Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
| Microsoft.DataFactory/dataFactories/* | Créer et gérer des fabriques de données ainsi que leurs ressources enfants |
| Microsoft.DataFactory/factories/* | Créer et gérer des fabriques de données ainsi que leurs ressources enfants |
| Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
| Microsoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée. |
| Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
| Microsoft.Support/* | Créer et mettre à jour un ticket de support |
| Microsoft.EventGrid/eventSubscriptions/write | Créer ou mettre à jour un abonnement à un événement |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Videur de données
Supprimez des données privées à partir d’un espace de travail Log Analytics.
| Actions | Description |
|---|---|
| Microsoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/action | Vider des données d’Application Insights |
| Microsoft.OperationalInsights/workspaces/*/read | Afficher les données Log Analytics |
| Microsoft.OperationalInsights/workspaces/purge/action | Supprimez les données spécifiées par requête de l’espace de travail. |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de cluster HDInsight
Permet de lire et de modifier des configurations de cluster HDInsight.
| Actions | Description |
|---|---|
| Microsoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/action | Obtenir les paramètres de passerelle pour un HDInsight Cluster |
| Microsoft.HDInsight/clusters/updateGatewaySettings/action | Mettre à jour les paramètres de passerelle pour un HDInsight Cluster |
| Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources. |
| Microsoft.Resources/deployments/operations/read | Obtient ou répertorie les opérations de déploiement. |
| Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
| Microsoft.Authorization/*/read | Lire les rôles et les affectations de rôles |
| Microsoft.Support/* | Créer et mettre à jour un ticket de support |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur HDInsight Domain Services
Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsight
| Actions | Description |
|---|---|
| Microsoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/* | |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Log Analytics
Peut lire toutes les données de surveillance et modifier les paramètres de surveillance. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.
| Actions | Description |
|---|---|
| */read | Lire les ressources de tous les types, à l’exception des secrets. |
| Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/action | Répertorie les clés d’accès des comptes de stockage. |
| Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/write | Installe ou met à jour toutes les extensions Azure Arc |
| Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classique |
| Microsoft.Insights/diagnosticSettings/* | Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server. |
| Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/* | Créer et gérer un déploiement |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/action | Retourne les clés d’accès au compte de stockage spécifié. |
| Microsoft.Support/* | Créer et mettre à jour un ticket de support |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Log Analytics
Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.
| Actions | Description |
|---|---|
| */read | Lire les ressources de tous les types, à l’exception des secrets. |
| Microsoft.OperationalInsights/workspaces/analytics/query/action | Effectue les recherches à l’aide d’un nouveau moteur. |
| Microsoft.OperationalInsights/workspaces/search/action | Exécute une requête de recherche. |
| Microsoft.Support/* | Créer et mettre à jour un ticket de support |
| NotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/read | Récupère les clés partagées de l’espace de travail. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail. |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur du registre de schémas (préversion)
Lire, écrire et supprimer des groupes de registres de schémas et des schémas.
| Actions | Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/* | |
| NotActions | |
| aucune | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/* | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur du registre de schémas (préversion)
Lire et répertorier les groupes de registres de schémas et les schémas.
| Actions | Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/read | Obtenir la liste des descriptions de ressources du groupe de schémas |
| NotActions | |
| aucune | |
| DataActions | |
| Microsoft.EventHub/namespaces/schemas/read | Récupérer des schémas |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Testeur de requête Stream Analytics
Vous permet d’effectuer des tests de requête sans créer de travail Stream Analytics
| Actions | Description |
|---|---|
| Microsoft.StreamAnalytics/locations/TestQuery/action | Teste la requête pour le fournisseur de ressources Stream Analytics |
| Microsoft.StreamAnalytics/locations/OperationResults/read | Lit le résultat de l’opération Stream Analytics |
| Microsoft.StreamAnalytics/locations/SampleInput/action | Échantillonne l’entrée pour le fournisseur de ressources Stream Analytics |
| Microsoft.StreamAnalytics/locations/CompileQuery/action | Compile la requête pour le fournisseur de ressources Stream Analytics |
| NotActions | |
| aucune | |
| DataActions | |
| aucune | |
| NotDataActions | |
| aucune |
{
"assignableScopes": [
"/"
],
"description": "Lets you perform query testing without creating a stream analytics job first",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"name": "1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf",
"permissions": [
{
"actions": [
"Microsoft.StreamAnalytics/locations/TestQuery/action",
"Microsoft.StreamAnalytics/locations/OperationResults/read",
"Microsoft.StreamAnalytics/locations/SampleInput/action",
"Microsoft.StreamAnalytics/locations/CompileQuery/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Stream Analytics Query Tester",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}