Rôles intégrés AzureAzure built-in roles
Le contrôle d’accès en fonction du rôle (RBAC) Azure a plusieurs rôles intégrés Azure que vous pouvez affecter aux utilisateurs, groupes, principaux de service et identités managées.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Les attributions de rôles vous permettent de contrôler l’accès aux ressources Azure.Role assignments are the way you control access to Azure resources. Si les rôles intégrés ne répondent pas aux besoins spécifiques de votre organisation, vous pouvez créer vos propres rôles personnalisés Azure.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.
Cet article répertorie les rôles intégrés à Azure, qui sont en constante évolution.This article lists the Azure built-in roles, which are always evolving. Pour obtenir les derniers rôles, utilisez la commande Get-AzRoleDefinition ou az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Si vous recherchez des rôles d’administrateur pour Azure Active Directory (Azure AD), consultez Autorisations de rôles d’administrateur dans Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.
Le tableau ci-après fournit une brève description et l'ID unique de chaque rôle intégré.The following table provides a brief description and the unique ID of each built-in role. Cliquez sur le nom d’un rôle pour voir la liste de Actions
, NotActions
, DataActions
et NotDataActions
concernant ce rôle.Click the role name to see the list of Actions
, NotActions
, DataActions
, and NotDataActions
for each role. Pour obtenir des informations sur la signification de ces actions et la manière dont elles s’appliquent en termes de gestion et de données, consultez Comprendre les définitions de rôle Azure.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.
TousAll
Rôle intégréBuilt-in role | DescriptionDescription | idID |
---|---|---|
GénéralitésGeneral | ||
ContributeurContributor | Accorde un accès total pour gérer toutes les ressources, mais ne vous permet pas d’affecter des rôles dans Azure RBAC, de gérer des affectations dans Azure Blueprints ou de partager des galeries d’images.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. | b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c |
PropriétaireOwner | Octroie un accès total pour gérer toutes les ressources, notamment la possibilité d’attribuer des rôles dans Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
LecteurReader | Affiche toutes les ressources, mais ne vous autorise pas à apporter des modifications.View all resources, but does not allow you to make any changes. | acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7 |
Administrateur de l'accès utilisateurUser Access Administrator | Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
CalculCompute | ||
Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor | Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb |
Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login | Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateurView Virtual Machines in the portal and login as administrator | 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4 |
Contributeur de machine virtuelleVirtual Machine Contributor | Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c |
Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login | Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user. | fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52 |
Mise en réseauNetworking | ||
Contributeur de point de terminaison CDNCDN Endpoint Contributor | Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users. | 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45 |
Lecteur de point de terminaison CDNCDN Endpoint Reader | Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes. | 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd |
Contributeur de profil CDNCDN Profile Contributor | Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users. | ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432 |
Lecteur de profil CDNCDN Profile Reader | Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes. | 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af |
Contributeur de réseau classiqueClassic Network Contributor | Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them. | b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f |
Contributeur de Zone DNSDNS Zone Contributor | Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314 |
Contributeur de réseauNetwork Contributor | Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them. | 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7 |
Collaborateur de zone DNS privéePrivate DNS Zone Contributor | Permet de gérer les ressources de zone DNS privée, mais pas les réseaux virtuels auxquels elles sont liées.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. | b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f |
Contributeur Traffic ManagerTraffic Manager Contributor | Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 |
StockageStorage | ||
Contributeur AvereAvere Contributor | Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster. | 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a |
Opérateur AvereAvere Operator | Utilisé par le cluster Avere vFXT pour gérer le clusterUsed by the Avere vFXT cluster to manage the cluster | c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 |
Contributeur de sauvegardeBackup Contributor | Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnesLets you manage backup service, but can't create vaults and give access to others | 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b |
Opérateur de sauvegardeBackup Operator | Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnesLets you manage backup services, except removal of backup, vault creation and giving access to others | 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324 |
Lecteur de sauvegardeBackup Reader | Peut afficher des services de sauvegarde, mais pas apporter des modificationsCan view backup services, but can't make changes | a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912 |
Contributeur de compte de stockage classiqueClassic Storage Account Contributor | Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them. | 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25 |
Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role | Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à régénérer des clés sur des comptes de stockage classiquesClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts | 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d |
Contributeur Data BoxData Box Contributor | Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others. | add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5 |
Lecteur Data BoxData Box Reader | Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others. | 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 |
Développeur Data Lake AnalyticsData Lake Analytics Developer | Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. | 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88 |
Lecteur et accès aux donnéesReader and Data Access | Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys. | c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349 |
Contributeur de compte de stockageStorage Account Contributor | Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization. | 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab |
Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role | Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys. | 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12 |
Contributeur aux données Blob du stockageStorage Blob Data Contributor | Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe |
Propriétaire des données Blob du stockageStorage Blob Data Owner | Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b |
Lecteur des données blob du stockageStorage Blob Data Reader | Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1 |
Délégation du Stockage BlobStorage Blob Delegator | Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS. | db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a |
Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor | Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers. | 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb |
Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor | Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers. | a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7 |
Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader | Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers. | aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314 |
Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor | Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88 |
Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor | Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed |
Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender | Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a |
Lecteur des données en file d’attente du stockageStorage Queue Data Reader | Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925 |
WebWeb | ||
Contributeur aux données Azure MapsAzure Maps Data Contributor | Accorde l’accès en lecture, en écriture et en suppression aux données liées aux cartes depuis un compte Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. | 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204 |
Lecteur de données Azure MapsAzure Maps Data Reader | Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account. | 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa |
Contributeur du service de rechercheSearch Service Contributor | Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0 |
Lecteur AccessKey SignalRSignalR AccessKey Reader | Lire les clés d’accès du service SignalRRead SignalR Service Access Keys | 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e |
Serveur d’applications SignalR (préversion)SignalR App Server (Preview) | Permet à votre serveur d’applications d’accéder au service SignalR avec les options d’authentification AAD.Lets your app server access SignalR Service with AAD auth options. | 420fcaa2-552c-430f-98ca-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7 |
Contributeur SignalRSignalR Contributor | Créer, lire, mettre à jour et supprimer des ressources de service SignalRCreate, Read, Update, and Delete SignalR service resources | 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761 |
Contributeur SignalR Serverless (préversion)SignalR Serverless Contributor (Preview) | Permet à votre application d’accéder au service en mode serverless avec les options d’authentification AAD.Lets your app access service in serverless mode with AAD auth options. | fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521 |
Propriétaire de SignalR Service (préversion)SignalR Service Owner (Preview) | Accès complet aux API REST du service Azure SignalRFull access to Azure SignalR Service REST APIs | 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3 |
Lecteur de SignalR Service (préversion)SignalR Service Reader (Preview) | Accès en lecture seule aux API REST du service Azure SignalRRead-only access to Azure SignalR Service REST APIs | ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035 |
Contributeur de plan webWeb Plan Contributor | Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them. | 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b |
Contributeur de site webWebsite Contributor | Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them. | de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772 |
ContainersContainers | ||
AcrDeleteAcrDelete | acr deleteacr delete | c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11 |
AcrImageSignerAcrImageSigner | signataire d’image ACRacr image signer | 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f |
AcrPullAcrPull | tirer (pull) acracr pull | 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d |
AcrPushAcrPush | envoyer (push) acracr push | 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec |
AcrQuarantineReaderAcrQuarantineReader | lecteur de données de quarantaine ACRacr quarantine data reader | cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04 |
AcrQuarantineWriterAcrQuarantineWriter | écriture de données de quarantaine ACRacr quarantine data writer | c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608 |
Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role | Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 |
Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role | Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f |
Rôle Contributeur Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role | Octroie l’accès en lecture et en écriture aux clusters Azure Kubernetes ServiceGrants access to read and write Azure Kubernetes Service clusters | ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 |
Azure Kubernetes Service RBAC AdminAzure Kubernetes Service RBAC Admin | Gérez toutes les ressources sous cluster/espace de noms, à l’exception de la mise à jour ou de la suppression de quotas de ressources et d’espaces de noms.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7 |
Azure Kubernetes Service RBAC Cluster AdminAzure Kubernetes Service RBAC Cluster Admin | Gérez toutes les ressources du cluster.Lets you manage all resources in the cluster. | b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b |
Azure Kubernetes Service RBAC ReaderAzure Kubernetes Service RBAC Reader | Autorise l’accès en lecture seule pour voir la plupart des objets dans un espace de noms.Allows read-only access to see most objects in a namespace. Ce rôle n’autorise pas l’affichage des rôles ni des liaisons de rôles.It does not allow viewing roles or role bindings. Il n’autorise pas l’affichage des secrets, car la lecture du contenu de Secrets donne accès aux informations d’identification ServiceAccount dans l’espace de noms, ce qui permet l’accès aux API comme n’importe quel ServiceAccount dans l’espace de noms (une forme d’élévation de privilèges).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. | 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db |
Azure Kubernetes Service RBAC WriterAzure Kubernetes Service RBAC Writer | Autorise l’accès en lecture/écriture à la plupart des objets d’un espace de noms. Ce rôle n’autorise pas l’affichage ni la modification des rôles ou des liaisons de rôles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Toutefois, ce rôle permet d’accéder aux secrets et aux pods en cours d’exécution comme n’importe quel ServiceAccount de l’espace de noms. Il peut donc être utilisé pour obtenir les niveaux d’accès API de n’importe quel ServiceAccount dans l’espace de noms.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. | a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb |
Bases de donnéesDatabases | ||
Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role | Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. | fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8 |
Opérateur Cosmos DBCosmos DB Operator | Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings. | 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa |
CosmosBackupOperatorCosmosBackupOperator | Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compteCan submit restore request for a Cosmos DB database or a container for an account | db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb |
CosmosRestoreOperatorCosmosRestoreOperator | Peut effectuer une action de restauration pour un compte de base de données Cosmos DB avec le mode de sauvegarde continuCan perform restore action for Cosmos DB database account with continuous backup mode | 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f |
Contributeur de compte DocumentDBDocumentDB Account Contributor | Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. | 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450 |
Contributeur Cache RedisRedis Cache Contributor | Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them. | e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17 |
Contributeur de base de données SQLSQL DB Contributor | Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers. | 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec |
Contributeur de SQL Managed InstanceSQL Managed Instance Contributor | Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. | 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d |
Gestionnaire de sécurité SQLSQL Security Manager | Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them. | 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3 |
Contributeur SQL ServerSQL Server Contributor | Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. | 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 |
AnalyseAnalytics | ||
Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner | Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources. | f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec |
Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver | Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources. | a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde |
Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender | Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources. | 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975 |
Contributeurs de fabrique de donnéesData Factory Contributor | Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them. | 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5 |
Videur de donnéesData Purger | Supprimez des données privées à partir d’un espace de travail Log Analytics.Delete private data from a Log Analytics workspace. | 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90 |
Opérateur de cluster HDInsightHDInsight Cluster Operator | Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations. | 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a |
Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor | Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsightCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package | 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c |
Contributeur Log AnalyticsLog Analytics Contributor | Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. | 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293 |
Lecteur Log AnalyticsLog Analytics Reader | Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893 |
Curateur de données PurviewPurview Data Curator | Le curateur de données Microsoft.Purview peut créer, lire, modifier et supprimer des objets de données de catalogue et établir des relations entre les objets.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. | 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347 |
Lecteur de données PurviewPurview Data Reader | Le lecteur de données Microsoft.Purview peut lire les objets de données de catalogue.The Microsoft.Purview data reader can read catalog data objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. | ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db |
Administrateur de la source de données PurviewPurview Data Source Administrator | L’administrateur de la source de données Microsoft.Purview peut gérer les sources de données et les analyses de données.The Microsoft.Purview data source administrator can manage data sources and data scans. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change. | 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803 |
Contributeur du registre de schémas (préversion)Schema Registry Contributor (Preview) | Lire, écrire et supprimer des groupes de registres de schémas et des schémas.Read, write, and delete Schema Registry groups and schemas. | 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25 |
Lecteur du registre de schémas (préversion)Schema Registry Reader (Preview) | Lire et répertorier les groupes de registres de schémas et les schémas.Read and list Schema Registry groups and schemas. | 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2 |
BlockchainBlockchain | ||
Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview) | Permet d’accéder aux nœuds du membre blockchainAllows for access to Blockchain Member nodes | 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24 |
IA + machine learningAI + machine learning | ||
Contributeur Cognitive ServicesCognitive Services Contributor | Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. | 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 |
Contributeur Cognitive Services Custom VisionCognitive Services Custom Vision Contributor | Accès complet au projet, y compris la possibilité de visualiser, créer, modifier et supprimer des projets.Full access to the project, including the ability to view, create, edit, or delete projects. | c1ff6cc2-c111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3 |
Déploiement de Cognitive Services Custom VisionCognitive Services Custom Vision Deployment | Publier, dépublier ou exporter des modèles.Publish, unpublish or export models. Le déploiement peut visualiser le projet, mais ne peut pas le mettre à jour.Deployment can view the project but can't update. | 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f |
Étiqueteur Cognitive Services Custom VisionCognitive Services Custom Vision Labeler | Visualiser, modifier des images d’entraînement, et créer, ajouter, supprimer ou effacer les étiquettes des images.View, edit training images and create, add, remove, or delete the image tags. Les étiqueteurs peuvent visualiser le projet, mais ne peuvent pas mettre à jour autre chose que des images d’entraînement et des étiquettes.Labelers can view the project but can't update anything other than training images and tags. | 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c |
Lecteur Cognitive Services Custom VisionCognitive Services Custom Vision Reader | Actions en lecture seule dans le projet.Read-only actions in the project. Les lecteurs ne peuvent pas créer ni mettre à jour le projet.Readers can't create or update the project. | 93586559-c37d-4a6b-ba08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73 |
Entraîneur Cognitive Services Custom VisionCognitive Services Custom Vision Trainer | Afficher, modifier les projets et entraîner les modèles, avec la possibilité de publier, de dépublier, d’exporter les modèles.View, edit projects and train the models, including the ability to publish, unpublish, export the models. Les entraîneurs ne peuvent pas créer ni supprimer le projet.Trainers can't create or delete the project. | 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b |
Lecteur de données Cognitive Services (préversion)Cognitive Services Data Reader (Preview) | Permet de lire des données Cognitive Services.Lets you read Cognitive Services data. | b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c |
Administrateur Cognitive Services Metrics AdvisorCognitive Services Metrics Advisor Administrator | Accès complet au projet, y compris la configuration au niveau du système.Full access to the project, including the system level configuration. | cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a |
Éditeur QnA Maker Cognitive ServicesCognitive Services QnA Maker Editor | Vous permet de créer, modifier, importer et exporter une base de connaissances.Let's you create, edit, import and export a KB. Vous ne pouvez pas publier ni supprimer une base de connaissances.You cannot publish or delete a KB. | f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025 |
Lecteur QnA Maker Cognitive ServicesCognitive Services QnA Maker Reader | Vous permet de seulement lire et tester une base de connaissances.Let's you read and test a KB only. | 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126 |
Utilisateur Cognitive ServicesCognitive Services User | Vous permet de lire et de répertorier les clés de Cognitive Services.Lets you read and list keys of Cognitive Services. | a97b65f3-24C7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908 |
Internet des objetsInternet of things | ||
Administrateur Device UpdateDevice Update Administrator | Vous accorde l’accès complet aux opérations de gestion et de contenuGives you full access to management and content operations | 02ca0879-e8e4-47a5-a61e-5c618b76e64a02ca0879-e8e4-47a5-a61e-5c618b76e64a |
Administrateur de contenu Device UpdateDevice Update Content Administrator | Vous accorde l’accès complet aux opérations de contenuGives you full access to content operations | 0378884a-3af5-44ab-8323-f5b22f9f3c980378884a-3af5-44ab-8323-f5b22f9f3c98 |
Lecteur du contenu Device UpdateDevice Update Content Reader | Vous accorde l’accès en lecture aux opérations de contenu, mais ne vous permet pas d’effectuer des modificationsGives you read access to content operations, but does not allow making changes | d1ee9a80-8b14-47f0-bdc2-f4a351625a7bd1ee9a80-8b14-47f0-bdc2-f4a351625a7b |
Administrateur des déploiements Device UpdateDevice Update Deployments Administrator | Vous accorde l’accès complet aux opérations de gestionGives you full access to management operations | e4237640-0e3d-4a46-8fda-70bc94856432e4237640-0e3d-4a46-8fda-70bc94856432 |
Lecteur des déploiements Device UpdateDevice Update Deployments Reader | Vous accorde l’accès en lecture aux opérations de gestion, mais ne vous permet pas d’effectuer des modificationsGives you read access to management operations, but does not allow making changes | 49e2f5d2-7741-4835-8efa-19e1fe35e47f49e2f5d2-7741-4835-8efa-19e1fe35e47f |
Lecteur Device UpdateDevice Update Reader | Vous accorde l’accès en lecture aux opérations de gestion et de contenu, mais ne vous permet pas d’effectuer des modificationsGives you read access to management and content operations, but does not allow making changes | e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0fe9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f |
Réalité mixteMixed reality | ||
Administrateur Remote RenderingRemote Rendering Administrator | Fournit à l’utilisateur des fonctionnalités de conversion, de gestion de session, de rendu et de diagnostic pour Azure Remote RenderingProvides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering | 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e |
Client Remote RenderingRemote Rendering Client | Fournit à l’utilisateur des fonctionnalités de gestion de session, de rendu et de diagnostic pour Azure Remote RenderingProvides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. | d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a |
Contributeur de compte Spatial AnchorsSpatial Anchors Account Contributor | Permet de gérer des ancres spatiales dans votre compte, mais pas de les supprimerLets you manage spatial anchors in your account, but not delete them | 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827 |
Propriétaire de compte Spatial AnchorsSpatial Anchors Account Owner | Permet de gérer des ancres spatiales dans votre compte, y compris de les supprimerLets you manage spatial anchors in your account, including deleting them | 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c |
Lecteur de compte Spatial AnchorsSpatial Anchors Account Reader | Permet de localiser et de lire les propriétés d’ancres spatiales dans votre compteLets you locate and read properties of spatial anchors in your account | 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413 |
IntégrationIntegration | ||
Contributeur du service Gestion des APIAPI Management Service Contributor | Peut gérer le service et les APICan manage service and the APIs | 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c |
Rôle d’opérateur du service Gestion des APIAPI Management Service Operator Role | Peut gérer le service, mais pas les APICan manage service but not the APIs | e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61 |
Rôle de lecteur du service Gestion des APIAPI Management Service Reader Role | Accès en lecture seule au service et aux APIRead-only access to service and APIs | 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d |
Propriétaire des données App ConfigurationApp Configuration Data Owner | Permet l’accès total aux données App Configuration.Allows full access to App Configuration data. | 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b |
Lecteur des données App ConfigurationApp Configuration Data Reader | Permet de lire les données App Configuration.Allows read access to App Configuration data. | 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071 |
Propriétaire de données Azure Service BusAzure Service Bus Data Owner | Permet un accès total aux ressources Azure Service Bus.Allows for full access to Azure Service Bus resources. | 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419 |
Récepteur de données Azure Service BusAzure Service Bus Data Receiver | Permet d’obtenir un accès en réception aux ressources Azure Service Bus.Allows for receive access to Azure Service Bus resources. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
Expéditeur de données Azure Service BusAzure Service Bus Data Sender | Permet d’obtenir un accès en envoi aux ressources Azure Service Bus.Allows for send access to Azure Service Bus resources. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
Propriétaire de l’inscription Azure StackAzure Stack Registration Owner | Permet de gérer les inscriptions Azure Stack.Lets you manage Azure Stack registrations. | 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a |
Contributeur EventgridEventGrid Contributor | Vous permet de gérer les opérations EventGrid.Lets you manage EventGrid operations. | 1e241071-0855-49ea-94dc-649edcd759de1e241071-0855-49ea-94dc-649edcd759de |
Contributeur EventGrid EventSubscriptionEventGrid EventSubscription Contributor | Vous permet de gérer les opérations d’abonnement aux événements EventGrid.Lets you manage EventGrid event subscription operations. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |
Lecteur EventGrid EventSubscriptionEventGrid EventSubscription Reader | Vous permet de lire les abonnements aux événements EventGrid.Lets you read EventGrid event subscriptions. | 2414bbcf-6497-4FAF-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405 |
Contributeur aux données FHIRFHIR Data Contributor | Ce rôle accorde à l’utilisateur ou au principal un accès complet aux données FHIRRole allows user or principal full access to FHIR Data | 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd |
Exportateur de données FHIRFHIR Data Exporter | Ce rôle permet à l’utilisateur ou au principal de lire et d’exporter des données FHIRRole allows user or principal to read and export FHIR Data | 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843 |
Lecteur de données FHIRFHIR Data Reader | Ce rôle permet à l’utilisateur ou au principal de lire des données FHIRRole allows user or principal to read FHIR Data | 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508 |
Enregistreur de données FHIRFHIR Data Writer | Ce rôle permet à l’utilisateur ou au principal de lire et d’écrire des données FHIRRole allows user or principal to read and write FHIR Data | 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913 |
Contributeur de l’environnement de service d’intégrationIntegration Service Environment Contributor | Permet de gérer les environnements de service d’intégration, mais pas d’y accéder.Lets you manage integration service environments, but not access to them. | a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8 |
Développeur d’environnement de service d’intégrationIntegration Service Environment Developer | Permet aux développeurs de créer et de mettre à jour des workflows, des comptes d’intégration et des connexions d’API dans les environnements de service d’intégration.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. | c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec |
Contributeur de compte Intelligent SystemsIntelligent Systems Account Contributor | Permet de gérer des comptes Intelligent Systems, mais pas d’y accéder.Lets you manage Intelligent Systems accounts, but not access to them. | 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e |
Contributeur d’application logiqueLogic App Contributor | Permet de gérer des applications logiques, mais pas d’en modifier l’accès.Lets you manage logic apps, but not change access to them. | 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e |
Opérateur d’application logiqueLogic App Operator | Permet de lire, d’activer et de désactiver des applications logiques, mais pas de les modifier ou de les mettre à jour.Lets you read, enable, and disable logic apps, but not edit or update them. | 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe |
IdentitéIdentity | ||
Contributeur d’identités géréesManaged Identity Contributor | Peut créer, lire, mettre à jour et supprimer une identité attribuée à l’utilisateur.Create, Read, Update, and Delete User Assigned Identity | e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 |
Opérateur d’identités géréesManaged Identity Operator | Peut lire et assigner une identité attribuée à l’utilisateur.Read and Assign User Assigned Identity | f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830 |
SécuritéSecurity | ||
Contributeur d’attestationAttestation Contributor | Peut lire, écrire ou supprimer l’instance du fournisseur d’attestationsCan read write or delete the attestation provider instance | bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e |
Lecteur d’attestationAttestation Reader | Peut lire les propriétés du fournisseur d’attestationsCan read the attestation provider properties | fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3 |
Contributeur Azure SentinelAzure Sentinel Contributor | Contributeur Azure SentinelAzure Sentinel Contributor | ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade |
Lecteur Azure SentinelAzure Sentinel Reader | Lecteur Azure SentinelAzure Sentinel Reader | 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb |
Répondeur Azure SentinelAzure Sentinel Responder | Répondeur Azure SentinelAzure Sentinel Responder | 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056 |
Administrateur Key VaultKey Vault Administrator | Permet d’effectuer toutes les opération du plan de données sur un coffre de clés et tous les objets qu’il contient, notamment les certificats, les clés et les secrets.Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Ne peut pas gérer les ressources du coffre de clés ni gérer les attributions de rôles.Cannot manage key vault resources or manage role assignments. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483 |
Agent des certificats Key VaultKey Vault Certificates Officer | Permet d’effectuer une action sur les certificats d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the certificates of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985 |
Contributeur Key VaultKey Vault Contributor | Permet de gérer les coffres de clés, mais ne vous permet pas d’attribuer des rôles dans Azure RBAC ni d’accéder à des secrets, des clés ou des certificats.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. | f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395 |
Agent de chiffrement Key VaultKey Vault Crypto Officer | Permet d’effectuer une action sur les clés d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the keys of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603 |
Utilisateur du service de chiffrement de Key VaultKey Vault Crypto Service Encryption User | Permet de lire les métadonnées des clés et d’effectuer des opérations visant à envelopper/désenvelopper.Read metadata of keys and perform wrap/unwrap operations. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6 |
Utilisateur de chiffrement Key VaultKey Vault Crypto User | Permet d’effectuer des opérations de chiffrement à l’aide de clés.Perform cryptographic operations using keys. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424 |
Lecteur Key VaultKey Vault Reader | Permet de lire les métadonnées de coffres de clés et de leurs certificats, clés et secrets.Read metadata of key vaults and its certificates, keys, and secrets. Ne peut pas lire les valeurs sensibles, telles que les contenus secrets ou les documents clés.Cannot read sensitive values such as secret contents or key material. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2 |
Agent des secrets Key VaultKey Vault Secrets Officer | Permet d’effectuer une action sur les secrets d’un coffre de clés, à l’exception des autorisations de gestion.Perform any action on the secrets of a key vault, except manage permissions. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7 |
Utilisateur des secrets Key VaultKey Vault Secrets User | Permet de lire le contenu du secret.Read secret contents. Fonctionne uniquement pour les coffres de clés qui utilisent le modèle d’autorisation « Contrôle d’accès en fonction du rôle Azure ».Only works for key vaults that use the 'Azure role-based access control' permission model. | 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6 |
Contributeur HSM managéManaged HSM contributor | Vous permet de gérer des pools HSM managés, mais pas d’y accéder.Lets you manage managed HSM pools, but not access to them. | 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d |
Administrateur de la sécuritéSecurity Admin | Autorisations d’affichage et de mise à jour pour Security Center.View and update permissions for Security Center. Dispose des mêmes autorisations que le rôle Lecteur de sécurité et peut également modifier la stratégie de sécurité et ignorer les alertes et les recommandations.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. | fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd |
Contributeur d'évaluation de la sécuritéSecurity Assessment Contributor | Vous permet d’envoyer (push) les évaluations à Security CenterLets you push assessments to Security Center | 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
Gestionnaire de sécurité (hérité)Security Manager (Legacy) | Il s’agit d’un rôle hérité.This is a legacy role. Utilisez plutôt l’administrateur de sécurité.Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
Lecteur de sécuritéSecurity Reader | Autorisations d’affichage pour Security Center.View permissions for Security Center. Peut afficher les recommandations, les alertes, une stratégie de sécurité et les états de sécurité, mais ne peut pas apporter de modifications.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. | 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4 |
DevOpsDevOps | ||
Utilisateur de DevTest LabsDevTest Labs User | Permet de connecter, de démarrer, de redémarrer et d’arrêter vos machines virtuelles dans votre Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. | 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64 |
Créateur LabLab Creator | Créez des labs sous vos comptes Azure Lab.Lets you create new labs under your Azure Lab Accounts. | b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead |
SurveillerMonitor | ||
Contributeur de composants Application InsightsApplication Insights Component Contributor | Gérer les composants Application InsightsCan manage Application Insights components | ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e |
Débogueur de capture instantanée d’Application InsightsApplication Insights Snapshot Debugger | Autorise l’utilisateur à consulter et à télécharger les instantanés de débogage collectés à l’aide du débogueur de capture instantanée Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Ces autorisations ne sont pas incluses dans les rôles Propriétaire et Contributeur.Note that these permissions are not included in the Owner or Contributor roles. Lorsque vous donnez aux utilisateurs le rôle Débogueur de capture instantanée Application Insights, vous devez leur accorder directement le rôle.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. Le rôle n’est pas reconnu lorsqu’il est ajouté à un rôle personnalisé.The role is not recognized when it is added to a custom role. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b |
Contributeur de surveillanceMonitoring Contributor | Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Can read all monitoring data and edit monitoring settings. Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. | 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa |
Publication des métriques de surveillanceMonitoring Metrics Publisher | Permet de publier les métriques relatives aux ressources AzureEnables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb |
Lecteur de surveillanceMonitoring Reader | Peut lire toutes les données de supervision (métriques, journaux d’activité, etc.)Can read all monitoring data (metrics, logs, etc.). Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. | 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05 |
Contributeur de classeurWorkbook Contributor | Peut enregistrer les classeurs partagés.Can save shared workbooks. | e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad |
Lecteur de classeurWorkbook Reader | Peut lire les classeurs.Can read workbooks. | b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d |
Gestion + gouvernanceManagement + governance | ||
Opérateur de travaux AutomationAutomation Job Operator | Permet de créer et de gérer des travaux avec des runbooks Automation.Create and Manage Jobs using Automation Runbooks. | 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f |
Opérateur AutomationAutomation Operator | Les opérateurs d’Automation sont en mesure de démarrer, d’arrêter, de suspendre et de reprendre des travauxAutomation Operators are able to start, stop, suspend, and resume jobs | d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404 |
Opérateur de runbook AutomationAutomation Runbook Operator | Propriétés de lecture du runbook : pour pouvoir créer des travaux depuis le runbook.Read Runbook properties - to be able to create Jobs of the runbook. | 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5 |
Intégration de machine connectée à AzureAzure Connected Machine Onboarding | Peut intégrer des machines connectées à Azure.Can onboard Azure Connected Machines. | b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 |
Administrateur des ressources de la machine connectée à AzureAzure Connected Machine Resource Administrator | Peut lire, écrire, supprimer et réintégrer des machines connectées à Azure.Can read, write, delete and re-onboard Azure Connected Machines. | cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302 |
Lecteur de facturationBilling Reader | Autorise l’accès en lecture aux données de facturationAllows read access to billing data | fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 |
Contributeur blueprintBlueprint Contributor | Peut gérer les définitions blueprint, mais ne peut pas les affecter.Can manage blueprint definitions, but not assign them. | 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4 |
Opérateur blueprintBlueprint Operator | Peut affecter des blueprints publiés existants, mais ne peut pas en créer de nouveaux.Can assign existing published blueprints, but cannot create new blueprints. Notez que cela fonctionne uniquement si l’affectation est effectuée avec une identité managée affectée par l’utilisateur.Note that this only works if the assignment is done with a user-assigned managed identity. | 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090 |
Contributeur Cost ManagementCost Management Contributor | Peut afficher les coûts et gérer la configuration des coûts (par exemple, budgets, exportations)Can view costs and manage cost configuration (e.g. budgets, exports) | 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430 |
Lecteur Cost ManagementCost Management Reader | Peut afficher les données et la configuration des coûts (par exemple, budgets, exportations)Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3 |
Administration des paramètres de hiérarchieHierarchy Settings Administrator | Permet aux utilisateurs de modifier et de supprimer des paramètres de hiérarchieAllows users to edit and delete Hierarchy Settings | 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d |
Cluster Kubernetes – Intégration Azure ArcKubernetes Cluster - Azure Arc Onboarding | Définition de rôle pour autoriser tout utilisateur/service à créer une ressource connectedClustersRole definition to authorize any user/service to create connectedClusters resource | 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41 |
Rôle Contributeur d'application managéeManaged Application Contributor Role | Permet de créer des ressources d’application managées.Allows for creating managed application resources. | 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e |
Rôle opérateur d’application managéeManaged Application Operator Role | Permet de lire les ressources d’application managée et d’effectuer des actions sur ces ressources.Lets you read and perform actions on Managed Application resources | c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae |
Lecteur Applications managéesManaged Applications Reader | Vous permet de lire les ressources dans une application managée et de demander un accès JIT.Lets you read resources in a managed app and request JIT access. | b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44 |
Suppression du rôle d’attribution d’inscription de services managéManaged Services Registration assignment Delete Role | La suppression du rôle d’attribution d’inscription de services managés permet aux utilisateurs du client gérant de supprimer l’attribution d’inscription assignée à leur locataire.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. | 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46 |
Contributeur du groupe d’administrationManagement Group Contributor | Rôle de collaborateur du groupe d’administrationManagement Group Contributor Role | 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c |
Lecteur du groupe d’administrationManagement Group Reader | Rôle de lecteur du groupe d’administrationManagement Group Reader Role | ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d |
Contributeur de compte NewRelic APMNew Relic APM Account Contributor | Vous permet de gérer des comptes et applications New Relic Application Performance Management, mais pas d’y accéder.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. | 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237 |
Policy Insights Data Writer (préversion)Policy Insights Data Writer (Preview) | Permet de lire les stratégies de ressources et d’écrire les événements de stratégie de composant de ressource.Allows read access to resource policies and write access to resource component policy events. | 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84 |
Rôle opérateur de requête de quotaQuota Request Operator Role | Lisez et créez des requêtes de quota, obtenez l’état de la requête de quota et créez des tickets de support.Read and create quota requests, get quota request status, and create support tickets. | 0e5f05e5-9ab9-446b-b98d-1e2157c941250e5f05e5-9ab9-446b-b98d-1e2157c94125 |
Acheteur de réservationReservation Purchaser | Vous permet d’acheter des réservationsLets you purchase reservations | f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689 |
Contributeur de stratégie de ressourceResource Policy Contributor | Utilisateurs dotés de droits pour créer ou modifier une stratégie de ressource, créer un ticket de support et lire des ressources ou la hiérarchie.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608 |
Contributeur Site RecoverySite Recovery Contributor | Permet de gérer le service Site Recovery sauf la création de coffre et l’attribution de rôleLets you manage Site Recovery service except vault creation and role assignment | 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567 |
Opérateur Site RecoverySite Recovery Operator | Permet de basculer et de restaurer mais pas d’effectuer d’autres opérations de gestion de Site RecoveryLets you failover and failback but not perform other Site Recovery management operations | 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca |
Lecteur Site RecoverySite Recovery Reader | Permet d’afficher l’état de Site Recovery mais pas d’effectuer d’autres opérations de gestionLets you view Site Recovery status but not perform other management operations | dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149 |
Contributeur de demande de supportSupport Request Contributor | Permet de créer et de gérer des demandes de supportLets you create and manage Support requests | cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e |
Contributeur d’étiquetteTag Contributor | Vous permet de gérer les étiquettes sur les entités, sans fournir l’accès aux entités elles-mêmes.Lets you manage tags on entities, without providing access to the entities themselves. | 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f |
AutresOther | ||
Propriétaire des données Azure Digital TwinsAzure Digital Twins Data Owner | Rôle d’accès complet pour le plan de données Digital TwinsFull access role for Digital Twins data-plane | bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe |
Lecteur de données Azure Digital TwinsAzure Digital Twins Data Reader | Rôle en lecture seule pour les propriétés du plan de données Digital TwinsRead-only role for Digital Twins data-plane properties | d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3 |
Contributeur BizTalkBizTalk Contributor | Permet de gérer des services BizTalk, mais pas d’y accéder.Lets you manage BizTalk services, but not access to them. | 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342 |
Contributeur du groupe d’applications de virtualisation de poste de travailDesktop Virtualization Application Group Contributor | Contributeur du groupe d’applications de virtualisation de poste de travail.Contributor of the Desktop Virtualization Application Group. | 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8 |
Lecteur du groupe d’applications de virtualisation de poste de travailDesktop Virtualization Application Group Reader | Lecteur du groupe d’applications de virtualisation de poste de travail.Reader of the Desktop Virtualization Application Group. | aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55 |
Contributeur de virtualisation des services BureauDesktop Virtualization Contributor | Contributeur de virtualisation de poste de travailContributor of Desktop Virtualization. | 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387 |
Contributeur de pool d’hôtes de virtualisation de poste de travailDesktop Virtualization Host Pool Contributor | Contributeur de pool d’hôtes de virtualisation de poste de travail.Contributor of the Desktop Virtualization Host Pool. | e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc |
Lecteur de pool d’hôtes de virtualisation de poste de travailDesktop Virtualization Host Pool Reader | Lecteur de pool d’hôtes de virtualisation de poste de travail.Reader of the Desktop Virtualization Host Pool. | ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822 |
Lecteur de virtualisation des services BureauDesktop Virtualization Reader | Lecteur de virtualisation de poste de travailReader of Desktop Virtualization. | 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868 |
Opérateur d’hôte de session de virtualisation de virtualisation de poste de travailDesktop Virtualization Session Host Operator | Opérateur d’hôte de session de virtualisation de virtualisation de poste de travail.Operator of the Desktop Virtualization Session Host. | 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408 |
Utilisateur de virtualisation de bureauDesktop Virtualization User | Permet à l’utilisateur d’utiliser les applications dans un groupe d’applications.Allows user to use the applications in an application group. | 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 |
Opérateur de session utilisateur de virtualisation de poste de travailDesktop Virtualization User Session Operator | Opérateur de session utilisateur de virtualisation de poste de travail.Operator of the Desktop Virtualization Uesr Session. | ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6 |
Contributeur d’espace de travail de virtualisation de poste de travailDesktop Virtualization Workspace Contributor | Contributeur d’espace de travail de virtualisation de poste de travail.Contributor of the Desktop Virtualization Workspace. | 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b |
Lecteur d’espace de travail de virtualisation de poste de travailDesktop Virtualization Workspace Reader | Lecteur d’espace de travail de virtualisation de poste de travail.Reader of the Desktop Virtualization Workspace. | 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d |
Lecteur de sauvegarde de disqueDisk Backup Reader | Fournit une autorisation sur le coffre de sauvegarde pour effectuer une sauvegarde de disque.Provides permission to backup vault to perform disk backup. | 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24 |
Opérateur de restauration de disqueDisk Restore Operator | Fournit une autorisation sur le coffre de sauvegarde pour effectuer une restauration de disque.Provides permission to backup vault to perform disk restore. | b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13 |
Contributeur d’instantané de disqueDisk Snapshot Contributor | Fournit une autorisation sur le coffre de sauvegarde pour gérer les instantanés de disque.Provides permission to backup vault to manage disk snapshots. | 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce |
Contributeur des collections de travaux du planificateurScheduler Job Collections Contributor | Permet de gérer des collections de tâches du planificateur, mais pas d’y accéder.Lets you manage Scheduler job collections, but not access to them. | 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94 |
Opérateur de hub de servicesServices Hub Operator | L’opérateur de hub de services vous permet d’effectuer toutes les opérations de lecture, d’écriture et de suppression liées aux connecteurs de hub de services.Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. | 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b |
GénéralGeneral
ContributeurContributor
Accorde un accès total pour gérer toutes les ressources, mais ne vous permet pas d’affecter des rôles dans Azure RBAC, de gérer des affectations dans Azure Blueprints ou de partager des galeries d’images.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
* | Créer et gérer les ressources de tous les typesCreate and manage resources of all types |
NotActionsNotActions | |
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete | Supprimer des rôles, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesDelete roles, policy assignments, policy definitions and policy set definitions |
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write | Créer des rôles, des attributions de rôle, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesCreate roles, role assignments, policy assignments, policy definitions and policy set definitions |
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action | Accorde à l’appelant un accès Administrateur de l’accès utilisateur au niveau de la portée du clientGrants the caller User Access Administrator access at the tenant scope |
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write | Créer ou mettre à jour toutes les affectations de blueprintCreate or update any blueprint assignments |
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete | Supprimer toutes les affectations de blueprintDelete any blueprint assignments |
Microsoft.Compute/galleries/share/actionMicrosoft.Compute/galleries/share/action | Partage une galerie sur des différentes étenduesShares a Gallery to different scopes |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete",
"Microsoft.Compute/galleries/share/action"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
PropriétaireOwner
Octroie un accès total pour gérer toutes les ressources, notamment la possibilité d’attribuer des rôles dans Azure RBAC.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
* | Créer et gérer les ressources de tous les typesCreate and manage resources of all types |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
LecteurReader
Affiche toutes les ressources, mais ne vous autorise pas à apporter des modifications.View all resources, but does not allow you to make any changes. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
*/read*/read | Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "View all resources, but does not allow you to make any changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrateur de l'accès utilisateurUser Access Administrator
Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
*/read*/read | Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets. |
Microsoft.Authorization/*Microsoft.Authorization/* | Gérer les autorisationsManage authorization |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CalculCompute
Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor
Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* | Créer et gérer des noms de domaine de calcul classiqueCreate and manage classic compute domain names |
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* | Créer et gérer les machines virtuellesCreate and manage virtual machines |
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action | |
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action | Lier une adresse IP réservéeLink a reserved Ip |
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read | Obtient les adresses IP réservéesGets the reserved Ips |
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action | Joint le réseau virtuel.Joins the virtual network. |
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read | Obtenez le réseau virtuel.Get the virtual network. |
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read | Retourne le disque du compte de stockage.Returns the storage account disk. |
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read | Retourne l’image du compte de stockage.Returns the storage account image. (Déconseillé.(Deprecated. Utilisez « Microsoft.ClassicStorage/storageAccounts/vmImages »)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts. |
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | Retourne le compte de stockage avec le compte spécifique.Return the storage account with the given account. |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login
Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateur En savoir plusView Virtual Machines in the portal and login as administrator Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | Obtient une définition de l’adresse IP publique.Gets a public ip address definition. |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | Obtient une définition d’équilibrage de charge.Gets a load balancer definition |
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | Obtient une définition d’interface réseau.Gets a network interface definition. |
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user |
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action | Se connecter à une machine virtuelle avec des privilèges d’administrateur Windows ou d’utilisateur racine LinuxLog in to a virtual machine with Windows administrator or Linux root user privileges |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de machine virtuelleVirtual Machine Contributor
Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | Créer et gérer des groupes à haute disponibilité de calculCreate and manage compute availability sets |
Microsoft.Compute/locations/*Microsoft.Compute/locations/* | Créer et gérer des emplacements de calculCreate and manage compute locations |
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | Effectuer toutes les actions de machine virtuelle, notamment créer, mettre à jour, supprimer, démarrer, redémarrer et mettre hors tension des machines virtuelles.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Exécuter des scripts prédéfinis sur des machines virtuelles.Execute predefined scripts on virtual machines. |
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* | Créez et gérez des jeux de mise à l’échelle des machines virtuellesCreate and manage virtual machine scale sets |
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write | Créer ou mettre à jour un disqueCreates a new Disk or updates an existing one |
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read | Obtenir les propriétés d’un disqueGet the properties of a Disk |
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete | Supprimer le disqueDeletes the Disk |
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/* | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action | Joint un pool d’adresses principales de passerelle d’application.Joins an application gateway backend address pool. Impossible à alerter.Not Alertable. |
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | Joint un pool d’adresses principales d’équilibrage de charge.Joins a load balancer backend address pool. Impossible à alerter.Not Alertable. |
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action | Joint un pool NAT entrant d’équilibrage de charge.Joins a load balancer inbound NAT pool. Impossible à alerter.Not alertable. |
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | Joint une règle nat de trafic entrant d’équilibrage de charge.Joins a load balancer inbound nat rule. Impossible à alerter.Not Alertable. |
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action | Autorise l’utilisation des sondes d’un équilibreur de charge.Allows using probes of a load balancer. Par exemple, avec cette autorisation, la propriété healthProbe du groupe de machines virtuelles identiques peut faire référence à la sonde.For example, with this permission healthProbe property of VM scale set can reference the probe. Impossible à alerter.Not alertable. |
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | Obtient une définition d’équilibrage de charge.Gets a load balancer definition |
Microsoft.Network/locations/*Microsoft.Network/locations/* | Créer et gérer des emplacements réseauCreate and manage network locations |
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | Créer et gérer des interfaces réseauCreate and manage network interfaces |
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable. |
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read | Obtient une définition de groupe de sécurité réseau.Gets a network security group definition |
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | Joint une adresse IP publique.Joins a public ip address. Impossible à alerter.Not Alertable. |
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | Obtient une définition de l’adresse IP publique.Gets a public ip address definition. |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable. |
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | Crée une intention de protection de sauvegarde.Create a backup Protection Intent |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | Créer un élément protégé de sauvegarde.Create a backup Protected Item |
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | Renvoie toutes les stratégies de protection.Returns all Protection Policies |
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write | Crée une stratégie de protection.Creates Protection Policy |
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault' |
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault' |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/* | |
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account. |
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login
Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | Obtient une définition de l’adresse IP publique.Gets a public ip address definition. |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | Obtient une définition d’équilibrage de charge.Gets a load balancer definition |
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | Obtient une définition d’interface réseau.Gets a network interface definition. |
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Mise en réseauNetworking
Contributeur de point de terminaison CDNCDN Endpoint Contributor
Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/* | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de point de terminaison CDNCDN Endpoint Reader
Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de profil CDNCDN Profile Contributor
Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/* | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
"name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de profil CDNCDN Profile Reader
Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN profiles and their endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
"name": "8f96442b-4075-438f-813d-ad51ab4019af",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de réseau classiqueClassic Network Contributor
Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* | Créer et gérer des réseaux classiquesCreate and manage classic networks |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicNetwork/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de Zone DNSDNS Zone Contributor
Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* | Créer et gérer des enregistrements et zones DNSCreate and manage DNS zones and records |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"name": "befefa01-2a29-4197-83a8-272ff33ce314",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/dnsZones/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de réseauNetwork Contributor
Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Network/*Microsoft.Network/* | Créer et gérer des réseauxCreate and manage networks |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Private DNS Zone ContributorPrivate DNS Zone Contributor
Permet de gérer les ressources de zone DNS privée, mais pas les réseaux virtuels auxquels elles sont liées.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/* | |
Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/* | |
Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/* | |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action | Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable. |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"permissions": [
{
"actions": [
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/privateDnsZones/*",
"Microsoft.Network/privateDnsOperationResults/*",
"Microsoft.Network/privateDnsOperationStatuses/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Private DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Traffic ManagerTraffic Manager Contributor
Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/* | |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/trafficManagerProfiles/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Traffic Manager Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
StockageStorage
Contributeur AvereAvere Contributor
Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Compute/*/readMicrosoft.Compute/*/read | |
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | |
Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/* | |
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | |
Microsoft.Compute/disks/*Microsoft.Compute/disks/* | |
Microsoft.Network/*/readMicrosoft.Network/*/read | |
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition |
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable. |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable. |
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable. |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Storage/*/readMicrosoft.Storage/*/read | |
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | Créer et gérer les comptes de stockageCreate and manage storage accounts |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read | Obtient les ressources du groupe de ressources.Gets the resources for the resource group. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur AvereAvere Operator
Utilisé par le cluster Avere vFXT pour gérer le cluster En savoir plusUsed by the Avere vFXT cluster to manage the cluster Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | Obtenir les propriétés d’une machine virtuelleGet the properties of a virtual machine |
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | Obtient une définition d’interface réseau.Gets a network interface definition. |
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | Crée une interface réseau ou met à jour une interface réseau existante.Creates a network interface or updates an existing network interface. |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition |
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable. |
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable. |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | Retourne le résultat de la suppression d’un conteneurReturns the result of deleting a container |
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | Retourne la liste des conteneursReturns list of containers |
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | Retourne le résultat du conteneur put blobReturns the result of put blob container |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de sauvegardeBackup Contributor
Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnes En savoir plusLets you manage backup service, but can't create vaults and give access to others Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | Gérer les résultats des opérations de gestion des sauvegardesManage results of operation on backup management |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | Créer et gérer des conteneurs de sauvegarde dans les structures de sauvegarde du coffre Recovery ServicesCreate and manage backup containers inside backup fabrics of Recovery Services vault |
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | Actualise la liste de conteneurs.Refreshes the container list |
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | Créer et gérer des travaux de sauvegardeCreate and manage backup jobs |
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | Travaux d’exportationExport Jobs |
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations |
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* | Créer et gérer des stratégies de sauvegardeCreate and manage backup policies |
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | Créer et gérer les éléments sauvegardésCreate and manage backed up items |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | Créer et gérer les conteneurs contenant les éléments de sauvegardeCreate and manage containers holding backup items |
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* | Créer et gérer des certificats associés à la sauvegarde dans le coffre Recovery ServicesCreate and manage certificates related to backup in Recovery Services vault |
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | Créer et gérer des informations étendues associées au coffreCreate and manage extended info related to vault |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault. |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault' |
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Créer et gérer les identités inscritesCreate and manage registered identities |
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* | Créer et gérer l’utilisation du coffre Recovery ServicesCreate and manage usage of Recovery Services vault |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account. |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/* | |
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | Valider l’opération sur l’élément protégé.Validate Operation on Protected Item |
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault' |
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault. |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | Obtient tous les conteneurs protégeablesGet all protectable containers |
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults |
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | Valide des fonctionnalitésValidate Features |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | Résout l’alerte.Resolves the alert. |
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider |
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup service,but can't create vaults and give access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de sauvegardeBackup Operator
Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnes En savoir plusLets you manage backup services, except removal of backup, vault creation and giving access to others Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | Obtenir la définition de réseau virtuel.Get the virtual network definition |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | Renvoie l’état de l’opération.Returns status of the operation |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | Effectue la sauvegarde d’un élément protégé.Performs Backup for Protected Item. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | Approvisionner la récupération d’éléments instantanée pour l’élément protégé.Provision Instant Item Recovery for Protected Item |
Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/actionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action | Obtenir AccessToken pour la restauration interrégionale.Get AccessToken for Cross Region Restore. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | Restaurer les points de récupération des éléments protégés.Restore Recovery Points for Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | Révoquer la récupération d’éléments instantanée pour l’élément protégé.Revoke Instant Item Recovery for Protected Item |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | Créer un élément protégé de sauvegarde.Create a backup Protected Item |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | Renvoie tous les conteneurs inscrits.Returns all registered containers |
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | Actualise la liste de conteneurs.Refreshes the container list |
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | Créer et gérer des travaux de sauvegardeCreate and manage backup jobs |
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | Travaux d’exportationExport Jobs |
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations |
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation. |
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | Renvoie toutes les stratégies de protection.Returns all Protection Policies |
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items. |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | L’opération de mise à jour de certificat de ressource met à jour le certificat d’identification du coffre/de la ressource.The Update Resource Certificate operation updates the resource/vault credential certificate. |
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write | L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault. |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault' |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource. |
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write | L’opération d’inscription d’un conteneur de service peut être utilisée pour inscrire un conteneur avec Recovery Services.The Register Service Container operation can be used to register a container with Recovery Service. |
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault. |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account. |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | Valider l’opération sur l’élément protégé.Validate Operation on Protected Item |
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | Crée un conteneur inscritCreates a registered container |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action | Recherche les charges de travail dans un conteneurDo inquiry for workloads within a container |
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault. |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | Crée une intention de protection de sauvegarde.Create a backup Protection Intent |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | Créer une intention de protection de sauvegardeGet a backup Protection Intent |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | Obtient tous les conteneurs protégeablesGet all protectable containers |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | Obtient tous les éléments figurant dans un conteneurGet all items in a container |
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults |
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | Valide des fonctionnalitésValidate Features |
Microsoft.RecoveryServices/locations/backupAadProperties/readMicrosoft.RecoveryServices/locations/backupAadProperties/read | Obtenir les propriétés AAD d’authentification dans la troisième région pour la restauration interrégionale.Get AAD Properties for authentication in the third region for Cross Region Restore. |
Microsoft.RecoveryServices/locations/backupCrrJobs/actionMicrosoft.RecoveryServices/locations/backupCrrJobs/action | Répertorier les travaux de restauration interrégionale dans la région secondaire pour le coffre Recovery Services.List Cross Region Restore Jobs in the secondary region for Recovery Services Vault. |
Microsoft.RecoveryServices/locations/backupCrrJob/actionMicrosoft.RecoveryServices/locations/backupCrrJob/action | Obtenir les détails du travail de restauration interrégionale dans la région secondaire pour le coffre Recovery Services.Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault. |
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/actionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action | Déclencher la restauration interrégion.Trigger Cross region restore. |
Microsoft.RecoveryServices/locations/backupCrrOperationResults/readMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read | Retourne le résultat de l’opération de restauration interrégionale du coffre Recovery Services.Returns CRR Operation Result for Recovery Services Vault. |
Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/readMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read | Retourne l’état de l’opération de restauration interrégionale du coffre Recovery Services.Returns CRR Operation Status for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | Résout l’alerte.Resolves the alert. |
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider |
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/locations/backupAadProperties/read",
"Microsoft.RecoveryServices/locations/backupCrrJobs/action",
"Microsoft.RecoveryServices/locations/backupCrrJob/action",
"Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
"Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
"Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de sauvegardeBackup Reader
Peut afficher des services de sauvegarde, mais pas apporter des modifications En savoir plusCan view backup services, but can't make changes Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp est une opération interne utilisée par le service.GetAllocatedStamp is internal operation used by service |
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | Renvoie l’état de l’opération.Returns status of the operation |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items. |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | Renvoie tous les conteneurs inscrits.Returns all registered containers |
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read | Renvoie le résultat de l’opération de travail.Returns the Result of Job Operation. |
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read | Renvoie tous les objets de travail.Returns all Job Objects |
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | Travaux d’exportationExport Jobs |
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read | Renvoie le résultat de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Result for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation. |
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | Renvoie toutes les stratégies de protection.Returns all Protection Policies |
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items. |
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription |
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault. |
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault' |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource. |
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read | Renvoie la configuration de stockage pour le coffre Recovery Services.Returns Storage Configuration for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read | Renvoie la configuration pour le coffre Recovery Services.Returns Configuration for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault. |
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation. |
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault. |
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | Créer une intention de protection de sauvegardeGet a backup Protection Intent |
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | Obtient tous les éléments figurant dans un conteneurGet all items in a container |
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | Résout l’alerte.Resolves the alert. |
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider |
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation |
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents |
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault. |
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | Valide des fonctionnalitésValidate Features |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de compte de stockage classiqueClassic Storage Account Contributor
Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* | Créer et gérer les comptes de stockageCreate and manage storage accounts |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role
Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à regénérer des clés sur des comptes de stockage classiques En savoir plusClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action | Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts. |
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action | Régénère les clés d’accès existantes du compte de stockage.Regenerates the existing access keys for the storage account. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Data BoxData Box Contributor
Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Databox/*Microsoft.Databox/* | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Data BoxData Box Reader
Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Databox/*/readMicrosoft.Databox/*/read | |
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action | |
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action | Répertorie les informations d’identification non chiffrées liées à la commandeLists the unencrypted credentials related to the order. |
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action | Retourner la liste des références (SKU) disponiblesThis method returns the list of available skus. |
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action | Cette méthode effectue tous les types de validations.This method does all type of validations. |
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action | Cette méthode retourne les configurations pour la région.This method returns the configurations for the region. |
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action | Valider l'adresse de livraison et fournir d'autres adresses s’il en estValidates the shipping address and provides alternate addresses if any. |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Développeur Data Lake AnalyticsData Lake Analytics Developer
Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/* | |
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/* | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete | |
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action | |
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write | |
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete | Supprime un compte Data Lake Analytics.Delete a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action | Accorde des autorisations pour annuler des travaux soumis par d’autres utilisateurs.Grant permissions to cancel jobs submitted by other users. |
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write | Crée ou met à jour un compte Data Lake Analytics.Create or update a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | Crée ou met à jour un compte Data Lake Store lié d’un compte Data Lake Analytics.Create or update a linked DataLakeStore account of a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | Dissocie un compte Data Lake Store d’un compte Data Lake Analytics.Unlink a DataLakeStore account from a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write | Crée ou met à jour un compte de stockage lié d’un compte Data Lake Analytics.Create or update a linked Storage account of a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete | Dissocie un compte de stockage d’un compte Data Lake Analytics.Unlink a Storage account from a DataLakeAnalytics account. |
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write | Créer ou mettre à jour une règle de pare-feu.Create or update a firewall rule. |
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete | Supprimer une règle de pare-feu.Delete a firewall rule. |
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write | Crée ou met à jour une stratégie de calcul.Create or update a compute policy. |
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete | Supprime une stratégie de calcul.Delete a compute policy. |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur et accès aux donnéesReader and Data Access
Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account. |
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action | Retourne le jeton SAS du compte de stockage spécifié.Returns the Account SAS token for the specified storage account. |
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de compte de stockageStorage Account Contributor
Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable. |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | Créer et gérer les comptes de stockageCreate and manage storage accounts |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role
Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account. |
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action | Régénère les clés d’accès au compte de stockage spécifié.Regenerates the access keys for the specified storage account. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur aux données Blob du stockageStorage Blob Data Contributor
Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | Supprimer un conteneur.Delete a container. |
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers. |
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | Modifier les métadonnées ou les propriétés d’un conteneur.Modify a container's metadata or properties. |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | Supprimer un objet blob.Delete a blob. |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs. |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | Écrire dans un objet blob.Write to a blob. |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | Déplace l'objet blob d'un chemin à un autreMoves the blob from one path to another |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/add/action | Retourner le résultat de l’ajout de contenu d’objet blobReturns the result of adding blob content |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Propriétaire des données Blob du stockageStorage Blob Data Owner
Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* | Toutes les autorisations sur les conteneurs.Full permissions on containers. |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | Toutes les autorisations sur les objets blob.Full permissions on blobs. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur des données blob du stockageStorage Blob Data Reader
Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers. |
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Délégation du Stockage BlobStorage Blob Delegator
Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor
Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor
Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder. |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | Retourne le résultat de la modification de l’autorisation sur un fichier/dossier.Returns the result of modifying permission on a file/folder. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader
Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor
Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete | Supprimer une file d’attente.Delete a queue. |
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | Retourner une file d’attente ou une liste de files d’attente.Return a queue or a list of queues. |
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write | Modifier les métadonnées ou propriétés en file d’attente.Modify queue metadata or properties. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete | Supprimer un ou plusieurs messages à partir d’une file d’attente.Delete one or more messages from a queue. |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue. |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write | Ajouter un message à une file d'attente.Add a message to a queue. |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action | Retourner le résultat du traitement d’un messageReturns the result of processing a message |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor
Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | Afficher l’aperçu d’un message.Peek a message. |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action | Récupérer et supprimer un message.Retrieve and delete a message. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender
Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action | Ajouter un message à une file d'attente.Add a message to a queue. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur des données en file d’attente du stockageStorage Queue Data Reader
Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | Retourne une file d’attente ou une liste de files d’attente.Returns a queue or a list of queues. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
WebWeb
Contributeur aux données Azure MapsAzure Maps Data Contributor
Accorde l’accès en lecture, en écriture et en suppression aux données liées aux cartes depuis un compte Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read | |
Microsoft.Maps/accounts/*/writeMicrosoft.Maps/accounts/*/write | |
Microsoft.Maps/accounts/*/deleteMicrosoft.Maps/accounts/*/delete | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read",
"Microsoft.Maps/accounts/*/write",
"Microsoft.Maps/accounts/*/delete"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de données Azure MapsAzure Maps Data Reader
Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur du service de rechercheSearch Service Contributor
Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* | Créer et gérer les services de rechercheCreate and manage search services |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur AccessKey SignalRSignalR AccessKey Reader
Lire les clés d’accès du service SignalRRead SignalR Service Access Keys
ActionsActions | DescriptionDescription |
---|---|
Microsoft.SignalRService/*/readMicrosoft.SignalRService/*/read | |
Microsoft.SignalRService/SignalR/listkeys/actionMicrosoft.SignalRService/SignalR/listkeys/action | Afficher la valeur des clés d’accès SignalR dans le portail de gestion ou par le biais d’une APIView the value of SignalR access keys in the management portal or through API |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Read SignalR Service Access Keys",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
"name": "04165923-9d83-45d5-8227-78b77b0a687e",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*/read",
"Microsoft.SignalRService/SignalR/listkeys/action",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR AccessKey Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Serveur d’applications SignalR (préversion)SignalR App Server (Preview)
Permet à votre serveur d’applications d’accéder au service SignalR avec les options d’authentification AAD.Lets your app server access SignalR Service with AAD auth options.
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.SignalRService/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action | Générez un AccessKey temporaire pour la signature de ClientTokens.Generate a temporary AccessKey for signing ClientTokens. |
Microsoft.SignalRService/SignalR/serverConnection/writeMicrosoft.SignalRService/SignalR/serverConnection/write | Démarrer une connexion au serveur.Start a server connection. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets your app server access SignalR Service with AAD auth options.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
"name": "420fcaa2-552c-430f-98ca-3264be4806c7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/accessKey/action",
"Microsoft.SignalRService/SignalR/serverConnection/write"
],
"notDataActions": []
}
],
"roleName": "SignalR App Server (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur SignalRSignalR Contributor
Créer, lire, mettre à jour et supprimer des ressources de service SignalRCreate, Read, Update, and Delete SignalR service resources
ActionsActions | DescriptionDescription |
---|---|
Microsoft.SignalRService/*Microsoft.SignalRService/* | |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete SignalR service resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
"permissions": [
{
"actions": [
"Microsoft.SignalRService/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SignalR Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur SignalR Serverless (préversion)SignalR Serverless Contributor (Preview)
Permet à votre application d’accéder au service en mode serverless avec les options d’authentification AAD.Lets your app access service in serverless mode with AAD auth options.
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.SignalRService/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action | Générez un ClientToken pour démarrer une connexion cliente.Generate a ClientToken for starting a client connection. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets your app access service in serverless mode with AAD auth options.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
"name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/auth/clientToken/action"
],
"notDataActions": []
}
],
"roleName": "SignalR Serverless Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Propriétaire de SignalR Service (préversion)SignalR Service Owner (Preview)
Accès complet aux API REST du service Azure SignalRFull access to Azure SignalR Service REST APIs
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.SignalRService/SignalR/hub/send/actionMicrosoft.SignalRService/SignalR/hub/send/action | Diffusez des messages à toutes les connexions clientes dans le hub.Broadcast messages to all client connections in hub. |
Microsoft.SignalRService/SignalR/group/send/actionMicrosoft.SignalRService/SignalR/group/send/action | Diffusez le message au groupe.Broadcast message to group. |
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read | Vérifiez l’existence du groupe ou l’existence de l’utilisateur dans le groupe.Check group existence or user existence in group. |
Microsoft.SignalRService/SignalR/group/writeMicrosoft.SignalRService/SignalR/group/write | Rejoignez/Quittez le groupe.Join / Leave group. |
Microsoft.SignalRService/SignalR/clientConnection/send/actionMicrosoft.SignalRService/SignalR/clientConnection/send/action | Envoyer des messages directement à une connexion cliente.Send messages directly to a client connection. |
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read | Vérifier l’existence de la connexion cliente.Check client connection existence. |
Microsoft.SignalRService/SignalR/clientConnection/writeMicrosoft.SignalRService/SignalR/clientConnection/write | Fermez la connexion cliente.Close client connection. |
Microsoft.SignalRService/SignalR/user/send/actionMicrosoft.SignalRService/SignalR/user/send/action | Envoyer des messages à l’utilisateur, qui peut se composer de plusieurs connexions clientes.Send messages to user, who may consist of multiple client connections. |
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read | Vérifiez l’existence d’un utilisateur.Check user existence. |
Microsoft.SignalRService/SignalR/user/writeMicrosoft.SignalRService/SignalR/user/write | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Full access to Azure SignalR Service REST APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/hub/send/action",
"Microsoft.SignalRService/SignalR/group/send/action",
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/group/write",
"Microsoft.SignalRService/SignalR/clientConnection/send/action",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/clientConnection/write",
"Microsoft.SignalRService/SignalR/user/send/action",
"Microsoft.SignalRService/SignalR/user/read",
"Microsoft.SignalRService/SignalR/user/write"
],
"notDataActions": []
}
],
"roleName": "SignalR Service Owner (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de SignalR Service (préversion)SignalR Service Reader (Preview)
Accès en lecture seule aux API REST du service Azure SignalRRead-only access to Azure SignalR Service REST APIs
ActionsActions | DescriptionDescription |
---|---|
Aucunenone | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read | Vérifiez l’existence du groupe ou l’existence de l’utilisateur dans le groupe.Check group existence or user existence in group. |
Microsoft.SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read | Vérifier l’existence de la connexion cliente.Check client connection existence. |
Microsoft.SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read | Vérifiez l’existence d’un utilisateur.Check user existence. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to Azure SignalR Service REST APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
"name": "ddde6b66-c0df-4114-a159-3618637b3035",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.SignalRService/SignalR/group/read",
"Microsoft.SignalRService/SignalR/clientConnection/read",
"Microsoft.SignalRService/SignalR/user/read"
],
"notDataActions": []
}
],
"roleName": "SignalR Service Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de plan webWeb Plan Contributor
Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* | Créer et gérer des batteries de serveursCreate and manage server farms |
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action | Joint un environnement App Service EnvironmentJoins an App Service Environment |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the web plans for websites, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/hostingEnvironments/Join/Action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Web Plan Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de site webWebsite Contributor
Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Insights/components/*Microsoft.Insights/components/* | Créer et gérer les composants InsightsCreate and manage Insights components |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Web/certificates/*Microsoft.Web/certificates/* | Créer et gérer les certificats de site webCreate and manage website certificates |
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read | Récupère les noms de sites affectés à un nom d’hôte.Get names of sites assigned to hostname. |
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action | Joint un plan App ServiceJoins an App Service Plan |
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | Récupère les propriétés d’un plan App Service.Get the properties on an App Service Plan |
Microsoft.Web/sites/*Microsoft.Web/sites/* | Créer et gérer des sites web (la création de sites nécessite également des autorisations d’écriture pour le plan App Service associé)Create and manage websites (site creation also requires write permissions to the associated App Service Plan) |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage websites (not web plans), but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
"name": "de139f84-1756-47ae-9be6-808fbbe84772",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/certificates/*",
"Microsoft.Web/listSitesAssignedToHostName/read",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Website Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ContainersContainers
AcrDeleteAcrDelete
suppression Arc En savoir plusacr delete Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete | Supprimer l’artefact dans un registre de conteneurs.Delete artifact in a container registry. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr delete",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/artifacts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrDelete",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrImageSignerAcrImageSigner
signataire d’image Arc En savoir plusacr image signer Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write | Envoie ou tire des métadonnées d’approbation du contenu pour un registre de conteneurs.Push/Pull content trust metadata for a container registry. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr image signer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
"name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/sign/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrImageSigner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPullAcrPull
tirage (pull) Arc En savoir plusacr pull Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr pull",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
"name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPull",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPushAcrPush
envoi (push) Arc En savoir plusacr push Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry. |
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write | Envoie (push) ou écrit des images dans un registre de conteneurs.Push or Write images to a container registry. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr push",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
"name": "8311e382-0749-4cb8-b61a-304f252e45ec",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/push/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPush",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineReaderAcrQuarantineReader
lecteur de données de quarantaine ACRacr quarantine data reader
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
"name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineReader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineWriterAcrQuarantineWriter
écriture de données de quarantaine ACRacr quarantine data writer
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry |
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write | Écrit ou modifie l’état des images en quarantaineWrite/Modify quarantine state of quarantined images |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data writer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read",
"Microsoft.ContainerRegistry/registries/quarantine/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineWriter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role
Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action | Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterAdmin credential of a managed cluster |
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action | Obtient un profil d’accès au cluster géré en fonction du nom de rôle à l’aide des informations d’identification de la listeGet a managed cluster access profile by role name using list credential |
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | Obtient un cluster géréGet a managed cluster |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "List cluster admin credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster Admin Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role
Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster |
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | Obtient un cluster géréGet a managed cluster |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "List cluster user credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster User Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Rôle Contributeur Azure Kubernetes ServiceAzure Kubernetes Service Contributor Role
Octroie l’accès en lecture et en écriture aux clusters Azure Kubernetes Service. En savoir plusGrants access to read and write Azure Kubernetes Service clusters Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | Obtient un cluster géréGet a managed cluster |
Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write | Crée ou met à jour un cluster géréCreates a new managed cluster or updates an existing one |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read and write Azure Kubernetes Service clusters",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/write",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC AdminAzure Kubernetes Service RBAC Admin
Gérez toutes les ressources sous cluster/espace de noms, à l’exception de la mise à jour ou de la suppression de quotas de ressources et d’espaces de noms.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | Crée ou met à jour un déploiement.Creates or updates an deployment. |
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results. |
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | Obtient la liste des abonnements.Gets the list of subscriptions. |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/* | |
NotDataActionsNotDataActions | |
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write | Écrit resourcequotasWrites resourcequotas |
Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete | Supprime resourcequotasDeletes resourcequotas |
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write | Écrit namespacesWrites namespaces |
Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete | Supprime namespacesDeletes namespaces |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
"name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": [
"Microsoft.ContainerService/managedClusters/resourcequotas/write",
"Microsoft.ContainerService/managedClusters/resourcequotas/delete",
"Microsoft.ContainerService/managedClusters/namespaces/write",
"Microsoft.ContainerService/managedClusters/namespaces/delete"
]
}
],
"roleName": "Azure Kubernetes Service RBAC Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC Cluster AdminAzure Kubernetes Service RBAC Cluster Admin
Gérez toutes les ressources du cluster.Lets you manage all resources in the cluster. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | Crée ou met à jour un déploiement.Creates or updates an deployment. |
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results. |
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | Obtient la liste des abonnements.Gets the list of subscriptions. |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/* | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources in the cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC ReaderAzure Kubernetes Service RBAC Reader
Autorise l’accès en lecture seule pour voir la plupart des objets dans un espace de noms.Allows read-only access to see most objects in a namespace. Ce rôle n’autorise pas l’affichage des rôles ni des liaisons de rôles.It does not allow viewing roles or role bindings. Il n’autorise pas l’affichage des secrets, car la lecture du contenu de Secrets donne accès aux informations d’identification ServiceAccount dans l’espace de noms, ce qui permet l’accès aux API comme n’importe quel ServiceAccount dans l’espace de noms (une forme d’élévation de privilèges).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | Crée ou met à jour un déploiement.Creates or updates an deployment. |
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results. |
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | Obtient la liste des abonnements.Gets the list of subscriptions. |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read | Lit controllerrevisionsReads controllerrevisions |
Microsoft.ContainerService/managedClusters/apps/daemonsets/readMicrosoft.ContainerService/managedClusters/apps/daemonsets/read | Lit daemonsetsReads daemonsets |
Microsoft.ContainerService/managedClusters/apps/deployments/readMicrosoft.ContainerService/managedClusters/apps/deployments/read | Lit deploymentsReads deployments |
Microsoft.ContainerService/managedClusters/apps/replicasets/readMicrosoft.ContainerService/managedClusters/apps/replicasets/read | Lit replicasetsReads replicasets |
Microsoft.ContainerService/managedClusters/apps/statefulsets/readMicrosoft.ContainerService/managedClusters/apps/statefulsets/read | Lit statefulsetsReads statefulsets |
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/readMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read | Lit horizontalpodautoscalersReads horizontalpodautoscalers |
Microsoft.ContainerService/managedClusters/batch/cronjobs/readMicrosoft.ContainerService/managedClusters/batch/cronjobs/read | Lit cronjobsReads cronjobs |
Microsoft.ContainerService/managedClusters/batch/jobs/readMicrosoft.ContainerService/managedClusters/batch/jobs/read | Lit jobsReads jobs |
Microsoft.ContainerService/managedClusters/configmaps/readMicrosoft.ContainerService/managedClusters/configmaps/read | Lit configmapsReads configmaps |
Microsoft.ContainerService/managedClusters/endpoints/readMicrosoft.ContainerService/managedClusters/endpoints/read | Lit endpointsReads endpoints |
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read | Lit eventsReads events |
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read | Lit eventsReads events |
Microsoft.ContainerService/managedClusters/extensions/daemonsets/readMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read | Lit daemonsetsReads daemonsets |
Microsoft.ContainerService/managedClusters/extensions/deployments/readMicrosoft.ContainerService/managedClusters/extensions/deployments/read | Lit deploymentsReads deployments |
Microsoft.ContainerService/managedClusters/extensions/ingresses/readMicrosoft.ContainerService/managedClusters/extensions/ingresses/read | Lit ingressesReads ingresses |
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/readMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read | Lit networkpoliciesReads networkpolicies |
Microsoft.ContainerService/managedClusters/extensions/replicasets/readMicrosoft.ContainerService/managedClusters/extensions/replicasets/read | Lit replicasetsReads replicasets |
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read | Lit limitrangesReads limitranges |
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read | Lit namespacesReads namespaces |
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read | Lit ingressesReads ingresses |
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read | Lit networkpoliciesReads networkpolicies |
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/readMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read | Lit persistentvolumeclaimsReads persistentvolumeclaims |
Microsoft.ContainerService/managedClusters/pods/readMicrosoft.ContainerService/managedClusters/pods/read | Lit podsReads pods |
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/readMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read | Lit poddisruptionbudgetsReads poddisruptionbudgets |
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read | Lit replicationcontrollersReads replicationcontrollers |
Microsoft.ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read | Lit replicationcontrollersReads replicationcontrollers |
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read | Lit resourcequotasReads resourcequotas |
Microsoft.ContainerService/managedClusters/serviceaccounts/readMicrosoft.ContainerService/managedClusters/serviceaccounts/read | Lit serviceaccountsReads serviceaccounts |
Microsoft.ContainerService/managedClusters/services/readMicrosoft.ContainerService/managedClusters/services/read | Lit servicesReads services |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
"Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
"Microsoft.ContainerService/managedClusters/apps/deployments/read",
"Microsoft.ContainerService/managedClusters/apps/replicasets/read",
"Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
"Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
"Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
"Microsoft.ContainerService/managedClusters/batch/jobs/read",
"Microsoft.ContainerService/managedClusters/configmaps/read",
"Microsoft.ContainerService/managedClusters/endpoints/read",
"Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
"Microsoft.ContainerService/managedClusters/events/read",
"Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
"Microsoft.ContainerService/managedClusters/extensions/deployments/read",
"Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
"Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
"Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
"Microsoft.ContainerService/managedClusters/limitranges/read",
"Microsoft.ContainerService/managedClusters/namespaces/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
"Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
"Microsoft.ContainerService/managedClusters/pods/read",
"Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
"Microsoft.ContainerService/managedClusters/resourcequotas/read",
"Microsoft.ContainerService/managedClusters/serviceaccounts/read",
"Microsoft.ContainerService/managedClusters/services/read"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC WriterAzure Kubernetes Service RBAC Writer
Autorise l’accès en lecture/écriture à la plupart des objets d’un espace de noms. Ce rôle n’autorise pas l’affichage ni la modification des rôles ou des liaisons de rôles.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. Toutefois, ce rôle permet d’accéder aux secrets et aux pods en cours d’exécution comme n’importe quel ServiceAccount de l’espace de noms. Il peut donc être utilisé pour obtenir les niveaux d’accès API de n’importe quel ServiceAccount dans l’espace de noms.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. L’application de ce rôle à l’étendue du cluster fournit un accès à tous les espaces de noms.Applying this role at cluster scope will give access across all namespaces. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | Crée ou met à jour un déploiement.Creates or updates an deployment. |
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results. |
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | Obtient la liste des abonnements.Gets the list of subscriptions. |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read | Lit controllerrevisionsReads controllerrevisions |
Microsoft.ContainerService/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/* | |
Microsoft.ContainerService/managedClusters/apps/deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/* | |
Microsoft.ContainerService/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/* | |
Microsoft.ContainerService/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/* | |
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/* | |
Microsoft.ContainerService/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/* | |
Microsoft.ContainerService/managedClusters/batch/jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/* | |
Microsoft.ContainerService/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/* | |
Microsoft.ContainerService/managedClusters/endpoints/*Microsoft.ContainerService/managedClusters/endpoints/* | |
Microsoft.ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read | Lit eventsReads events |
Microsoft.ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read | Lit eventsReads events |
Microsoft.ContainerService/managedClusters/extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/* | |
Microsoft.ContainerService/managedClusters/extensions/deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/* | |
Microsoft.ContainerService/managedClusters/extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/* | |
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/* | |
Microsoft.ContainerService/managedClusters/extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/* | |
Microsoft.ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read | Lit limitrangesReads limitranges |
Microsoft.ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read | Lit namespacesReads namespaces |
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/* | |
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/* | |
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/* | |
Microsoft.ContainerService/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/* | |
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/* | |
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/* | |
Microsoft.ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/* | |
Microsoft.ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read | Lit resourcequotasReads resourcequotas |
Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/* | |
Microsoft.ContainerService/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/* | |
Microsoft.ContainerService/managedClusters/services/*Microsoft.ContainerService/managedClusters/services/* | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
"Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
"Microsoft.ContainerService/managedClusters/apps/deployments/*",
"Microsoft.ContainerService/managedClusters/apps/replicasets/*",
"Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
"Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
"Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
"Microsoft.ContainerService/managedClusters/batch/jobs/*",
"Microsoft.ContainerService/managedClusters/configmaps/*",
"Microsoft.ContainerService/managedClusters/endpoints/*",
"Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
"Microsoft.ContainerService/managedClusters/events/read",
"Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
"Microsoft.ContainerService/managedClusters/extensions/deployments/*",
"Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
"Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
"Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
"Microsoft.ContainerService/managedClusters/limitranges/read",
"Microsoft.ContainerService/managedClusters/namespaces/read",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
"Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
"Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
"Microsoft.ContainerService/managedClusters/pods/*",
"Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
"Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
"Microsoft.ContainerService/managedClusters/resourcequotas/read",
"Microsoft.ContainerService/managedClusters/secrets/*",
"Microsoft.ContainerService/managedClusters/serviceaccounts/*",
"Microsoft.ContainerService/managedClusters/services/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Bases de donnéesDatabases
Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role
Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read | Lire n’importe quelle collectionRead any collection |
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action | Lire les clés en lecture seule du compte de base de données.Reads the database account readonly keys. |
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read | Lire les définitions des mesuresRead metric definitions |
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read | Lire des mesuresRead metrics |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can read Azure Cosmos DB Accounts data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
"Microsoft.Insights/MetricDefinitions/read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Account Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur Cosmos DBCosmos DB Operator
Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable. |
NotActionsNotActions | |
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* | |
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/* | |
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/* | |
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* | |
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write | Créer ou mettre à jour une définition de rôle SQLCreate or update a SQL Role Definition |
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete | Supprimer une définition de rôle SQLDelete a SQL Role Definition |
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/writeMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write | Créer ou mettre à jour une attribution de rôle SQLCreate or update a SQL Role Assignment |
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/deleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete | Supprimer une attribution de rôle SQLDelete a SQL Role Assignment |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
"name": "230815da-be43-4aae-9cb4-875f7bd000aa",
"permissions": [
{
"actions": [
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [
"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
"Microsoft.DocumentDB/databaseAccounts/listKeys/*",
"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
"Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosBackupOperatorCosmosBackupOperator
Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compte En savoir plusCan submit restore request for a Cosmos DB database or a container for an account Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action | Soumettre une demande pour configurer la sauvegardeSubmit a request to configure backup |
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action | Soumettre une demande de restaurationSubmit a restore request |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can submit restore request for a Cosmos DB database or a container for an account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/databaseAccounts/backup/action",
"Microsoft.DocumentDB/databaseAccounts/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosBackupOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosRestoreOperatorCosmosRestoreOperator
Peut effectuer une action de restauration pour un compte de base de données Cosmos DB avec le mode de sauvegarde continuCan perform restore action for Cosmos DB database account with continuous backup mode
ActionsActions | DescriptionDescription |
---|---|
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/actionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action | Soumettre une demande de restaurationSubmit a restore request |
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read | |
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read | Lit un compte de base de données pouvant être restauré ou liste tous les comptes de base de données pouvant être restaurésRead a restorable database account or List all the restorable database accounts |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
"name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
"Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosRestoreOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de compte DocumentDBDocumentDB Account Contributor
Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | Créer et gérer des comptes Azure Cosmos DBCreate and manage Azure Cosmos DB accounts |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DocumentDB accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
"name": "5bd9cd88-fe45-4216-938b-f97437e15450",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DocumentDB Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Cache RedisRedis Cache Contributor
Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Cache/register/actionMicrosoft.Cache/register/action | Inscrit le fournisseur de ressources « Microsoft.Cache » à un abonnementRegisters the 'Microsoft.Cache' resource provider with a subscription |
Microsoft.Cache/redis/*Microsoft.Cache/redis/* | Créer et gérer les caches RedisCreate and manage Redis caches |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Redis caches, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
"name": "e0f68234-74aa-48ed-b826-c38b57376e17",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cache/register/action",
"Microsoft.Cache/redis/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Redis Cache Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur de base de données SQLSQL DB Contributor
Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* | Créer et gérer les bases de données SQLCreate and manage SQL databases |
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | Lire des mesuresRead metrics |
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | Lire les définitions des mesuresRead metric definitions |
NotActionsNotActions | |
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | Modifier les paramètres d'auditEdit audit settings |
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records |
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | Modifier les stratégies de masquage des donnéesEdit data masking policies |
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | Modifier les stratégies d'alerte de sécuritéEdit security alert policies |
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | Modifier les mesures de sécuritéEdit security metrics |
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Sql/servers/read",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL DB Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur d’Instance managée SQLSQL Managed Instance Contributor
Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/* | |
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/* | |
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/* | |
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/* | |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/* | |
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/* | |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | Lire des mesuresRead metrics |
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | Lire les définitions des mesuresRead metric definitions |
NotActionsNotActions | |
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/deleteMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete | Supprime un objet d’authentification Azure Active Directory d’un serveur géré spécifiqueDeletes a specific managed server Azure Active Directory only authentication object |
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/writeMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write | Ajoute ou met à jour un objet d’authentification Azure Active Directory d’un serveur géré spécifiqueAdds or updates a specific managed server Azure Active Directory only authentication object |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"permissions": [
{
"actions": [
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Managed Instance Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Gestionnaire de sécurité SQLSQL Security Manager
Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable. |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read | Obtient le résultat des opérations de l’administrateur Azure Async de l’instance gérée.Gets the Managed instance azure async administrator operations result. |
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/* | |
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | Créer et gérer les paramètres d’audit de serveur SQLCreate and manage SQL server auditing setting |
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read | Récupère les détails de la stratégie étendue d’audit des objets blob de serveur configurée sur un serveur spécifiéRetrieve details of the extended server blob auditing policy configured on a given server |
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | Créer et gérer les paramètres d’audit de base de données de serveur SQLCreate and manage SQL server database auditing settings |
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records |
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | Créer et gérer les stratégies de masquage de données de base de données de serveur SQLCreate and manage SQL server database data masking policies |
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read | Récupère les détails de la stratégie étendue d’audit d’objets blob configurée dans une base de données spécifiqueRetrieve details of the extended blob auditing policy configured on a given database |
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read | Retourner la liste des bases de données ou obtenir les propriétés pour la base de données spécifiée.Return the list of databases or gets the properties for the specified database. |
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read | Obtenir un schéma de base de données.Get a database schema. |
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read | Obtenir une colonne de base de données.Get a database column. |
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read | Obtenir un tableau de base de données.Get a database table. |
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | Créer et gérer les stratégies d’alerte de sécurité de base de données de serveur SQLCreate and manage SQL server database security alert policies |
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | Créer et gérer les mesures de sécurité de base de données de serveur SQLCreate and manage SQL server database security metrics |
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
Microsoft.Sql/servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/* | |
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/* | |
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server. |
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | Créer et gérer les stratégies d’alerte de sécurité de serveur SQLCreate and manage SQL server security alert policies |
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/* | |
Microsoft.Sql/managedInstances/readMicrosoft.Sql/managedInstances/read | Retourne la liste des instances gérées ou obtient les propriétés de l’instance gérée spécifiée.Return the list of managed instances or gets the properties for the specified managed instance. |
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/* | |
Microsoft.Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/* | |
Microsoft.Sql/managedInstances/administrators/readMicrosoft.Sql/managedInstances/administrators/read | Obtient la liste des administrateurs de l’instance gérée.Gets a list of managed instance administrators. |
Microsoft.Sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read | Obtient un objet d’administrateur Azure Active Directory spécifiqueGets a specific Azure Active Directory administrator object |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/read",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/read",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/transparentDataEncryption/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/devOpsAuditingSettings/*",
"Microsoft.Sql/servers/firewallRules/*",
"Microsoft.Sql/servers/read",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Support/*",
"Microsoft.Sql/servers/azureADOnlyAuthentications/*",
"Microsoft.Sql/managedInstances/read",
"Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
"Microsoft.Security/sqlVulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/administrators/read",
"Microsoft.Sql/servers/administrators/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Security Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur SQL ServerSQL Server Contributor
Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
Microsoft.Sql/servers/*Microsoft.Sql/servers/* | Créer et gérer les serveurs SQLCreate and manage SQL servers |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | Lire des mesuresRead metrics |
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | Lire les définitions des mesuresRead metric definitions |
NotActionsNotActions | |
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | Modifier les paramètres d'audit d'un serveur SQLEdit SQL server auditing settings |
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | Modifier les paramètres d'audit d'une base de données de serveur SQLEdit SQL server database auditing settings |
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records |
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | Modifier les stratégies de masquage de données d'une base de données de serveur SQLEdit SQL server database data masking policies |
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | Modifier les stratégies d'alerte de sécurité d'une base de données de serveur SQLEdit SQL server database security alert policies |
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | Modifier les mesures de sécurité d'une base de données de serveur SQLEdit SQL server database security metrics |
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
Microsoft.Sql/servers/devOpsAuditingSettings/*Microsoft.Sql/servers/devOpsAuditingSettings/* | |
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/* | |
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | Modifier les stratégies d'alerte de sécurité du serveur SQLEdit SQL server security alert policies |
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
Microsoft.Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete | Supprime l’objet d’authentification Azure Active Directory d’un serveur spécifiqueDeletes a specific server Azure Active Directory only authentication object |
Microsoft.Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write | Lit ou met à jour l’objet d’authentification Azure Active Directory d’un serveur spécifiqueAdds or updates a specific server Azure Active Directory only authentication object |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/*",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/devOpsAuditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/*",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AnalyticsAnalytics
Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner
Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.EventHub/*Microsoft.EventHub/* | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.EventHub/*Microsoft.EventHub/* | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver
Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender
Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeurs de fabrique de donnéesData Factory Contributor
Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* | Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them. |
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* | Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them. |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write | Créer ou mettre à jour un abonnement à un événementCreate or update an eventSubscription |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Videur de donnéesData Purger
Supprimez des données privées à partir d’un espace de travail Log Analytics.Delete private data from a Log Analytics workspace. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action | Vider des données d’Application InsightsPurging data from Application Insights |
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | Afficher les données Log AnalyticsView log analytics data |
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action | Supprime les données spécifiées de l’espace de travailDelete specified data from workspace |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Opérateur de cluster HDInsightHDInsight Cluster Operator
Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read | |
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action | Obtenir les paramètres de passerelle pour un HDInsight ClusterGet gateway settings for HDInsight Cluster |
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action | Mettre à jour les paramètres de passerelle pour un HDInsight ClusterUpdate gateway settings for HDInsight Cluster |
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/* | |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations. |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor
Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsight En savoir plusCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.AAD/*/readMicrosoft.AAD/*/read | |
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read | |
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/* | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Log AnalyticsLog Analytics Contributor
Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
*/read*/read | Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets. |
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/* | |
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/* | |
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts. |
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/* | |
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write | Installe ou met à jour toutes les extensions Azure ArcInstalls or Updates an Azure Arc extensions |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server |
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/* | |
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/* | |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur Log AnalyticsLog Analytics Reader
Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
*/read*/read | Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets. |
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine. |
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | Exécute une requête de recherche.Executes a search query |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read | Récupère les clés partagées de l’espace de travail.Retrieves the shared keys for the workspace. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail.These keys are used to connect Microsoft Operational Insights agents to the workspace. |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Curateur de données PurviewPurview Data Curator
Le curateur de données Microsoft.Purview peut créer, lire, modifier et supprimer des objets de données de catalogue et établir des relations entre les objets.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read | Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read | Lire des objets de données.Read data objects. |
Microsoft.Purview/accounts/data/writeMicrosoft.Purview/accounts/data/write | Créer, mettre à jour et supprimer des objets de données.Create, update and delete data objects. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
"name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
"permissions": [
{
"actions": [
"Microsoft.Purview/accounts/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Purview/accounts/data/read",
"Microsoft.Purview/accounts/data/write"
],
"notDataActions": []
}
],
"roleName": "Purview Data Curator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur de données PurviewPurview Data Reader
Le lecteur de données Microsoft.Purview peut lire les objets de données de catalogue.The Microsoft.Purview data reader can read catalog data objects. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read | Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Purview/accounts/data/readMicrosoft.Purview/accounts/data/read | Lire des objets de données.Read data objects. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
"name": "ff100721-1b9d-43d8-af52-42b69c1272db",
"permissions": [
{
"actions": [
"Microsoft.Purview/accounts/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Purview/accounts/data/read"
],
"notDataActions": []
}
],
"roleName": "Purview Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrateur de la source de données PurviewPurview Data Source Administrator
L’administrateur de la source de données Microsoft.Purview peut gérer les sources de données et les analyses de données.The Microsoft.Purview data source administrator can manage data sources and data scans. Ce rôle est en préversion et susceptible d’être changé.This role is in preview and subject to change.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Purview/accounts/readMicrosoft.Purview/accounts/read | Lire une ressource de compte pour le fournisseur Microsoft Purview.Read account resource for Microsoft Purview provider. |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Purview/accounts/scan/readMicrosoft.Purview/accounts/scan/read | Lire les sources de données et les analyses.Read data sources and scans. |
Microsoft.Purview/accounts/scan/writeMicrosoft.Purview/accounts/scan/write | Créer, mettre à jour et supprimer des sources de données et gérer les analyses.Create, update and delete data sources and manage scans. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
"name": "200bba9e-f0c8-430f-892b-6f0794863803",
"permissions": [
{
"actions": [
"Microsoft.Purview/accounts/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Purview/accounts/scan/read",
"Microsoft.Purview/accounts/scan/write"
],
"notDataActions": []
}
],
"roleName": "Purview Data Source Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur du registre de schémas (préversion)Schema Registry Contributor (Preview)
Lire, écrire et supprimer des groupes de registres de schémas et des schémas.Read, write, and delete Schema Registry groups and schemas.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/* | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/* | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Lecteur du registre de schémas (préversion)Schema Registry Reader (Preview)
Lire et répertorier les groupes de registres de schémas et les schémas.Read and list Schema Registry groups and schemas.
ActionsActions | DescriptionDescription |
---|---|
Microsoft.EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read | Obtenir la liste des descriptions de ressources du groupe de schémasGet list of SchemaGroup Resource Descriptions |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read | Récupérer des schémasRetrieve schemas |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
BlockchainBlockchain
Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview)
Permet d’accéder aux nœuds du membre blockchain En savoir plusAllows for access to Blockchain Member nodes Learn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read | Crée ou répertorie un ou plusieurs nœuds de transaction existants du membre blockchain.Gets or Lists existing Blockchain Member Transaction Node(s). |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action | Connecte à un nœud de transaction d’un membre blockchain.Connects to a Blockchain Member Transaction Node. |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Allows for access to Blockchain Member nodes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"permissions": [
{
"actions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
],
"notDataActions": []
}
],
"roleName": "Blockchain Member Node Access (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
IA + Machine LearningAI + machine learning
Contributeur Cognitive ServicesCognitive Services Contributor
Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | Lire les rôles et les affectations de rôlesRead roles and role assignments |
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
Microsoft.Features/features/readMicrosoft.Features/features/read | Afficher les fonctionnalités d’un abonnementGets the features of a subscription. |
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read | Afficher les fonctionnalités d’un abonnement pour un fournisseur de ressources donnéGets the feature of a subscription in a given resource provider. |
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert |
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server |
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | Lire les définitions de journalRead log definitions |
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | Lire les définitions des mesuresRead metric definitions |
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | Lire des mesuresRead metrics |
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope |
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | Créer et gérer un déploiementCreate and manage a deployment |
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations. |
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results. |
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | Obtient la liste des abonnements.Gets the list of subscriptions. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | Obtient ou répertorie les groupes de ressources.Gets or lists resource groups. |
Microsoft.Support/*Microsoft.Support/* | Créer et mettre à jour un ticket de supportCreate and update a support ticket |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Aucunenone | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Contributeur Cognitive Services Custom VisionCognitive Services Custom Vision Contributor
Accès complet au projet, y compris la possibilité de visualiser, créer, modifier et supprimer des projets.Full access to the project, including the ability to view, create, edit, or delete projects. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/* | |
NotDataActionsNotDataActions | |
Aucunenone |
{
"assignableScopes": [
"/"
],
"description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/accounts/CustomVision/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Custom Vision Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Déploiement de Cognitive Services Custom VisionCognitive Services Custom Vision Deployment
Publier, dépublier ou exporter des modèles.Publish, unpublish or export models. Le déploiement peut visualiser le projet, mais ne peut pas le mettre à jour.Deployment can view the project but can't update. En savoir plusLearn more
ActionsActions | DescriptionDescription |
---|---|
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
NotActionsNotActions | |
Aucunenone | |
DataActionsDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/*/readMicrosoft.CognitiveServices/accounts/CustomVision/*/read | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/* | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/* | |
Microsoft.CognitiveServices/accounts/CustomVision/classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/* | |
Microsoft.CognitiveServices/accounts/CustomVision/detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/* | |
NotDataActionsNotDataActions | |
Microsoft.CognitiveServices/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read | Exporte un projet.Exports a project. |
{
"assignableScopes": [
"/"
],
"description&q