Rôles intégrés AzureAzure built-in roles

Le contrôle d’accès en fonction du rôle (RBAC) Azure a plusieurs rôles intégrés Azure que vous pouvez affecter aux utilisateurs, groupes, principaux de service et identités managées.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Les attributions de rôles vous permettent de contrôler l’accès aux ressources Azure.Role assignments are the way you control access to Azure resources. Si les rôles intégrés ne répondent pas aux besoins spécifiques de votre organisation, vous pouvez créer vos propres rôles personnalisés Azure.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

Cet article répertorie les rôles intégrés à Azure, qui sont en constante évolution.This article lists the Azure built-in roles, which are always evolving. Pour obtenir les derniers rôles, utilisez la commande Get-AzRoleDefinition ou az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Si vous recherchez des rôles d’administrateur pour Azure Active Directory (Azure AD), consultez Autorisations de rôles d’administrateur dans Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

Le tableau ci-après fournit une brève description et l'ID unique de chaque rôle intégré.The following table provides a brief description and the unique ID of each built-in role. Cliquez sur le nom d’un rôle pour voir la liste de Actions, NotActions, DataActions et NotDataActions concernant ce rôle.Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. Pour obtenir des informations sur la signification de ces actions et la manière dont elles s’appliquent en termes de gestion et de données, consultez Comprendre les définitions de rôle Azure.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

TousAll

Rôle intégréBuilt-in role DescriptionDescription idID
GénéralitésGeneral
ContributeurContributor Accorde un accès total pour gérer toutes les ressources, mais ne vous permet pas d’affecter des rôles dans Azure RBAC, de gérer des affectations dans Azure Blueprints ou de partager des galeries d’images.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
PropriétaireOwner Octroie un accès total pour gérer toutes les ressources, notamment la possibilité d’attribuer des rôles dans Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
LecteurReader Affiche toutes les ressources, mais ne vous autorise pas à apporter des modifications.View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
Administrateur de l'accès utilisateurUser Access Administrator Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
CalculCompute
Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateurView Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Contributeur de machine virtuelleVirtual Machine Contributor Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
Mise en réseauNetworking
Contributeur de point de terminaison CDNCDN Endpoint Contributor Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Lecteur de point de terminaison CDNCDN Endpoint Reader Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
Contributeur de profil CDNCDN Profile Contributor Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
Lecteur de profil CDNCDN Profile Reader Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Contributeur de réseau classiqueClassic Network Contributor Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
Contributeur de Zone DNSDNS Zone Contributor Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Contributeur de réseauNetwork Contributor Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
Collaborateur de zone DNS privéePrivate DNS Zone Contributor Permet de gérer les ressources de zone DNS privée, mais pas les réseaux virtuels auxquels elles sont liées.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Contributeur Traffic ManagerTraffic Manager Contributor Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StockageStorage
Contributeur AvereAvere Contributor Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Opérateur AvereAvere Operator Utilisé par le cluster Avere vFXT pour gérer le clusterUsed by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Contributeur de sauvegardeBackup Contributor Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnesLets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Opérateur de sauvegardeBackup Operator Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnesLets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Lecteur de sauvegardeBackup Reader Peut afficher des services de sauvegarde, mais pas apporter des modificationsCan view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Contributeur de compte de stockage classiqueClassic Storage Account Contributor Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à régénérer des clés sur des comptes de stockage classiquesClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Contributeur Data BoxData Box Contributor Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Lecteur Data BoxData Box Reader Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Développeur Data Lake AnalyticsData Lake Analytics Developer Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Lecteur et accès aux donnéesReader and Data Access Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Contributeur de compte de stockageStorage Account Contributor Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Contributeur aux données Blob du stockageStorage Blob Data Contributor Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Propriétaire des données Blob du stockageStorage Blob Data Owner Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Lecteur des données blob du stockageStorage Blob Data Reader Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Délégation du Stockage BlobStorage Blob Delegator Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Lecteur des données en file d’attente du stockageStorage Queue Data Reader Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Contributeur aux données Azure MapsAzure Maps Data Contributor Accorde l’accès en lecture, en écriture et en suppression aux données liées aux cartes depuis un compte Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Lecteur de données Azure MapsAzure Maps Data Reader Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Contributeur du service de rechercheSearch Service Contributor Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Lecteur AccessKey SignalRSignalR AccessKey Reader Lire les clés d’accès du service SignalRRead SignalR Service Access Keys 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e
Serveur d’applications SignalR (préversion)SignalR App Server (Preview) Permet à votre serveur d’applications d’accéder au service SignalR avec les options d’authentification AAD.Lets your app server access SignalR Service with AAD auth options. 420fcaa2-552c-430f-98ca-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7
Contributeur SignalRSignalR Contributor Créer, lire, mettre à jour et supprimer des ressources de service SignalRCreate, Read, Update, and Delete SignalR service resources 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
Contributeur SignalR Serverless (préversion)SignalR Serverless Contributor (Preview) Permet à votre application d’accéder au service en mode serverless avec les options d’authentification AAD.Lets your app access service in serverless mode with AAD auth options. fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521
Propriétaire de SignalR Service (préversion)SignalR Service Owner (Preview) Accès complet aux API REST du service Azure SignalRFull access to Azure SignalR Service REST APIs 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3
Lecteur de SignalR Service (préversion)SignalR Service Reader (Preview) Accès en lecture seule aux API REST du service Azure SignalRRead-only access to Azure SignalR Service REST APIs ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035
Contributeur de plan webWeb Plan Contributor Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Contributeur de site webWebsite Contributor Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContainersContainers
AcrDeleteAcrDelete acr deleteacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner signataire d’image ACRacr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull tirer (pull) acracr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush envoyer (push) acracr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader lecteur de données de quarantaine ACRacr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter écriture de données de quarantaine ACRacr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Rôle Contributeur Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role Octroie l’accès en lecture et en écriture aux clusters Azure Kubernetes ServiceGrants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service RBAC AdminAzure Kubernetes Service RBAC Admin Gérez toutes les ressources sous cluster/espace de noms, à l’exception de la mise à jour ou de la suppression de quotas de ressources et d’espaces de noms.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Azure Kubernetes Service RBAC Cluster AdminAzure Kubernetes Service RBAC Cluster Admin Gérez toutes les ressources du cluster.Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Azure Kubernetes Service RBAC ReaderAzure Kubernetes Service RBAC Reader Autorise l’accès en lecture seule pour voir la plupart des objets dans un espace de noms.Allows read-only access to see most objects in a namespace. Ce rôle n’autorise pas l’affichage des rôles ni des liaisons de rôles.It does not allow viewing roles or role bindings. Il n’autorise pas l’affichage des secrets, car la lecture du contenu de Secrets donne accès aux informations d’identification ServiceAccount dans l’espace de noms, ce qui permet l’accès aux API comme n’importe quel ServiceAccount dans l’espace de noms (une forme d’élévation de privilèges).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Azure Kubernetes Service RBAC WriterAzure Kubernetes Service RBAC Writer Autorise l’accès en lecture/écriture à la plupart des objets d’un espace de noms. Ce rôle n’autorise pas l’affichage ni la modification des rôles ou des liaisons de rôles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Toutefois, ce rôle permet d’accéder aux secrets et aux pods en cours d’exécution comme n’importe quel ServiceAccount de l’espace de noms. Il peut donc être utilisé pour obtenir les niveaux d’accès API de n’importe quel ServiceAccount dans l’espace de noms.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
Bases de donnéesDatabases
Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Opérateur Cosmos DBCosmos DB Operator Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compteCan submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperatorCosmosRestoreOperator Peut effectuer une action de restauration pour un compte de base de données Cosmos DB avec le mode de sauvegarde continuCan perform restore action for Cosmos DB database account with continuous backup mode 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f
Contributeur de compte DocumentDBDocumentDB Account Contributor Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Contributeur Cache RedisRedis Cache Contributor Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
Contributeur de base de données SQLSQL DB Contributor Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Contributeur de SQL Managed InstanceSQL Managed Instance Contributor Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
Gestionnaire de sécurité SQLSQL Security Manager Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
Contributeur SQL ServerSQL Server Contributor Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyseAnalytics
Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Contributeurs de fabrique de donnéesData Factory Contributor Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Videur de donnéesData Purger Supprimez des données privées à partir d’un espace de travail Log Analytics.Delete private data from a Log Analytics workspace. 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
Opérateur de cluster HDInsightHDInsight Cluster Operator Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsightCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Contributeur Log AnalyticsLog Analytics Contributor Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Lecteur Log AnalyticsLog Analytics Reader Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
Curateur de données PurviewPurview Data Curator Le curateur de données Microsoft.Purview peut créer, lire, modifier et supprimer des objets de données de catalogue et établir des relations entre les objets.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347
Lecteur de données PurviewPurview Data Reader Le lecteur de données Microsoft.Purview peut lire les objets de données de catalogue.The Microsoft.Purview data reader can read catalog data objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db
Administrateur de la source de données PurviewPurview Data Source Administrator L’administrateur de la source de données Microsoft.Purview peut gérer les sources de données et les analyses de données.The Microsoft.Purview data source administrator can manage data sources and data scans. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803
Contributeur du registre de schémas (préversion)Schema Registry Contributor (Preview) Lire, écrire et supprimer des groupes de registres de schémas et des schémas.Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
Lecteur du registre de schémas (préversion)Schema Registry Reader (Preview) Lire et répertorier les groupes de registres de schémas et les schémas.Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
BlockchainBlockchain
Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview) Permet d’accéder aux nœuds du membre blockchainAllows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
IA + machine learningAI + machine learning
Contributeur Cognitive ServicesCognitive Services Contributor Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Contributeur Cognitive Services Custom VisionCognitive Services Custom Vision Contributor Accès complet au projet, y compris la possibilité de visualiser, créer, modifier et supprimer des projets.Full access to the project, including the ability to view, create, edit, or delete projects. c1ff6cc2-c111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
Déploiement de Cognitive Services Custom VisionCognitive Services Custom Vision Deployment Publier, dépublier ou exporter des modèles.Publish, unpublish or export models. Le déploiement peut visualiser le projet, mais ne peut pas le mettre à jour.Deployment can view the project but can't update. 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f
Étiqueteur Cognitive Services Custom VisionCognitive Services Custom Vision Labeler Visualiser, modifier des images d’entraînement, et créer, ajouter, supprimer ou effacer les étiquettes des images.View, edit training images and create, add, remove, or delete the image tags. Les étiqueteurs peuvent visualiser le projet, mais ne peuvent pas mettre à jour autre chose que des images d’entraînement et des étiquettes.Labelers can view the project but can't update anything other than training images and tags. 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c
Lecteur Cognitive Services Custom VisionCognitive Services Custom Vision Reader Actions en lecture seule dans le projet.Read-only actions in the project. Les lecteurs ne peuvent pas créer ni mettre à jour le projet.Readers can't create or update the project. 93586559-c37d-4a6b-ba08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73
Entraîneur Cognitive Services Custom VisionCognitive Services Custom Vision Trainer Afficher, modifier les projets et entraîner les modèles, avec la possibilité de publier, de dépublier, d’exporter les modèles.View, edit projects and train the models, including the ability to publish, unpublish, export the models. Les entraîneurs ne peuvent pas créer ni supprimer le projet.Trainers can't create or delete the project. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
Lecteur de données Cognitive Services (préversion)Cognitive Services Data Reader (Preview) Permet de lire des données Cognitive Services.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Administrateur Cognitive Services Metrics AdvisorCognitive Services Metrics Advisor Administrator Accès complet au projet, y compris la configuration au niveau du système.Full access to the project, including the system level configuration. cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a
Éditeur QnA Maker Cognitive ServicesCognitive Services QnA Maker Editor Vous permet de créer, modifier, importer et exporter une base de connaissances.Let's you create, edit, import and export a KB. Vous ne pouvez pas publier ni supprimer une base de connaissances.You cannot publish or delete a KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025
Lecteur QnA Maker Cognitive ServicesCognitive Services QnA Maker Reader Vous permet de seulement lire et tester une base de connaissances.Let's you read and test a KB only. 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126
Utilisateur Cognitive ServicesCognitive Services User Vous permet de lire et de répertorier les clés de Cognitive Services.Lets you read and list keys of Cognitive Services. a97b65f3-24C7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Internet des objetsInternet of things
Administrateur Device UpdateDevice Update Administrator Vous accorde l’accès complet aux opérations de gestion et de contenuGives you full access to management and content operations 02ca0879-e8e4-47a5-a61e-5c618b76e64a02ca0879-e8e4-47a5-a61e-5c618b76e64a
Administrateur de contenu Device UpdateDevice Update Content Administrator Vous accorde l’accès complet aux opérations de contenuGives you full access to content operations 0378884a-3af5-44ab-8323-f5b22f9f3c980378884a-3af5-44ab-8323-f5b22f9f3c98
Lecteur du contenu Device UpdateDevice Update Content Reader Vous accorde l’accès en lecture aux opérations de contenu, mais ne vous permet pas d’effectuer des modificationsGives you read access to content operations, but does not allow making changes d1ee9a80-8b14-47f0-bdc2-f4a351625a7bd1ee9a80-8b14-47f0-bdc2-f4a351625a7b
Administrateur des déploiements Device UpdateDevice Update Deployments Administrator Vous accorde l’accès complet aux opérations de gestionGives you full access to management operations e4237640-0e3d-4a46-8fda-70bc94856432e4237640-0e3d-4a46-8fda-70bc94856432
Lecteur des déploiements Device UpdateDevice Update Deployments Reader Vous accorde l’accès en lecture aux opérations de gestion, mais ne vous permet pas d’effectuer des modificationsGives you read access to management operations, but does not allow making changes 49e2f5d2-7741-4835-8efa-19e1fe35e47f49e2f5d2-7741-4835-8efa-19e1fe35e47f
Lecteur Device UpdateDevice Update Reader Vous accorde l’accès en lecture aux opérations de gestion et de contenu, mais ne vous permet pas d’effectuer des modificationsGives you read access to management and content operations, but does not allow making changes e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0fe9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f
Réalité mixteMixed reality
Administrateur Remote RenderingRemote Rendering Administrator Fournit à l’utilisateur des fonctionnalités de conversion, de gestion de session, de rendu et de diagnostic pour Azure Remote RenderingProvides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Client Remote RenderingRemote Rendering Client Fournit à l’utilisateur des fonctionnalités de gestion de session, de rendu et de diagnostic pour Azure Remote RenderingProvides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Contributeur de compte Spatial AnchorsSpatial Anchors Account Contributor Permet de gérer des ancres spatiales dans votre compte, mais pas de les supprimerLets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Propriétaire de compte Spatial AnchorsSpatial Anchors Account Owner Permet de gérer des ancres spatiales dans votre compte, y compris de les supprimerLets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Lecteur de compte Spatial AnchorsSpatial Anchors Account Reader Permet de localiser et de lire les propriétés d’ancres spatiales dans votre compteLets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
IntégrationIntegration
Contributeur du service Gestion des APIAPI Management Service Contributor Peut gérer le service et les APICan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
Rôle d’opérateur du service Gestion des APIAPI Management Service Operator Role Peut gérer le service, mais pas les APICan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Rôle de lecteur du service Gestion des APIAPI Management Service Reader Role Accès en lecture seule au service et aux APIRead-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
Propriétaire des données App ConfigurationApp Configuration Data Owner Permet l’accès total aux données App Configuration.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
Lecteur des données App ConfigurationApp Configuration Data Reader Permet de lire les données App Configuration.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Propriétaire de données Azure Service BusAzure Service Bus Data Owner Permet un accès total aux ressources Azure Service Bus.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Récepteur de données Azure Service BusAzure Service Bus Data Receiver Permet d’obtenir un accès en réception aux ressources Azure Service Bus.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Expéditeur de données Azure Service BusAzure Service Bus Data Sender Permet d’obtenir un accès en envoi aux ressources Azure Service Bus.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Propriétaire de l’inscription Azure StackAzure Stack Registration Owner Permet de gérer les inscriptions Azure Stack.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Contributeur EventgridEventGrid Contributor Vous permet de gérer les opérations EventGrid.Lets you manage EventGrid operations. 1e241071-0855-49ea-94dc-649edcd759de1e241071-0855-49ea-94dc-649edcd759de
Contributeur EventGrid EventSubscriptionEventGrid EventSubscription Contributor Vous permet de gérer les opérations d’abonnement aux événements EventGrid.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Lecteur EventGrid EventSubscriptionEventGrid EventSubscription Reader Vous permet de lire les abonnements aux événements EventGrid.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4FAF-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Contributeur aux données FHIRFHIR Data Contributor Ce rôle accorde à l’utilisateur ou au principal un accès complet aux données FHIRRole allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
Exportateur de données FHIRFHIR Data Exporter Ce rôle permet à l’utilisateur ou au principal de lire et d’exporter des données FHIRRole allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
Lecteur de données FHIRFHIR Data Reader Ce rôle permet à l’utilisateur ou au principal de lire des données FHIRRole allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
Enregistreur de données FHIRFHIR Data Writer Ce rôle permet à l’utilisateur ou au principal de lire et d’écrire des données FHIRRole allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
Contributeur de l’environnement de service d’intégrationIntegration Service Environment Contributor Permet de gérer les environnements de service d’intégration, mais pas d’y accéder.Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
Développeur d’environnement de service d’intégrationIntegration Service Environment Developer Permet aux développeurs de créer et de mettre à jour des workflows, des comptes d’intégration et des connexions d’API dans les environnements de service d’intégration.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Contributeur de compte Intelligent SystemsIntelligent Systems Account Contributor Permet de gérer des comptes Intelligent Systems, mais pas d’y accéder.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Contributeur d’application logiqueLogic App Contributor Permet de gérer des applications logiques, mais pas d’en modifier l’accès.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Opérateur d’application logiqueLogic App Operator Permet de lire, d’activer et de désactiver des applications logiques, mais pas de les modifier ou de les mettre à jour.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IdentitéIdentity
Contributeur d’identités géréesManaged Identity Contributor Peut créer, lire, mettre à jour et supprimer une identité attribuée à l’utilisateur.Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Opérateur d’identités géréesManaged Identity Operator Peut lire et assigner une identité attribuée à l’utilisateur.Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SécuritéSecurity
Contributeur d’attestationAttestation Contributor Peut lire, écrire ou supprimer l’instance du fournisseur d’attestationsCan read write or delete the attestation provider instance bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e
Lecteur d’attestationAttestation Reader Peut lire les propriétés du fournisseur d’attestationsCan read the attestation provider properties fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Contributeur Azure SentinelAzure Sentinel Contributor Contributeur Azure SentinelAzure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Lecteur Azure SentinelAzure Sentinel Reader Lecteur Azure SentinelAzure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Répondeur Azure SentinelAzure Sentinel Responder Répondeur Azure SentinelAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Administrateur Key VaultKey Vault Administrator Permet d’effectuer toutes les opération du plan de données sur un coffre de clés et tous les objets qu’il contient, notamment les certificats, les clés et les secrets.Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Ne peut pas gérer les ressources du coffre de clés ni gérer les attributions de rôles.Cannot manage key vault resources or manage role assignments. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Agent des certificats Key VaultKey Vault Certificates Officer Permet d’effectuer une action sur les certificats d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the certificates of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Contributeur Key VaultKey Vault Contributor Permet de gérer les coffres de clés, mais ne vous permet pas d’attribuer des rôles dans Azure RBAC ni d’accéder à des secrets, des clés ou des certificats.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Agent de chiffrement Key VaultKey Vault Crypto Officer Permet d’effectuer une action sur les clés d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the keys of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Utilisateur du service de chiffrement de Key VaultKey Vault Crypto Service Encryption User Permet de lire les métadonnées des clés et d’effectuer des opérations visant à envelopper/désenvelopper.Read metadata of keys and perform wrap/unwrap operations. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Utilisateur de chiffrement Key VaultKey Vault Crypto User Permet d’effectuer des opérations de chiffrement à l’aide de clés.Perform cryptographic operations using keys. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Lecteur Key VaultKey Vault Reader Permet de lire les métadonnées de coffres de clés et de leurs certificats, clés et secrets.Read metadata of key vaults and its certificates, keys, and secrets. Ne peut pas lire les valeurs sensibles, telles que les contenus secrets ou les documents clés.Cannot read sensitive values such as secret contents or key material. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Agent des secrets Key VaultKey Vault Secrets Officer Permet d’effectuer une action sur les secrets d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the secrets of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Utilisateur des secrets Key VaultKey Vault Secrets User Permet de lire le contenu du secret.Read secret contents. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
Contributeur HSM managéManaged HSM contributor Vous permet de gérer des pools HSM managés, mais pas d’y accéder.Lets you manage managed HSM pools, but not access to them. 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d
Administrateur de la sécuritéSecurity Admin Autorisations d’affichage et de mise à jour pour Security Center.View and update permissions for Security Center. Dispose des mêmes autorisations que le rôle Lecteur de sécurité et peut également modifier la stratégie de sécurité et ignorer les alertes et les recommandations.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Contributeur d'évaluation de la sécuritéSecurity Assessment Contributor Vous permet d’envoyer (push) les évaluations à Security CenterLets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
Gestionnaire de sécurité (hérité)Security Manager (Legacy) Il s’agit d’un rôle hérité.This is a legacy role. Utilisez plutôt l’administrateur de sécurité.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Lecteur de sécuritéSecurity Reader Autorisations d’affichage pour Security Center.View permissions for Security Center. Peut afficher les recommandations, les alertes, une stratégie de sécurité et les états de sécurité, mais ne peut pas apporter de modifications.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
Utilisateur de DevTest LabsDevTest Labs User Permet de connecter, de démarrer, de redémarrer et d’arrêter vos machines virtuelles dans votre Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Créateur LabLab Creator Créez des labs sous vos comptes Azure Lab.Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
SurveillerMonitor
Contributeur de composants Application InsightsApplication Insights Component Contributor Gérer les composants Application InsightsCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Débogueur de capture instantanée d’Application InsightsApplication Insights Snapshot Debugger Autorise l’utilisateur à consulter et à télécharger les instantanés de débogage collectés à l’aide du débogueur de capture instantanée Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Ces autorisations ne sont pas incluses dans les rôles Propriétaire et Contributeur.Note that these permissions are not included in the Owner or Contributor roles. Lorsque vous donnez aux utilisateurs le rôle Débogueur de capture instantanée Application Insights, vous devez leur accorder directement le rôle.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. Le rôle n’est pas reconnu lorsqu’il est ajouté à un rôle personnalisé.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Contributeur de surveillanceMonitoring Contributor Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Can read all monitoring data and edit monitoring settings. Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
Publication des métriques de surveillanceMonitoring Metrics Publisher Permet de publier les métriques relatives aux ressources AzureEnables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Lecteur de surveillanceMonitoring Reader Peut lire toutes les données de supervision (métriques, journaux d’activité, etc.)Can read all monitoring data (metrics, logs, etc.). Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
Contributeur de classeurWorkbook Contributor Peut enregistrer les classeurs partagés.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
Lecteur de classeurWorkbook Reader Peut lire les classeurs.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
Gestion + gouvernanceManagement + governance
Opérateur de travaux AutomationAutomation Job Operator Permet de créer et de gérer des travaux avec des runbooks Automation.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Opérateur AutomationAutomation Operator Les opérateurs d’Automation sont en mesure de démarrer, d’arrêter, de suspendre et de reprendre des travauxAutomation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Opérateur de runbook AutomationAutomation Runbook Operator Propriétés de lecture du runbook : pour pouvoir créer des travaux depuis le runbook.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Intégration de machine connectée à AzureAzure Connected Machine Onboarding Peut intégrer des machines connectées à Azure.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Administrateur des ressources de la machine connectée à AzureAzure Connected Machine Resource Administrator Peut lire, écrire, supprimer et réintégrer des machines connectées à Azure.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
Lecteur de facturationBilling Reader Autorise l’accès en lecture aux données de facturationAllows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Contributeur blueprintBlueprint Contributor Peut gérer les définitions blueprint, mais ne peut pas les affecter.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
Opérateur blueprintBlueprint Operator Peut affecter des blueprints publiés existants, mais ne peut pas en créer de nouveaux.Can assign existing published blueprints, but cannot create new blueprints. Notez que cela fonctionne uniquement si l’affectation est effectuée avec une identité managée affectée par l’utilisateur.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Contributeur Cost ManagementCost Management Contributor Peut afficher les coûts et gérer la configuration des coûts (par exemple, budgets, exportations)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Lecteur Cost ManagementCost Management Reader Peut afficher les données et la configuration des coûts (par exemple, budgets, exportations)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Administration des paramètres de hiérarchieHierarchy Settings Administrator Permet aux utilisateurs de modifier et de supprimer des paramètres de hiérarchieAllows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Cluster Kubernetes – Intégration Azure ArcKubernetes Cluster - Azure Arc Onboarding Définition de rôle pour autoriser tout utilisateur/service à créer une ressource connectedClustersRole definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
Rôle Contributeur d'application managéeManaged Application Contributor Role Permet de créer des ressources d’application managées.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Rôle opérateur d’application managéeManaged Application Operator Role Permet de lire les ressources d’application managée et d’effectuer des actions sur ces ressources.Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Lecteur Applications managéesManaged Applications Reader Vous permet de lire les ressources dans une application managée et de demander un accès JIT.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
Suppression du rôle d’attribution d’inscription de services managéManaged Services Registration assignment Delete Role La suppression du rôle d’attribution d’inscription de services managés permet aux utilisateurs du client gérant de supprimer l’attribution d’inscription assignée à leur locataire.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
Contributeur du groupe d’administrationManagement Group Contributor Rôle de collaborateur du groupe d’administrationManagement Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Lecteur du groupe d’administrationManagement Group Reader Rôle de lecteur du groupe d’administrationManagement Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
Contributeur de compte NewRelic APMNew Relic APM Account Contributor Vous permet de gérer des comptes et applications New Relic Application Performance Management, mais pas d’y accéder.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Policy Insights Data Writer (préversion)Policy Insights Data Writer (Preview) Permet de lire les stratégies de ressources et d’écrire les événements de stratégie de composant de ressource.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
Rôle opérateur de requête de quotaQuota Request Operator Role Lisez et créez des requêtes de quota, obtenez l’état de la requête de quota et créez des tickets de support.Read and create quota requests, get quota request status, and create support tickets. 0e5f05e5-9ab9-446b-b98d-1e2157c941250e5f05e5-9ab9-446b-b98d-1e2157c94125
Acheteur de réservationReservation Purchaser Vous permet d’acheter des réservationsLets you purchase reservations f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689
Contributeur de stratégie de ressourceResource Policy Contributor Utilisateurs dotés de droits pour créer ou modifier une stratégie de ressource, créer un ticket de support et lire des ressources ou la hiérarchie.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Contributeur Site RecoverySite Recovery Contributor Permet de gérer le service Site Recovery sauf la création de coffre et l’attribution de rôleLets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Opérateur Site RecoverySite Recovery Operator Permet de basculer et de restaurer mais pas d’effectuer d’autres opérations de gestion de Site RecoveryLets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Lecteur Site RecoverySite Recovery Reader Permet d’afficher l’état de Site Recovery mais pas d’effectuer d’autres opérations de gestionLets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Contributeur de demande de supportSupport Request Contributor Permet de créer et de gérer des demandes de supportLets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Contributeur d’étiquetteTag Contributor Vous permet de gérer les étiquettes sur les entités, sans fournir l’accès aux entités elles-mêmes.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
AutresOther
Propriétaire des données Azure Digital TwinsAzure Digital Twins Data Owner Rôle d’accès complet pour le plan de données Digital TwinsFull access role for Digital Twins data-plane bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe
Lecteur de données Azure Digital TwinsAzure Digital Twins Data Reader Rôle en lecture seule pour les propriétés du plan de données Digital TwinsRead-only role for Digital Twins data-plane properties d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3
Contributeur BizTalkBizTalk Contributor Permet de gérer des services BizTalk, mais pas d’y accéder.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
Contributeur du groupe d’applications de virtualisation de poste de travailDesktop Virtualization Application Group Contributor Contributeur du groupe d’applications de virtualisation de poste de travail.Contributor of the Desktop Virtualization Application Group. 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8
Lecteur du groupe d’applications de virtualisation de poste de travailDesktop Virtualization Application Group Reader Lecteur du groupe d’applications de virtualisation de poste de travail.Reader of the Desktop Virtualization Application Group. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
Contributeur de virtualisation des services BureauDesktop Virtualization Contributor Contributeur de virtualisation de poste de travailContributor of Desktop Virtualization. 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387
Contributeur de pool d’hôtes de virtualisation de poste de travailDesktop Virtualization Host Pool Contributor Contributeur de pool d’hôtes de virtualisation de poste de travail.Contributor of the Desktop Virtualization Host Pool. e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc
Lecteur de pool d’hôtes de virtualisation de poste de travailDesktop Virtualization Host Pool Reader Lecteur de pool d’hôtes de virtualisation de poste de travail.Reader of the Desktop Virtualization Host Pool. ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822
Lecteur de virtualisation des services BureauDesktop Virtualization Reader Lecteur de virtualisation de poste de travailReader of Desktop Virtualization. 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868
Opérateur d’hôte de session de virtualisation de virtualisation de poste de travailDesktop Virtualization Session Host Operator Opérateur d’hôte de session de virtualisation de virtualisation de poste de travail.Operator of the Desktop Virtualization Session Host. 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408
Utilisateur de virtualisation de bureauDesktop Virtualization User Permet à l’utilisateur d’utiliser les applications dans un groupe d’applications.Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Opérateur de session utilisateur de virtualisation de poste de travailDesktop Virtualization User Session Operator Opérateur de session utilisateur de virtualisation de poste de travail.Operator of the Desktop Virtualization Uesr Session. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
Contributeur d’espace de travail de virtualisation de poste de travailDesktop Virtualization Workspace Contributor Contributeur d’espace de travail de virtualisation de poste de travail.Contributor of the Desktop Virtualization Workspace. 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b
Lecteur d’espace de travail de virtualisation de poste de travailDesktop Virtualization Workspace Reader Lecteur d’espace de travail de virtualisation de poste de travail.Reader of the Desktop Virtualization Workspace. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
Lecteur de sauvegarde de disqueDisk Backup Reader Fournit une autorisation sur le coffre de sauvegarde pour effectuer une sauvegarde de disque.Provides permission to backup vault to perform disk backup. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24
Opérateur de restauration de disqueDisk Restore Operator Fournit une autorisation sur le coffre de sauvegarde pour effectuer une restauration de disque.Provides permission to backup vault to perform disk restore. b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13
Contributeur d’instantané de disqueDisk Snapshot Contributor Fournit une autorisation sur le coffre de sauvegarde pour gérer les instantanés de disque.Provides permission to backup vault to manage disk snapshots. 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce
Contributeur des collections de travaux du planificateurScheduler Job Collections Contributor Permet de gérer des collections de tâches du planificateur, mais pas d’y accéder.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
Opérateur de hub de servicesServices Hub Operator L’opérateur de hub de services vous permet d’effectuer toutes les opérations de lecture, d’écriture et de suppression liées aux connecteurs de hub de services.Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b

GénéralGeneral

ContributeurContributor

Accorde un accès total pour gérer toutes les ressources, mais ne vous permet pas d’affecter des rôles dans Azure RBAC, de gérer des affectations dans Azure Blueprints ou de partager des galeries d’images.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. En savoir plusLearn more

ActionsActions DescriptionDescription
* Créer et gérer les ressources de tous les typesCreate and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete Supprimer des rôles, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesDelete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write Créer des rôles, des attributions de rôle, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesCreate roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action Accorde à l’appelant un accès Administrateur de l’accès utilisateur au niveau de la portée du clientGrants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write Créer ou mettre à jour toutes les affectations de blueprintCreate or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete Supprimer toutes les affectations de blueprintDelete any blueprint assignments
Microsoft.Compute/galleries/share/actionMicrosoft.Compute/galleries/share/action Partage une galerie sur des différentes étenduesShares a Gallery to different scopes
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

PropriétaireOwner

Octroie un accès total pour gérer toutes les ressources, notamment la possibilité d’attribuer des rôles dans Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. En savoir plusLearn more

ActionsActions DescriptionDescription
* Créer et gérer les ressources de tous les typesCreate and manage resources of all types
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

LecteurReader

Affiche toutes les ressources, mais ne vous autorise pas à apporter des modifications.View all resources, but does not allow you to make any changes. En savoir plusLearn more

ActionsActions DescriptionDescription
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur de l'accès utilisateurUser Access Administrator

Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources. En savoir plusLearn more

ActionsActions DescriptionDescription
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* Gérer les autorisationsManage authorization
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CalculCompute

Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor

Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* Créer et gérer des noms de domaine de calcul classiqueCreate and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* Créer et gérer les machines virtuellesCreate and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action Lier une adresse IP réservéeLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read Obtient les adresses IP réservéesGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action Joint le réseau virtuel.Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read Obtenez le réseau virtuel.Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read Retourne le disque du compte de stockage.Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read Retourne l’image du compte de stockage.Returns the storage account image. (Déconseillé.(Deprecated. Utilisez « Microsoft.ClassicStorage/storageAccounts/vmImages »)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Retourne le compte de stockage avec le compte spécifique.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login

Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateur En savoir plusView Virtual Machines in the portal and login as administrator Learn more

ActionsActions DescriptionDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action Se connecter à une machine virtuelle avec des privilèges d’administrateur Windows ou d’utilisateur racine LinuxLog in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de machine virtuelleVirtual Machine Contributor

Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* Créer et gérer des groupes à haute disponibilité de calculCreate and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* Créer et gérer des emplacements de calculCreate and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* Effectuer toutes les actions de machine virtuelle, notamment créer, mettre à jour, supprimer, démarrer, redémarrer et mettre hors tension des machines virtuelles.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Exécuter des scripts prédéfinis sur des machines virtuelles.Execute predefined scripts on virtual machines.
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* Créez et gérez des jeux de mise à l’échelle des machines virtuellesCreate and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write Créer ou mettre à jour un disqueCreates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read Obtenir les propriétés d’un disqueGet the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete Supprimer le disqueDeletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action Joint un pool d’adresses principales de passerelle d’application.Joins an application gateway backend address pool. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action Joint un pool d’adresses principales d’équilibrage de charge.Joins a load balancer backend address pool. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action Joint un pool NAT entrant d’équilibrage de charge.Joins a load balancer inbound NAT pool. Impossible à alerter.Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action Joint une règle nat de trafic entrant d’équilibrage de charge.Joins a load balancer inbound nat rule. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action Autorise l’utilisation des sondes d’un équilibreur de charge.Allows using probes of a load balancer. Par exemple, avec cette autorisation, la propriété healthProbe du groupe de machines virtuelles identiques peut faire référence à la sonde.For example, with this permission healthProbe property of VM scale set can reference the probe. Impossible à alerter.Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* Créer et gérer des emplacements réseauCreate and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* Créer et gérer des interfaces réseauCreate and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read Obtient une définition de groupe de sécurité réseau.Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action Joint une adresse IP publique.Joins a public ip address. Impossible à alerter.Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crée une intention de protection de sauvegarde.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Créer un élément protégé de sauvegarde.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write Crée une stratégie de protection.Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login

Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mise en réseauNetworking

Contributeur de point de terminaison CDNCDN Endpoint Contributor

Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de point de terminaison CDNCDN Endpoint Reader

Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de profil CDNCDN Profile Contributor

Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de profil CDNCDN Profile Reader

Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de réseau classiqueClassic Network Contributor

Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* Créer et gérer des réseaux classiquesCreate and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de Zone DNSDNS Zone Contributor

Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* Créer et gérer des enregistrements et zones DNSCreate and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de réseauNetwork Contributor

Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* Créer et gérer des réseauxCreate and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Private DNS Zone ContributorPrivate DNS Zone Contributor

Permet de gérer les ressources de zone DNS privée, mais pas les réseaux virtuels auxquels elles sont liées.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Traffic ManagerTraffic Manager Contributor

Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

StockageStorage

Contributeur AvereAvere Contributor

Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read Obtient les ressources du groupe de ressources.Gets the resources for the resource group.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur AvereAvere Operator

Utilisé par le cluster Avere vFXT pour gérer le cluster En savoir plusUsed by the Avere vFXT cluster to manage the cluster Learn more

ActionsActions DescriptionDescription
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read Obtenir les propriétés d’une machine virtuelleGet the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write Crée une interface réseau ou met à jour une interface réseau existante.Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Retourne le résultat de la suppression d’un conteneurReturns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourne la liste des conteneursReturns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Retourne le résultat du conteneur put blobReturns the result of put blob container
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de sauvegardeBackup Contributor

Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnes En savoir plusLets you manage backup service, but can't create vaults and give access to others Learn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Gérer les résultats des opérations de gestion des sauvegardesManage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Créer et gérer des conteneurs de sauvegarde dans les structures de sauvegarde du coffre Recovery ServicesCreate and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualise la liste de conteneurs.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Créer et gérer des travaux de sauvegardeCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* Créer et gérer des stratégies de sauvegardeCreate and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* Créer et gérer les éléments sauvegardésCreate and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Créer et gérer les conteneurs contenant les éléments de sauvegardeCreate and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Créer et gérer des certificats associés à la sauvegarde dans le coffre Recovery ServicesCreate and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Créer et gérer des informations étendues associées au coffreCreate and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Créer et gérer les identités inscritesCreate and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Créer et gérer l’utilisation du coffre Recovery ServicesCreate and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valider l’opération sur l’élément protégé.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtient tous les conteneurs protégeablesGet all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur de sauvegardeBackup Operator

Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnes En savoir plusLets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Renvoie l’état de l’opération.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Effectue la sauvegarde d’un élément protégé.Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Approvisionner la récupération d’éléments instantanée pour l’élément protégé.Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/actionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action Obtenir AccessToken pour la restauration interrégionale.Get AccessToken for Cross Region Restore.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Restaurer les points de récupération des éléments protégés.Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Révoquer la récupération d’éléments instantanée pour l’élément protégé.Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Créer un élément protégé de sauvegarde.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Renvoie tous les conteneurs inscrits.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualise la liste de conteneurs.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Créer et gérer des travaux de sauvegardeCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write L’opération de mise à jour de certificat de ressource met à jour le certificat d’identification du coffre/de la ressource.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write L’opération d’inscription d’un conteneur de service peut être utilisée pour inscrire un conteneur avec Recovery Services.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valider l’opération sur l’élément protégé.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Crée un conteneur inscritCreates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Recherche les charges de travail dans un conteneurDo inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crée une intention de protection de sauvegarde.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Créer une intention de protection de sauvegardeGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtient tous les conteneurs protégeablesGet all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtient tous les éléments figurant dans un conteneurGet all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
Microsoft.RecoveryServices/locations/backupAadProperties/readMicrosoft.RecoveryServices/locations/backupAadProperties/read Obtenir les propriétés AAD d’authentification dans la troisième région pour la restauration interrégionale.Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft.RecoveryServices/locations/backupCrrJobs/actionMicrosoft.RecoveryServices/locations/backupCrrJobs/action Répertorier les travaux de restauration interrégionale dans la région secondaire pour le coffre Recovery Services.List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrJob/actionMicrosoft.RecoveryServices/locations/backupCrrJob/action Obtenir les détails du travail de restauration interrégionale dans la région secondaire pour le coffre Recovery Services.Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/actionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action Déclencher la restauration interrégion.Trigger Cross region restore.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/readMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read Retourne le résultat de l’opération de restauration interrégionale du coffre Recovery Services.Returns CRR Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/readMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read Retourne l’état de l’opération de restauration interrégionale du coffre Recovery Services.Returns CRR Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de sauvegardeBackup Reader

Peut afficher des services de sauvegarde, mais pas apporter des modifications En savoir plusCan view backup services, but can't make changes Learn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp est une opération interne utilisée par le service.GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Renvoie l’état de l’opération.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Renvoie tous les conteneurs inscrits.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read Renvoie le résultat de l’opération de travail.Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read Renvoie tous les objets de travail.Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Renvoie le résultat de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Renvoie la configuration de stockage pour le coffre Recovery Services.Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Renvoie la configuration pour le coffre Recovery Services.Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Créer une intention de protection de sauvegardeGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtient tous les éléments figurant dans un conteneurGet all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte de stockage classiqueClassic Storage Account Contributor

Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role

Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à regénérer des clés sur des comptes de stockage classiques En savoir plusClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

ActionsActions DescriptionDescription
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action Régénère les clés d’accès existantes du compte de stockage.Regenerates the existing access keys for the storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Data BoxData Box Contributor

Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Data BoxData Box Reader

Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action Répertorie les informations d’identification non chiffrées liées à la commandeLists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action Retourner la liste des références (SKU) disponiblesThis method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action Cette méthode effectue tous les types de validations.This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action Cette méthode retourne les configurations pour la région.This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action Valider l'adresse de livraison et fournir d'autres adresses s’il en estValidates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Développeur Data Lake AnalyticsData Lake Analytics Developer

Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete Supprime un compte Data Lake Analytics.Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action Accorde des autorisations pour annuler des travaux soumis par d’autres utilisateurs.Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write Crée ou met à jour un compte Data Lake Analytics.Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write Crée ou met à jour un compte Data Lake Store lié d’un compte Data Lake Analytics.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete Dissocie un compte Data Lake Store d’un compte Data Lake Analytics.Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write Crée ou met à jour un compte de stockage lié d’un compte Data Lake Analytics.Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete Dissocie un compte de stockage d’un compte Data Lake Analytics.Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write Créer ou mettre à jour une règle de pare-feu.Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete Supprimer une règle de pare-feu.Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write Crée ou met à jour une stratégie de calcul.Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete Supprime une stratégie de calcul.Delete a compute policy.
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur et accès aux donnéesReader and Data Access

Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action Retourne le jeton SAS du compte de stockage spécifié.Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte de stockageStorage Account Contributor

Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role

Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action Régénère les clés d’accès au compte de stockage spécifié.Regenerates the access keys for the specified storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur aux données Blob du stockageStorage Blob Data Contributor

Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Supprimer un conteneur.Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Modifier les métadonnées ou les propriétés d’un conteneur.Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Supprimer un objet blob.Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Écrire dans un objet blob.Write to a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action Déplace l'objet blob d'un chemin à un autreMoves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/add/action Retourner le résultat de l’ajout de contenu d’objet blobReturns the result of adding blob content
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire des données Blob du stockageStorage Blob Data Owner

Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* Toutes les autorisations sur les conteneurs.Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Toutes les autorisations sur les objets blob.Full permissions on blobs.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur des données blob du stockageStorage Blob Data Reader

Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Délégation du Stockage BlobStorage Blob Delegator

Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor

Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor

Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action Retourne le résultat de la modification de l’autorisation sur un fichier/dossier.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader

Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor

Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete Supprimer une file d’attente.Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Retourner une file d’attente ou une liste de files d’attente.Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write Modifier les métadonnées ou propriétés en file d’attente.Modify queue metadata or properties.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete Supprimer un ou plusieurs messages à partir d’une file d’attente.Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write Ajouter un message à une file d'attente.Add a message to a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Retourner le résultat du traitement d’un messageReturns the result of processing a message
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor

Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Afficher l’aperçu d’un message.Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Récupérer et supprimer un message.Retrieve and delete a message.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender

Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action Ajouter un message à une file d'attente.Add a message to a queue.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur des données en file d’attente du stockageStorage Queue Data Reader

Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Retourne une file d’attente ou une liste de files d’attente.Returns a queue or a list of queues.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Contributeur aux données Azure MapsAzure Maps Data Contributor

Accorde l’accès en lecture, en écriture et en suppression aux données liées aux cartes depuis un compte Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
Microsoft.Maps/accounts/*/writeMicrosoft.Maps/accounts/*/write
Microsoft.Maps/accounts/*/deleteMicrosoft.Maps/accounts/*/delete
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de données Azure MapsAzure Maps Data Reader

Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account. En savoir plusLearn more

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur du service de rechercheSearch Service Contributor

Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* Créer et gérer les services de rechercheCreate and manage search services
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur AccessKey SignalRSignalR AccessKey Reader

Lire les clés d’accès du service SignalRRead SignalR Service Access Keys

ActionsActions DescriptionDescription
Microsoft.SignalRService/*/readMicrosoft.SignalRService/*/read
Microsoft.SignalRService/SignalR/listkeys/actionMicrosoft.SignalRService/SignalR/listkeys/action Afficher la valeur des clés d’accès SignalR dans le portail de gestion ou par le biais d’une APIView the value of SignalR access keys in the management portal or through API
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Serveur d’applications SignalR (préversion)SignalR App Server (Preview)

Permet à votre serveur d’applications d’accéder au service SignalR avec les options d’authentification AAD.Lets your app server access SignalR Service with AAD auth options.

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.SignalRService/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action Générez un AccessKey temporaire pour la signature de ClientTokens.Generate a temporary AccessKey for signing ClientTokens.
Microsoft.SignalRService/SignalR/serverConnection/writeMicrosoft.SignalRService/SignalR/serverConnection/write Démarrer une connexion au serveur.Start a server connection.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur SignalRSignalR Contributor

Créer, lire, mettre à jour et supprimer des ressources de service SignalRCreate, Read, Update, and Delete SignalR service resources

ActionsActions DescriptionDescription
Microsoft.SignalRService/*Microsoft.SignalRService/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur SignalR Serverless (préversion)SignalR Serverless Contributor (Preview)

Permet à votre application d’accéder au service en mode serverless avec les options d’authentification AAD.Lets your app access service in serverless mode with AAD auth options.

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.SignalRService/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action Générez un ClientToken pour démarrer une connexion cliente.Generate a ClientToken for starting a client connection.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app access service in serverless mode with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Serverless Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire de SignalR Service (préversion)SignalR Service Owner (Preview)

Accès complet aux API REST du service Azure SignalRFull access to Azure SignalR Service REST APIs

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.SignalRService/SignalR/hub/send/actionMicrosoft.SignalRService/SignalR/hub/send/action Diffusez des messages à toutes les connexions clientes dans le hub.Broadcast messages to all client connections in hub.
Microsoft.SignalRService/SignalR/group/send/actionMicrosoft.SignalRService/SignalR/group/send/action Diffusez le message au groupe.Broadcast message to group.
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read Vérifiez l’existence du groupe ou l’existence de l’utilisateur dans le groupe.Check group existence or user existence in group.
Microsoft.SignalRService/SignalR/group/writeMicrosoft.SignalRService/SignalR/group/write Rejoignez/Quittez le groupe.Join / Leave group.
Microsoft.SignalRService/SignalR/clientConnection/send/actionMicrosoft.SignalRService/SignalR/clientConnection/send/action Envoyer des messages directement à une connexion cliente.Send messages directly to a client connection.
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read Vérifier l’existence de la connexion cliente.Check client connection existence.
Microsoft.SignalRService/SignalR/clientConnection/writeMicrosoft.SignalRService/SignalR/clientConnection/write Fermez la connexion cliente.Close client connection.
Microsoft.SignalRService/SignalR/user/send/actionMicrosoft.SignalRService/SignalR/user/send/action Envoyer des messages à l’utilisateur, qui peut se composer de plusieurs connexions clientes.Send messages to user, who may consist of multiple client connections.
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read Vérifiez l’existence d’un utilisateur.Check user existence.
Microsoft.SignalRService/SignalR/user/writeMicrosoft.SignalRService/SignalR/user/write
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de SignalR Service (préversion)SignalR Service Reader (Preview)

Accès en lecture seule aux API REST du service Azure SignalRRead-only access to Azure SignalR Service REST APIs

ActionsActions DescriptionDescription
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read Vérifiez l’existence du groupe ou l’existence de l’utilisateur dans le groupe.Check group existence or user existence in group.
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read Vérifier l’existence de la connexion cliente.Check client connection existence.
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read Vérifiez l’existence d’un utilisateur.Check user existence.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de plan webWeb Plan Contributor

Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* Créer et gérer des batteries de serveursCreate and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action Joint un environnement App Service EnvironmentJoins an App Service Environment
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de site webWebsite Contributor

Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Créer et gérer les composants InsightsCreate and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* Créer et gérer les certificats de site webCreate and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read Récupère les noms de sites affectés à un nom d’hôte.Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action Joint un plan App ServiceJoins an App Service Plan
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Récupère les propriétés d’un plan App Service.Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* Créer et gérer des sites web (la création de sites nécessite également des autorisations d’écriture pour le plan App Service associé)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContainersContainers

AcrDeleteAcrDelete

suppression Arc En savoir plusacr delete Learn more

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete Supprimer l’artefact dans un registre de conteneurs.Delete artifact in a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

signataire d’image Arc En savoir plusacr image signer Learn more

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write Envoie ou tire des métadonnées d’approbation du contenu pour un registre de conteneurs.Push/Pull content trust metadata for a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

tirage (pull) Arc En savoir plusacr pull Learn more

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

envoi (push) Arc En savoir plusacr push Learn more

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write Envoie (push) ou écrit des images dans un registre de conteneurs.Push or Write images to a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

lecteur de données de quarantaine ACRacr quarantine data reader

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

écriture de données de quarantaine ACRacr quarantine data writer

ActionsActions DescriptionDescription
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write Écrit ou modifie l’état des images en quarantaineWrite/Modify quarantine state of quarantined images
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role

Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action Obtient un profil d’accès au cluster géré en fonction du nom de rôle à l’aide des informations d’identification de la listeGet a managed cluster access profile by role name using list credential
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtient un cluster géréGet a managed cluster
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role

Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtient un cluster géréGet a managed cluster
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle Contributeur Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role

Octroie l’accès en lecture et en écriture aux clusters Azure Kubernetes Service. En savoir plusGrants access to read and write Azure Kubernetes Service clusters Learn more

ActionsActions DescriptionDescription
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read Obtient un cluster géréGet a managed cluster
Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write Crée ou met à jour un cluster géréCreates a new managed cluster or updates an existing one
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC AdminAzure Kubernetes Service RBAC Admin

Gérez toutes les ressources sous cluster/espace de noms, à l’exception de la mise à jour ou de la suppression de quotas de ressources et d’espaces de noms.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crée ou met à jour un déploiement.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write Écrit resourcequotasWrites resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete Supprime resourcequotasDeletes resourcequotas
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write Écrit namespacesWrites namespaces
Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete Supprime namespacesDeletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC Cluster AdminAzure Kubernetes Service RBAC Cluster Admin

Gérez toutes les ressources du cluster.Lets you manage all resources in the cluster. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crée ou met à jour un déploiement.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC ReaderAzure Kubernetes Service RBAC Reader

Autorise l’accès en lecture seule pour voir la plupart des objets dans un espace de noms.Allows read-only access to see most objects in a namespace. Ce rôle n’autorise pas l’affichage des rôles ni des liaisons de rôles.It does not allow viewing roles or role bindings. Il n’autorise pas l’affichage des secrets, car la lecture du contenu de Secrets donne accès aux informations d’identification ServiceAccount dans l’espace de noms, ce qui permet l’accès aux API comme n’importe quel ServiceAccount dans l’espace de noms (une forme d’élévation de privilèges).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crée ou met à jour un déploiement.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lit controllerrevisionsReads controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/readMicrosoft.ContainerService/managedClusters/apps/daemonsets/read Lit daemonsetsReads daemonsets
Microsoft.ContainerService/managedClusters/apps/deployments/readMicrosoft.ContainerService/managedClusters/apps/deployments/read Lit deploymentsReads deployments
Microsoft.ContainerService/managedClusters/apps/replicasets/readMicrosoft.ContainerService/managedClusters/apps/replicasets/read Lit replicasetsReads replicasets
Microsoft.ContainerService/managedClusters/apps/statefulsets/readMicrosoft.ContainerService/managedClusters/apps/statefulsets/read Lit statefulsetsReads statefulsets
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/readMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read Lit horizontalpodautoscalersReads horizontalpodautoscalers
Microsoft.ContainerService/managedClusters/batch/cronjobs/readMicrosoft.ContainerService/managedClusters/batch/cronjobs/read Lit cronjobsReads cronjobs
Microsoft.ContainerService/managedClusters/batch/jobs/readMicrosoft.ContainerService/managedClusters/batch/jobs/read Lit jobsReads jobs
Microsoft.ContainerService/managedClusters/configmaps/readMicrosoft.ContainerService/managedClusters/configmaps/read Lit configmapsReads configmaps
Microsoft.ContainerService/managedClusters/endpoints/readMicrosoft.ContainerService/managedClusters/endpoints/read Lit endpointsReads endpoints
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lit eventsReads events
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read Lit eventsReads events
Microsoft.ContainerService/managedClusters/extensions/daemonsets/readMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read Lit daemonsetsReads daemonsets
Microsoft.ContainerService/managedClusters/extensions/deployments/readMicrosoft.ContainerService/managedClusters/extensions/deployments/read Lit deploymentsReads deployments
Microsoft.ContainerService/managedClusters/extensions/ingresses/readMicrosoft.ContainerService/managedClusters/extensions/ingresses/read Lit ingressesReads ingresses
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/readMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read Lit networkpoliciesReads networkpolicies
Microsoft.ContainerService/managedClusters/extensions/replicasets/readMicrosoft.ContainerService/managedClusters/extensions/replicasets/read Lit replicasetsReads replicasets
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read Lit limitrangesReads limitranges
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read Lit namespacesReads namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read Lit ingressesReads ingresses
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read Lit networkpoliciesReads networkpolicies
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/readMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read Lit persistentvolumeclaimsReads persistentvolumeclaims
Microsoft.ContainerService/managedClusters/pods/readMicrosoft.ContainerService/managedClusters/pods/read Lit podsReads pods
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/readMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read Lit poddisruptionbudgetsReads poddisruptionbudgets
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lit replicationcontrollersReads replicationcontrollers
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lit replicationcontrollersReads replicationcontrollers
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Lit resourcequotasReads resourcequotas
Microsoft.ContainerService/managedClusters/serviceaccounts/readMicrosoft.ContainerService/managedClusters/serviceaccounts/read Lit serviceaccountsReads serviceaccounts
Microsoft.ContainerService/managedClusters/services/readMicrosoft.ContainerService/managedClusters/services/read Lit servicesReads services
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC WriterAzure Kubernetes Service RBAC Writer

Autorise l’accès en lecture/écriture à la plupart des objets d’un espace de noms. Ce rôle n’autorise pas l’affichage ni la modification des rôles ou des liaisons de rôles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Toutefois, ce rôle permet d’accéder aux secrets et aux pods en cours d’exécution comme n’importe quel ServiceAccount de l’espace de noms. Il peut donc être utilisé pour obtenir les niveaux d’accès API de n’importe quel ServiceAccount dans l’espace de noms.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write Crée ou met à jour un déploiement.Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lit controllerrevisionsReads controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/*
Microsoft.ContainerService/managedClusters/apps/deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/*
Microsoft.ContainerService/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/*
Microsoft.ContainerService/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/*
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft.ContainerService/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/*
Microsoft.ContainerService/managedClusters/batch/jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/*
Microsoft.ContainerService/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/*
Microsoft.ContainerService/managedClusters/endpoints/*Microsoft.ContainerService/managedClusters/endpoints/*
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lit eventsReads events
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read Lit eventsReads events
Microsoft.ContainerService/managedClusters/extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/*
Microsoft.ContainerService/managedClusters/extensions/deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/*
Microsoft.ContainerService/managedClusters/extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/*
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*
Microsoft.ContainerService/managedClusters/extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/*
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read Lit limitrangesReads limitranges
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read Lit namespacesReads namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
Microsoft.ContainerService/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/*
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Lit resourcequotasReads resourcequotas
Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
Microsoft.ContainerService/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/*
Microsoft.ContainerService/managedClusters/services/*Microsoft.ContainerService/managedClusters/services/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Bases de donnéesDatabases

Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role

Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read Lire n’importe quelle collectionRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action Lire les clés en lecture seule du compte de base de données.Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read Lire les définitions des mesuresRead metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read Lire des mesuresRead metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur Cosmos DBCosmos DB Operator

Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write Créer ou mettre à jour une définition de rôle SQLCreate or update a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete Supprimer une définition de rôle SQLDelete a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write Créer ou mettre à jour une attribution de rôle SQLCreate or update a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete Supprimer une attribution de rôle SQLDelete a SQL Role Assignment
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compte En savoir plusCan submit restore request for a Cosmos DB database or a container for an account Learn more

ActionsActions DescriptionDescription
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action Soumettre une demande pour configurer la sauvegardeSubmit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action Soumettre une demande de restaurationSubmit a restore request
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperatorCosmosRestoreOperator

Peut effectuer une action de restauration pour un compte de base de données Cosmos DB avec le mode de sauvegarde continuCan perform restore action for Cosmos DB database account with continuous backup mode

ActionsActions DescriptionDescription
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/actionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action Soumettre une demande de restaurationSubmit a restore request
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read Lit un compte de base de données pouvant être restauré ou liste tous les comptes de base de données pouvant être restaurésRead a restorable database account or List all the restorable database accounts
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte DocumentDBDocumentDB Account Contributor

Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Créer et gérer des comptes Azure Cosmos DBCreate and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Cache RedisRedis Cache Contributor

Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them.

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cache/register/actionMicrosoft.Cache/register/action Inscrit le fournisseur de ressources « Microsoft.Cache » à un abonnementRegisters the 'Microsoft.Cache' resource provider with a subscription
Microsoft.Cache/redis/*Microsoft.Cache/redis/* Créer et gérer les caches RedisCreate and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de base de données SQLSQL DB Contributor

Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* Créer et gérer les bases de données SQLCreate and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Modifier les paramètres d'auditEdit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Modifier les stratégies de masquage des donnéesEdit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Modifier les stratégies d'alerte de sécuritéEdit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Modifier les mesures de sécuritéEdit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur d’Instance managée SQLSQL Managed Instance Contributor

Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

ActionsActions DescriptionDescription
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/deleteMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete Supprime un objet d’authentification Azure Active Directory d’un serveur géré spécifiqueDeletes a specific managed server Azure Active Directory only authentication object
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/writeMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write Ajoute ou met à jour un objet d’authentification Azure Active Directory d’un serveur géré spécifiqueAdds or updates a specific managed server Azure Active Directory only authentication object
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gestionnaire de sécurité SQLSQL Security Manager

Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read Obtient le résultat des opérations de l’administrateur Azure Async de l’instance gérée.Gets the Managed instance azure async administrator operations result.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Créer et gérer les paramètres d’audit de serveur SQLCreate and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read Récupère les détails de la stratégie étendue d’audit des objets blob de serveur configurée sur un serveur spécifiéRetrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Créer et gérer les paramètres d’audit de base de données de serveur SQLCreate and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Créer et gérer les stratégies de masquage de données de base de données de serveur SQLCreate and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read Récupère les détails de la stratégie étendue d’audit d’objets blob configurée dans une base de données spécifiqueRetrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read Retourner la liste des bases de données ou obtenir les propriétés pour la base de données spécifiée.Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read Obtenir un schéma de base de données.Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read Obtenir une colonne de base de données.Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read Obtenir un tableau de base de données.Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Créer et gérer les stratégies d’alerte de sécurité de base de données de serveur SQLCreate and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Créer et gérer les mesures de sécurité de base de données de serveur SQLCreate and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Créer et gérer les stratégies d’alerte de sécurité de serveur SQLCreate and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
Microsoft.Sql/managedInstances/readMicrosoft.Sql/managedInstances/read Retourne la liste des instances gérées ou obtient les propriétés de l’instance gérée spécifiée.Return the list of managed instances or gets the properties for the specified managed instance.
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft.Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/*
Microsoft.Sql/managedInstances/administrators/readMicrosoft.Sql/managedInstances/administrators/read Obtient la liste des administrateurs de l’instance gérée.Gets a list of managed instance administrators.
Microsoft.Sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read Obtient un objet d’administrateur Azure Active Directory spécifiqueGets a specific Azure Active Directory administrator object
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/administrators/read",
        "Microsoft.Sql/servers/administrators/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur SQL ServerSQL Server Contributor

Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* Créer et gérer les serveurs SQLCreate and manage SQL servers
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Modifier les paramètres d'audit d'un serveur SQLEdit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Modifier les paramètres d'audit d'une base de données de serveur SQLEdit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Modifier les stratégies de masquage de données d'une base de données de serveur SQLEdit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Modifier les stratégies d'alerte de sécurité d'une base de données de serveur SQLEdit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Modifier les mesures de sécurité d'une base de données de serveur SQLEdit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Modifier les stratégies d'alerte de sécurité du serveur SQLEdit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete Supprime l’objet d’authentification Azure Active Directory d’un serveur spécifiqueDeletes a specific server Azure Active Directory only authentication object
Microsoft.Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write Lit ou met à jour l’objet d’authentification Azure Active Directory d’un serveur spécifiqueAdds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnalyticsAnalytics

Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner

Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver

Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender

Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeurs de fabrique de donnéesData Factory Contributor

Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write Créer ou mettre à jour un abonnement à un événementCreate or update an eventSubscription
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Videur de donnéesData Purger

Supprimez des données privées à partir d’un espace de travail Log Analytics.Delete private data from a Log Analytics workspace. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action Vider des données d’Application InsightsPurging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action Supprime les données spécifiées de l’espace de travailDelete specified data from workspace
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur de cluster HDInsightHDInsight Cluster Operator

Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action Obtenir les paramètres de passerelle pour un HDInsight ClusterGet gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action Mettre à jour les paramètres de passerelle pour un HDInsight ClusterUpdate gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor

Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsight En savoir plusCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

ActionsActions DescriptionDescription
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Log AnalyticsLog Analytics Contributor

Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. En savoir plusLearn more

ActionsActions DescriptionDescription
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Installe ou met à jour toutes les extensions Azure ArcInstalls or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Log AnalyticsLog Analytics Reader

Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. En savoir plusLearn more

ActionsActions DescriptionDescription
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Exécute une requête de recherche.Executes a search query
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read Récupère les clés partagées de l’espace de travail.Retrieves the shared keys for the workspace. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Curateur de données PurviewPurview Data Curator

Le curateur de données Microsoft.Purview peut créer, lire, modifier et supprimer des objets de données de catalogue et établir des relations entre les objets.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.

ActionsActions DescriptionDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read Lire des objets de données.Read data objects.
Microsoft.Purview/accounts/data/writeMicrosoft.Purview/accounts/data/write Créer, mettre à jour et supprimer des objets de données.Create, update and delete data objects.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de données PurviewPurview Data Reader

Le lecteur de données Microsoft.Purview peut lire les objets de données de catalogue.The Microsoft.Purview data reader can read catalog data objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.

ActionsActions DescriptionDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read Lire des objets de données.Read data objects.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur de la source de données PurviewPurview Data Source Administrator

L’administrateur de la source de données Microsoft.Purview peut gérer les sources de données et les analyses de données.The Microsoft.Purview data source administrator can manage data sources and data scans. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.

ActionsActions DescriptionDescription
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Purview/accounts/scan/readMicrosoft.Purview/accounts/scan/read Lire les sources de données et les analyses.Read data sources and scans.
Microsoft.Purview/accounts/scan/writeMicrosoft.Purview/accounts/scan/write Créer, mettre à jour et supprimer des sources de données et gérer les analyses.Create, update and delete data sources and manage scans.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur du registre de schémas (préversion)Schema Registry Contributor (Preview)

Lire, écrire et supprimer des groupes de registres de schémas et des schémas.Read, write, and delete Schema Registry groups and schemas.

ActionsActions DescriptionDescription
Microsoft.EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur du registre de schémas (préversion)Schema Registry Reader (Preview)

Lire et répertorier les groupes de registres de schémas et les schémas.Read and list Schema Registry groups and schemas.

ActionsActions DescriptionDescription
Microsoft.EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read Obtenir la liste des descriptions de ressources du groupe de schémasGet list of SchemaGroup Resource Descriptions
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read Récupérer des schémasRetrieve schemas
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BlockchainBlockchain

Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview)

Permet d’accéder aux nœuds du membre blockchain En savoir plusAllows for access to Blockchain Member nodes Learn more

ActionsActions DescriptionDescription
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read Crée ou répertorie un ou plusieurs nœuds de transaction existants du membre blockchain.Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action Connecte à un nœud de transaction d’un membre blockchain.Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IA + Machine LearningAI + machine learning

Contributeur Cognitive ServicesCognitive Services Contributor

Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read Afficher les fonctionnalités d’un abonnementGets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read Afficher les fonctionnalités d’un abonnement pour un fournisseur de ressources donnéGets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Lire les définitions de journalRead log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Lire les définitions des mesuresRead metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Cognitive Services Custom VisionCognitive Services Custom Vision Contributor

Accès complet au projet, y compris la possibilité de visualiser, créer, modifier et supprimer des projets.Full access to the project, including the ability to view, create, edit, or delete projects. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Déploiement de Cognitive Services Custom VisionCognitive Services Custom Vision Deployment

Publier, dépublier ou exporter des modèles.Publish, unpublish or export models. Le déploiement peut visualiser le projet, mais ne peut pas le mettre à jour.Deployment can view the project but can't update. En savoir plusLearn more

ActionsActions DescriptionDescription
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Microsoft.CognitiveServices/accounts/CustomVision/classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Microsoft.CognitiveServices/accounts/CustomVision/detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActionsNotDataActions
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read Exporte un projet.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description&q