Rôles intégrés AzureAzure built-in roles

Le contrôle d’accès en fonction du rôle (RBAC) Azure a plusieurs rôles intégrés Azure que vous pouvez affecter aux utilisateurs, groupes, principaux de service et identités managées.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Les attributions de rôles vous permettent de contrôler l’accès aux ressources Azure.Role assignments are the way you control access to Azure resources. Si les rôles intégrés ne répondent pas aux besoins spécifiques de votre organisation, vous pouvez créer vos propres rôles personnalisés Azure.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

Cet article répertorie les rôles intégrés à Azure, qui sont en constante évolution.This article lists the Azure built-in roles, which are always evolving. Pour obtenir les derniers rôles, utilisez la commande Get-AzRoleDefinition ou az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Si vous recherchez des rôles d’administrateur pour Azure Active Directory (Azure AD), consultez Autorisations de rôles d’administrateur dans Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

TousAll

Le tableau ci-après fournit une brève description et l'ID unique de chaque rôle intégré.The following table provides a brief description and the unique ID of each built-in role. Sélectionnez le nom d’un rôle pour voir la liste des Actions, NotActions, DataActions et NotDataActions concernant ce rôle.Select the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. Pour obtenir des informations sur la signification de ces actions et la manière dont elles s’appliquent en termes de gestion et de données, consultez Comprendre les définitions de rôle Azure.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

Rôle intégréBuilt-in role DescriptionDescription idID
GénéralitésGeneral
ContributeurContributor Permet de tout gérer, à l’exception de l’octroi de l’accès aux ressources.Lets you manage everything except granting access to resources. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
PropriétaireOwner Permet de tout gérer, notamment l’accès aux ressources.Lets you manage everything, including access to resources. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
LecteurReader Vous permet de tout afficher, mais sans apporter de modifications.Lets you view everything, but not make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
Administrateur de l'accès utilisateurUser Access Administrator Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
CalculCompute
Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateurView Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Contributeur de machine virtuelleVirtual Machine Contributor Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
Mise en réseauNetworking
Contributeur de point de terminaison CDNCDN Endpoint Contributor Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Lecteur de point de terminaison CDNCDN Endpoint Reader Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
Contributeur de profil CDNCDN Profile Contributor Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
Lecteur de profil CDNCDN Profile Reader Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Contributeur de réseau classiqueClassic Network Contributor Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
Contributeur de Zone DNSDNS Zone Contributor Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Contributeur de réseauNetwork Contributor Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
Contributeur Traffic ManagerTraffic Manager Contributor Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StockageStorage
Contributeur AvereAvere Contributor Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Opérateur AvereAvere Operator Utilisé par le cluster Avere vFXT pour gérer le clusterUsed by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Contributeur de sauvegardeBackup Contributor Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnesLets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Opérateur de sauvegardeBackup Operator Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnesLets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Lecteur de sauvegardeBackup Reader Peut afficher des services de sauvegarde, mais pas apporter des modificationsCan view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Contributeur de compte de stockage classiqueClassic Storage Account Contributor Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à régénérer des clés sur des comptes de stockage classiquesClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Contributeur Data BoxData Box Contributor Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Lecteur Data BoxData Box Reader Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Développeur Data Lake AnalyticsData Lake Analytics Developer Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Lecteur et accès aux donnéesReader and Data Access Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Contributeur de compte de stockageStorage Account Contributor Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Contributeur aux données Blob du stockageStorage Blob Data Contributor Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Propriétaire des données Blob du stockageStorage Blob Data Owner Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Lecteur des données blob du stockageStorage Blob Data Reader Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Délégation du Stockage BlobStorage Blob Delegator Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Lecteur des données en file d’attente du stockageStorage Queue Data Reader Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Lecteur de données Azure MapsAzure Maps Data Reader Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Contributeur du service de rechercheSearch Service Contributor Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Contributeur de plan webWeb Plan Contributor Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Contributeur de site webWebsite Contributor Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContainersContainers
AcrDeleteAcrDelete acr deleteacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner signataire d’image ACRacr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull tirer (pull) acracr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush envoyer (push) acracr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader lecteur de données de quarantaine ACRacr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter écriture de données de quarantaine ACRacr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Bases de donnéesDatabases
Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Opérateur Cosmos DBCosmos DB Operator Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compteCan submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
Contributeur de compte DocumentDBDocumentDB Account Contributor Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Contributeur Cache RedisRedis Cache Contributor Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
Contributeur de base de données SQLSQL DB Contributor Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Contributeur de SQL Managed InstanceSQL Managed Instance Contributor Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
Gestionnaire de sécurité SQLSQL Security Manager Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
Contributeur SQL ServerSQL Server Contributor Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyseAnalytics
Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Contributeurs de fabrique de donnéesData Factory Contributor Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Videur de donnéesData Purger Peut vider les données d’analytiqueCan purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
Opérateur de cluster HDInsightHDInsight Cluster Operator Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsightCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Contributeur Log AnalyticsLog Analytics Contributor Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Lecteur Log AnalyticsLog Analytics Reader Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
BlockchainBlockchain
Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview) Permet d’accéder aux nœuds du membre blockchainAllows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
IA + machine learningAI + machine learning
Contributeur Cognitive ServicesCognitive Services Contributor Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Lecteur de données Cognitive Services (préversion)Cognitive Services Data Reader (Preview) Permet de lire des données Cognitive Services.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Utilisateur Cognitive ServicesCognitive Services User Vous permet de lire et de répertorier les clés de Cognitive Services.Lets you read and list keys of Cognitive Services. a97b65f3-24C7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Réalité mixteMixed reality
Contributeur de compte Spatial AnchorsSpatial Anchors Account Contributor Permet de gérer des ancres spatiales dans votre compte, mais pas de les supprimerLets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Propriétaire de compte Spatial AnchorsSpatial Anchors Account Owner Permet de gérer des ancres spatiales dans votre compte, y compris de les supprimerLets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Lecteur de compte Spatial AnchorsSpatial Anchors Account Reader Permet de localiser et de lire les propriétés d’ancres spatiales dans votre compteLets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
IntégrationIntegration
Contributeur du service Gestion des APIAPI Management Service Contributor Peut gérer le service et les APICan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
Rôle d’opérateur du service Gestion des APIAPI Management Service Operator Role Peut gérer le service, mais pas les APICan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Rôle de lecteur du service Gestion des APIAPI Management Service Reader Role Accès en lecture seule au service et aux APIRead-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
Propriétaire des données App ConfigurationApp Configuration Data Owner Permet l’accès total aux données App Configuration.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
Lecteur des données App ConfigurationApp Configuration Data Reader Permet de lire les données App Configuration.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Propriétaire de données Azure Service BusAzure Service Bus Data Owner Permet un accès total aux ressources Azure Service Bus.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Récepteur de données Azure Service BusAzure Service Bus Data Receiver Permet d’obtenir un accès en réception aux ressources Azure Service Bus.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Expéditeur de données Azure Service BusAzure Service Bus Data Sender Permet d’obtenir un accès en envoi aux ressources Azure Service Bus.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Propriétaire de l’inscription Azure StackAzure Stack Registration Owner Permet de gérer les inscriptions Azure Stack.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Contributeur EventGrid EventSubscriptionEventGrid EventSubscription Contributor Vous permet de gérer les opérations d’abonnement aux événements EventGrid.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Lecteur EventGrid EventSubscriptionEventGrid EventSubscription Reader Vous permet de lire les abonnements aux événements EventGrid.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4FAF-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Contributeur de compte Intelligent SystemsIntelligent Systems Account Contributor Permet de gérer des comptes Intelligent Systems, mais pas d’y accéder.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Contributeur d’application logiqueLogic App Contributor Permet de gérer des applications logiques, mais pas d’en modifier l’accès.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Opérateur d’application logiqueLogic App Operator Permet de lire, d’activer et de désactiver des applications logiques, mais pas de les modifier ou de les mettre à jour.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IdentitéIdentity
Contributeur d’identités géréesManaged Identity Contributor Peut créer, lire, mettre à jour et supprimer une identité attribuée à l’utilisateur.Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Opérateur d’identités géréesManaged Identity Operator Peut lire et assigner une identité attribuée à l’utilisateur.Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SécuritéSecurity
Contributeur Azure SentinelAzure Sentinel Contributor Contributeur Azure SentinelAzure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Lecteur Azure SentinelAzure Sentinel Reader Lecteur Azure SentinelAzure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Répondeur Azure SentinelAzure Sentinel Responder Répondeur Azure SentinelAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Contributeur Key VaultKey Vault Contributor Permet de gérer des coffres de clés, mais pas d’y accéder.Lets you manage key vaults, but not access to them. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Administrateur de la sécuritéSecurity Admin Autorisations d’affichage et de mise à jour pour Security Center.View and update permissions for Security Center. Dispose des mêmes autorisations que le rôle Lecteur de sécurité et peut également modifier la stratégie de sécurité et ignorer les alertes et les recommandations.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Contributeur d'évaluation de la sécuritéSecurity Assessment Contributor Vous permet d’envoyer (push) les évaluations à Security CenterLets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
Gestionnaire de sécurité (hérité)Security Manager (Legacy) Il s’agit d’un rôle hérité.This is a legacy role. Utilisez plutôt l’administrateur de sécurité.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Lecteur de sécuritéSecurity Reader Autorisations d’affichage pour Security Center.View permissions for Security Center. Peut afficher les recommandations, les alertes, une stratégie de sécurité et les états de sécurité, mais ne peut pas apporter de modifications.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
Utilisateur de DevTest LabsDevTest Labs User Permet de connecter, de démarrer, de redémarrer et d’arrêter vos machines virtuelles dans votre Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Créateur LabLab Creator Permet de créer, de gérer et de supprimer des labs gérés dans vos comptes Azure Lab.Lets you create, manage, delete your managed labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
SurveillerMonitor
Contributeur de composants Application InsightsApplication Insights Component Contributor Gérer les composants Application InsightsCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Débogueur de capture instantanée d’Application InsightsApplication Insights Snapshot Debugger Autorise l’utilisateur à consulter et à télécharger les instantanés de débogage collectés à l’aide du débogueur de capture instantanée Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Ces autorisations ne sont pas incluses dans les rôles Propriétaire et Contributeur.Note that these permissions are not included in the Owner or Contributor roles. Lorsque vous donnez aux utilisateurs le rôle Débogueur de capture instantanée Application Insights, vous devez leur accorder directement le rôle.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. Le rôle n’est pas reconnu lorsqu’il est ajouté à un rôle personnalisé.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Contributeur de surveillanceMonitoring Contributor Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Can read all monitoring data and edit monitoring settings. Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
Publication des métriques de surveillanceMonitoring Metrics Publisher Permet de publier les métriques relatives aux ressources AzureEnables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Lecteur de surveillanceMonitoring Reader Peut lire toutes les données de supervision (métriques, journaux d’activité, etc.)Can read all monitoring data (metrics, logs, etc.). Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
Contributeur de classeurWorkbook Contributor Peut enregistrer les classeurs partagés.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
Lecteur de classeurWorkbook Reader Peut lire les classeurs.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
Gestion + gouvernanceManagement + governance
Opérateur de travaux AutomationAutomation Job Operator Permet de créer et de gérer des travaux avec des runbooks Automation.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Opérateur AutomationAutomation Operator Les opérateurs d’Automation sont en mesure de démarrer, d’arrêter, de suspendre et de reprendre des travauxAutomation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Opérateur de runbook AutomationAutomation Runbook Operator Propriétés de lecture du runbook : pour pouvoir créer des travaux depuis le runbook.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Intégration de machine connectée à AzureAzure Connected Machine Onboarding Peut intégrer des machines connectées à Azure.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Administrateur des ressources de la machine connectée à AzureAzure Connected Machine Resource Administrator Peut lire, écrire, supprimer et réintégrer des machines connectées à Azure.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
Lecteur de facturationBilling Reader Autorise l’accès en lecture aux données de facturationAllows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Contributeur blueprintBlueprint Contributor Peut gérer les définitions blueprint, mais ne peut pas les affecter.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
Opérateur blueprintBlueprint Operator Peut affecter des blueprints publiés existants, mais ne peut pas en créer de nouveaux.Can assign existing published blueprints, but cannot create new blueprints. Notez que cela fonctionne uniquement si l’affectation est effectuée avec une identité managée affectée par l’utilisateur.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Contributeur Cost ManagementCost Management Contributor Peut afficher les coûts et gérer la configuration des coûts (par exemple, budgets, exportations)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Lecteur Cost ManagementCost Management Reader Peut afficher les données et la configuration des coûts (par exemple, budgets, exportations)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Administration des paramètres de hiérarchieHierarchy Settings Administrator Permet aux utilisateurs de modifier et de supprimer des paramètres de hiérarchieAllows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Rôle Contributeur d'application managéeManaged Application Contributor Role Permet de créer des ressources d’application managées.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Rôle opérateur d’application managéeManaged Application Operator Role Permet de lire les ressources d’application managée et d’effectuer des actions sur ces ressources.Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Lecteur Applications managéesManaged Applications Reader Vous permet de lire les ressources dans une application managée et de demander un accès JIT.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
Suppression du rôle d’attribution d’inscription de services managéManaged Services Registration assignment Delete Role La suppression du rôle d’attribution d’inscription de services managés permet aux utilisateurs du client gérant de supprimer l’attribution d’inscription assignée à leur locataire.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
Contributeur du groupe d’administrationManagement Group Contributor Rôle de collaborateur du groupe d’administrationManagement Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Lecteur du groupe d’administrationManagement Group Reader Rôle de lecteur du groupe d’administrationManagement Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
Contributeur de compte NewRelic APMNew Relic APM Account Contributor Vous permet de gérer des comptes et applications New Relic Application Performance Management, mais pas d’y accéder.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Policy Insights Data Writer (préversion)Policy Insights Data Writer (Preview) Permet de lire les stratégies de ressources et d’écrire les événements de stratégie de composant de ressource.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
Contributeur de stratégie de ressourceResource Policy Contributor Utilisateurs dotés de droits pour créer ou modifier une stratégie de ressource, créer un ticket de support et lire des ressources ou la hiérarchie.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Contributeur Site RecoverySite Recovery Contributor Permet de gérer le service Site Recovery sauf la création de coffre et l’attribution de rôleLets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Opérateur Site RecoverySite Recovery Operator Permet de basculer et de restaurer mais pas d’effectuer d’autres opérations de gestion de Site RecoveryLets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Lecteur Site RecoverySite Recovery Reader Permet d’afficher l’état de Site Recovery mais pas d’effectuer d’autres opérations de gestionLets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Contributeur de demande de supportSupport Request Contributor Permet de créer et de gérer des demandes de supportLets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Contributeur d’étiquetteTag Contributor Vous permet de gérer les étiquettes sur les entités, sans fournir l’accès aux entités elles-mêmes.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
AutresOther
Contributeur BizTalkBizTalk Contributor Permet de gérer des services BizTalk, mais pas d’y accéder.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
Contributeur des collections de travaux du planificateurScheduler Job Collections Contributor Permet de gérer des collections de tâches du planificateur, mais pas d’y accéder.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94

GénéralGeneral

ContributeurContributor

Permet de tout gérer, à l’exception de l’octroi de l’accès aux ressources.Lets you manage everything except granting access to resources.

ActionsActions
* Créer et gérer les ressources de tous les typesCreate and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete Supprimer des rôles, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesDelete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write Créer des rôles, des attributions de rôle, des affectations de stratégie, des définitions de stratégie et des définitions d’ensemble de stratégiesCreate roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action Accorde à l’appelant un accès Administrateur de l’accès utilisateur au niveau de la portée du clientGrants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write Créer ou mettre à jour toutes les affectations de blueprintCreate or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete Supprimer toutes les affectations de blueprintDelete any blueprint assignments
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything except access to resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

PropriétaireOwner

Permet de tout gérer, notamment l’accès aux ressources.Lets you manage everything, including access to resources.

ActionsActions
* Créer et gérer les ressources de tous les typesCreate and manage resources of all types
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything, including access to resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

LecteurReader

Vous permet de tout afficher, mais sans apporter de modifications.Lets you view everything, but not make any changes.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything, but not make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur de l'accès utilisateurUser Access Administrator

Vous permet de gérer l'accès utilisateur aux ressources Azure.Lets you manage user access to Azure resources.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* Gérer les autorisationsManage authorization
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CalculCompute

Contributeur de machine virtuelle classiqueClassic Virtual Machine Contributor

Permet de gérer des machines virtuelles classiques, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* Créer et gérer des noms de domaine de calcul classiqueCreate and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* Créer et gérer les machines virtuellesCreate and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action Lier une adresse IP réservéeLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read Obtient les adresses IP réservéesGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action Joint le réseau virtuel.Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read Obtenez le réseau virtuel.Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read Retourne le disque du compte de stockage.Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read Retourne l’image du compte de stockage.Returns the storage account image. (Déconseillé.(Deprecated. Utilisez « Microsoft.ClassicStorage/storageAccounts/vmImages »)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Retourne le compte de stockage avec le compte spécifique.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Connexion de l’administrateur aux machines virtuellesVirtual Machine Administrator Login

Afficher les machines virtuelles dans le portail et se connecter en tant qu’administrateurView Virtual Machines in the portal and login as administrator

ActionsActions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action Se connecter à une machine virtuelle avec des privilèges d’administrateur Windows ou d’utilisateur racine LinuxLog in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de machine virtuelleVirtual Machine Contributor

Permet de gérer des machines virtuelles, mais pas d’y accéder, ni au réseau virtuel ou au compte de stockage auquel elles sont connectées.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* Créer et gérer des groupes à haute disponibilité de calculCreate and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* Créer et gérer des emplacements de calculCreate and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* Créer et gérer les machines virtuellesCreate and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* Créez et gérez des jeux de mise à l’échelle des machines virtuellesCreate and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write Créer ou mettre à jour un disqueCreates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read Obtenir les propriétés d’un disqueGet the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete Supprimer le disqueDeletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action Joint un pool d’adresses principales de passerelle d’application.Joins an application gateway backend address pool. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action Joint un pool d’adresses principales d’équilibrage de charge.Joins a load balancer backend address pool. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action Joint un pool NAT entrant d’équilibrage de charge.Joins a load balancer inbound NAT pool. Impossible à alerter.Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action Joint une règle nat de trafic entrant d’équilibrage de charge.Joins a load balancer inbound nat rule. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action Autorise l’utilisation des sondes d’un équilibreur de charge.Allows using probes of a load balancer. Par exemple, avec cette autorisation, la propriété healthProbe du groupe de machines virtuelles identiques peut faire référence à la sonde.For example, with this permission healthProbe property of VM scale set can reference the probe. Impossible à alerter.Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* Créer et gérer des emplacements réseauCreate and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* Créer et gérer des interfaces réseauCreate and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read Obtient une définition de groupe de sécurité réseau.Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action Joint une adresse IP publique.Joins a public ip address. Impossible à alerter.Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crée une intention de protection de sauvegarde.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Créer un élément protégé de sauvegarde.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write Crée une stratégie de protection.Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Connexion de l’utilisateur aux machines virtuellesVirtual Machine User Login

Affichez les machines virtuelles dans le portail et connectez-vous en tant qu’utilisateur normal.View Virtual Machines in the portal and login as a regular user.

ActionsActions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read Obtient une définition d’équilibrage de charge.Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action Se connecter à la machine virtuelle comme utilisateur normalLog in to a virtual machine as a regular user
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Mise en réseauNetworking

Contributeur de point de terminaison CDNCDN Endpoint Contributor

Peut gérer les points de terminaison CDN, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN endpoints, but can't grant access to other users.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de point de terminaison CDNCDN Endpoint Reader

Peut afficher des points de terminaison CDN, mais ne peut pas effectuer de modifications.Can view CDN endpoints, but can't make changes.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de profil CDNCDN Profile Contributor

Peut gérer des profils CDN et leurs points de terminaison, mais ne peut pas accorder l’accès à d’autres utilisateurs.Can manage CDN profiles and their endpoints, but can't grant access to other users.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de profil CDNCDN Profile Reader

Peut afficher des profils CDN et leurs points de terminaison, mais ne peut pas y apporter des modifications.Can view CDN profiles and their endpoints, but can't make changes.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de réseau classiqueClassic Network Contributor

Permet de gérer des réseaux classiques, mais pas d’y accéder.Lets you manage classic networks, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* Créer et gérer des réseaux classiquesCreate and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de Zone DNSDNS Zone Contributor

Permet de gérer des zones DNS et des jeux d’enregistrements dans Azure DNS, mais pas de contrôler qui y a accès.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* Créer et gérer des enregistrements et zones DNSCreate and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de réseauNetwork Contributor

Permet de gérer des réseaux, mais pas d’y accéder.Lets you manage networks, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* Créer et gérer des réseauxCreate and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Traffic ManagerTraffic Manager Contributor

Permet de gérer des profils Traffic Manager, mais pas de contrôler qui y a accès.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

StockageStorage

Contributeur AvereAvere Contributor

Peut créer et gérer un cluster Avere vFXT.Can create and manage an Avere vFXT cluster.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read Obtient les ressources du groupe de ressources.Gets the resources for the resource group.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur AvereAvere Operator

Utilisé par le cluster Avere vFXT pour gérer le clusterUsed by the Avere vFXT cluster to manage the cluster

ActionsActions
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read Obtenir les propriétés d’une machine virtuelleGet the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write Crée une interface réseau ou met à jour une interface réseau existante.Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read Obtient une définition de sous-réseau de réseau virtuel.Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action Joint un groupe de sécurité réseau.Joins a network security group. Impossible à alerter.Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Retourne le résultat de la suppression d’un conteneurReturns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourne la liste des conteneursReturns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Retourne le résultat du conteneur put blobReturns the result of put blob container
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retourner le résultat de la suppression d’un objet blobReturns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourne un objet blob ou une liste d'objets blobReturns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retourner le résultat de l’écriture d’un objet blobReturns the result of writing a blob
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de sauvegardeBackup Contributor

Permet de gérer le service de sauvegarde, mais pas de créer des coffres, ni d’accorder l’accès à d’autres personnesLets you manage backup service, but can't create vaults and give access to others

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Gérer les résultats des opérations de gestion des sauvegardesManage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Créer et gérer des conteneurs de sauvegarde dans les structures de sauvegarde du coffre Recovery ServicesCreate and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualise la liste de conteneurs.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Créer et gérer des travaux de sauvegardeCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* Créer et gérer des stratégies de sauvegardeCreate and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* Créer et gérer les éléments sauvegardésCreate and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Créer et gérer les conteneurs contenant les éléments de sauvegardeCreate and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Créer et gérer des certificats associés à la sauvegarde dans le coffre Recovery ServicesCreate and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Créer et gérer des informations étendues associées au coffreCreate and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Créer et gérer les identités inscritesCreate and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Créer et gérer l’utilisation du coffre Recovery ServicesCreate and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valider l’opération sur l’élément protégé.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write L’opération de création de coffre entraîne la création d’une ressource Azure de type « coffre ».Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtient tous les conteneurs protégeablesGet all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur de sauvegardeBackup Operator

Permet de gérer des services de sauvegarde, à l’exception de la suppression de la sauvegarde, de la création de coffres et de l’octroi d’autorisations d’accès à d’autres personnesLets you manage backup services, except removal of backup, vault creation and giving access to others

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Renvoie l’état de l’opération.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Effectue la sauvegarde d’un élément protégé.Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Approvisionner la récupération d’éléments instantanée pour l’élément protégé.Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Restaurer les points de récupération des éléments protégés.Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Révoquer la récupération d’éléments instantanée pour l’élément protégé.Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Créer un élément protégé de sauvegarde.Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Renvoie tous les conteneurs inscrits.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Actualise la liste de conteneurs.Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Créer et gérer des travaux de sauvegardeCreate and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Créer et gérer les résultats des opérations de gestion des sauvegardesCreate and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Créer et gérer les éléments qui peuvent être sauvegardésCreate and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write L’opération de mise à jour de certificat de ressource met à jour le certificat d’identification du coffre/de la ressource.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write L’opération d’inscription d’un conteneur de service peut être utilisée pour inscrire un conteneur avec Recovery Services.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Valider l’opération sur l’élément protégé.Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Crée un conteneur inscritCreates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Recherche les charges de travail dans un conteneurDo inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Crée une intention de protection de sauvegarde.Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Créer une intention de protection de sauvegardeGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obtient tous les conteneurs protégeablesGet all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtient tous les éléments figurant dans un conteneurGet all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de sauvegardeBackup Reader

Peut afficher des services de sauvegarde, mais pas apporter des modificationsCan view backup services, but can't make changes

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp est une opération interne utilisée par le service.GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Renvoie l’état de l’opération.Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obtient les résultats de l’opération effectuée sur le conteneur de protection.Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obtient les résultats de l’opération effectuée sur les éléments protégés.Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Renvoie l’état de l’opération effectuée sur les éléments protégés.Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Renvoie des détails d’objet de l’élément protégé.Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obtenir les points de récupération des éléments protégés.Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Renvoie tous les conteneurs inscrits.Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read Renvoie le résultat de l’opération de travail.Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read Renvoie tous les objets de travail.Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Travaux d’exportationExport Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Renvoie le résultat de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obtenir les résultats de l’opération de stratégie.Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read Renvoie toutes les stratégies de protection.Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Renvoie la liste de tous les éléments protégés.Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Renvoie tous les conteneurs appartenant à l’abonnement.Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Renvoie des résumés pour les éléments protégés et les serveurs protégés d’un coffre Recovery Services.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read L’opération d’obtention d’informations étendues obtient les informations étendues d’un objet représentant la ressource Azure de type « coffre ».The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obtient les alertes pour le coffre Recovery Services.Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read L’opération d’obtention des résultats d’une opération peut être utilisée pour obtenir l’état de l’opération et le résultat de l’opération envoyée de manière asynchrone.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read L’opération d’obtention de conteneurs peut être utilisée pour obtenir les conteneurs inscrits pour une ressource.The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Renvoie la configuration de stockage pour le coffre Recovery Services.Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Renvoie la configuration pour le coffre Recovery Services.Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Renvoie l’état de l’opération de sauvegarde pour le coffre Recovery Services.Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obtenir l’état de l’opération de stratégie.Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read Retourne tous les serveurs d’administration de sauvegarde inscrits auprès du coffre.Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Créer une intention de protection de sauvegardeGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obtient tous les éléments figurant dans un conteneurGet all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Vérifie l’état de la sauvegarde pour les coffres Recovery ServicesCheck Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Résout l’alerte.Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read Retourne la liste d’opérations pour un fournisseur de ressourcesOperation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read Obtient l’état de l’opération pour une opération donnée.Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Répertorier tous les intentions de protection de sauvegardeList all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Valide des fonctionnalitésValidate Features
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte de stockage classiqueClassic Storage Account Contributor

Permet de gérer des comptes de stockage classiques, mais pas d’y accéder.Lets you manage classic storage accounts, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle de service d’opérateur de clé de compte de stockage classiqueClassic Storage Account Key Operator Service Role

Les opérateurs de clés de comptes de stockage classiques sont autorisés à lister et à régénérer des clés sur des comptes de stockage classiquesClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts

ActionsActions
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action Régénère les clés d’accès existantes du compte de stockage.Regenerates the existing access keys for the storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Data BoxData Box Contributor

Permet de gérer toutes les opérations sous le service Data Box à l’exception de l’octroi d’accès à d’autres personnes.Lets you manage everything under Data Box Service except giving access to others.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Data BoxData Box Reader

Permet de gérer le service Data Box, mais ne permet pas de créer une commande, de modifier les détails d’une commande ou d’octroyer l’accès à d’autres personnes.Lets you manage Data Box Service except creating order or editing order details and giving access to others.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action Répertorie les informations d’identification non chiffrées liées à la commandeLists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action Retourner la liste des références (SKU) disponiblesThis method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action Cette méthode effectue tous les types de validations.This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action Cette méthode retourne les configurations pour la région.This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action Valider l'adresse de livraison et fournir d'autres adresses s’il en estValidates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Développeur Data Lake AnalyticsData Lake Analytics Developer

Permet d’envoyer, de surveiller et de gérer vos propres travaux, mais pas de créer ni de supprimer des comptes Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete Supprime un compte Data Lake Analytics.Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action Accorde des autorisations pour annuler des travaux soumis par d’autres utilisateurs.Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write Crée ou met à jour un compte Data Lake Analytics.Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write Crée ou met à jour un compte Data Lake Store lié d’un compte Data Lake Analytics.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete Dissocie un compte Data Lake Store d’un compte Data Lake Analytics.Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write Crée ou met à jour un compte de stockage lié d’un compte Data Lake Analytics.Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete Dissocie un compte de stockage d’un compte Data Lake Analytics.Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write Créer ou mettre à jour une règle de pare-feu.Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete Supprimer une règle de pare-feu.Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write Crée ou met à jour une stratégie de calcul.Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete Supprime une stratégie de calcul.Delete a compute policy.
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur et accès aux donnéesReader and Data Access

Permet d’afficher tous les éléments, mais pas de supprimer ou de créer un compte de stockage ou une ressource contenue.Lets you view everything but will not let you delete or create a storage account or contained resource. En outre, autorise l’accès en lecture/écriture à toutes les données contenues dans un compte de stockage via l’accès aux clés de compte de stockage.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

ActionsActions
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action Retourne le jeton SAS du compte de stockage spécifié.Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte de stockageStorage Account Contributor

Permet la gestion des comptes de stockage.Permits management of storage accounts. Fournit l’accès à la clé de compte, qui peut être utilisée pour accéder aux données par le biais de l’autorisation de clé partagée.Provides access to the account key, which can be used to access data via Shared Key authorization.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Créer et gérer les comptes de stockageCreate and manage storage accounts
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle de service d’opérateur de clé de compte de stockageStorage Account Key Operator Service Role

Permet de répertorier et de régénérer les clés d’accès au compte de stockage.Permits listing and regenerating storage account access keys.

ActionsActions
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action Régénère les clés d’accès au compte de stockage spécifié.Regenerates the access keys for the specified storage account.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur aux données Blob du stockageStorage Blob Data Contributor

Lire, écrire et supprimer des conteneurs et objets blob du stockage Azure.Read, write, and delete Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete Supprimer un conteneur.Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Modifier les métadonnées ou les propriétés d’un conteneur.Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Supprimer un objet blob.Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action Déplace l'objet blob d'un chemin à un autreMoves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Écrire dans un objet blob.Write to a blob.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire des données Blob du stockageStorage Blob Data Owner

Fournit un accès total aux conteneurs d’objets blob et aux données du Stockage Azure, notamment l’attribution du contrôle d’accès POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* Toutes les autorisations sur les conteneurs.Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Toutes les autorisations sur les objets blob.Full permissions on blobs.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur des données blob du stockageStorage Blob Data Reader

Lire et répertorier des conteneurs et objets blob du stockage Azure.Read and list Azure Storage containers and blobs. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read Retourner un conteneur ou une liste de conteneurs.Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retourner un objet blob ou une liste d'objets blob.Return a blob or a list of blobs.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Délégation du Stockage BlobStorage Blob Delegator

Obtenez une clé de délégation d’utilisateur qui peut être utilisée pour créer une signature d’accès partagé pour un conteneur ou un objet blob signé avec les informations d’identification Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Pour en savoir plus, consultez Créer une SAP de délégation d’utilisateur.For more information, see Create a user delegation SAS.

ActionsActions
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retourne une clé de délégation d’utilisateur pour le service Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de partage SMB de données de fichier de stockageStorage File Data SMB Share Contributor

Permet l'accès en lecture, en écriture et en suppression aux fichiers/répertoires des partages de fichiers Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Ce rôle n'a pas d'équivalent intégré sur les serveurs de fichiers Windows.This role has no built-in equivalent on Windows file servers.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur élevé de partage SMB de données de fichier de stockageStorage File Data SMB Share Elevated Contributor

Permet la lecture, l'écriture, la suppression et la modification des listes de contrôle d'accès sur les fichiers/répertoires des partages de fichiers Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en modification sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of change on Windows file servers.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retourne le résultat de l’écriture d’un fichier ou de la création d’un dossier.Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retourne le résultat de la suppression d’un fichier/dossier.Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action Retourne le résultat de la modification de l’autorisation sur un fichier/dossier.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de partage SMB de données de fichier de stockageStorage File Data SMB Share Reader

Permet l'accès en lecture aux fichiers/répertoires des partages de fichiers Azure.Allows for read access on files/directories in Azure file shares. Ce rôle équivaut à une liste de contrôle d'accès de partage de fichiers en lecture sur les serveurs de fichiers Windows.This role is equivalent to a file share ACL of read on Windows file servers.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retourne un fichier/dossier ou une liste de fichiers/dossiers.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur aux données en file d’attente du stockageStorage Queue Data Contributor

Lire, écrire et supprimer des files d'attente et messages en file d'attente du stockage Azure.Read, write, and delete Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete Supprimer une file d’attente.Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Retourner une file d’attente ou une liste de files d’attente.Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write Modifier les métadonnées ou propriétés en file d’attente.Modify queue metadata or properties.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete Supprimer un ou plusieurs messages à partir d’une file d’attente.Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write Ajouter un message à une file d'attente.Add a message to a queue.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Processeur de messages de données en file d’attente du stockageStorage Queue Data Message Processor

Récupérer et supprimer un message, ou en afficher un aperçu à partir d’une file d’attente Stockage Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Afficher l’aperçu d’un message.Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Récupérer et supprimer un message.Retrieve and delete a message.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Expéditeur de messages de données en file d’attente du stockageStorage Queue Data Message Sender

Ajoutez des messages à une file d’attente de stockage Azure.Add messages to an Azure Storage queue. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action Ajouter un message à une file d'attente.Add a message to a queue.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur des données en file d’attente du stockageStorage Queue Data Reader

Lire et répertorier des files d’attente et messages en file d’attente du stockage Azure.Read and list Azure Storage queues and queue messages. Pour savoir quelles actions sont requises pour une opération de données spécifique, consultez Autorisations pour appeler les opérations de données d’objet blob et de file d’attente.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

ActionsActions
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read Retourne une file d’attente ou une liste de files d’attente.Returns a queue or a list of queues.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Récupérer un ou plusieurs messages à partir d’une file d’attente, ou en afficher un aperçu.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Lecteur de données Azure MapsAzure Maps Data Reader

Octroie un accès pour lire les données liées au mappage à partir d’un compte Azure Maps.Grants access to read map related data from an Azure maps account.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur du service de rechercheSearch Service Contributor

Permet de gérer des services de recherche, mais pas d’y accéder.Lets you manage Search services, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* Créer et gérer les services de rechercheCreate and manage search services
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de plan webWeb Plan Contributor

Permet de gérer des plans web pour des sites web, mais pas d’y accéder.Lets you manage the web plans for websites, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* Créer et gérer des batteries de serveursCreate and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action Joint un environnement App Service EnvironmentJoins an App Service Environment
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de site webWebsite Contributor

Permet de gérer des sites web (pas des plans web), mais pas d’y accéder.Lets you manage websites (not web plans), but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Créer et gérer les composants InsightsCreate and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* Créer et gérer les certificats de site webCreate and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read Récupère les noms de sites affectés à un nom d’hôte.Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Récupère les propriétés d’un plan App Service.Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* Créer et gérer des sites web (la création de sites nécessite également des autorisations d’écriture pour le plan App Service associé)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContainersContainers

AcrDeleteAcrDelete

acr deleteacr delete

ActionsActions
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete Supprimer l’artefact dans un registre de conteneurs.Delete artifact in a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

signataire d’image ACRacr image signer

ActionsActions
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write Envoie ou tire des métadonnées d’approbation du contenu pour un registre de conteneurs.Push/Pull content trust metadata for a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

tirer (pull) acracr pull

ActionsActions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

envoyer (push) acracr push

ActionsActions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read Tire (pull) ou obtient des images à partir d’un registre de conteneurs.Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write Envoie (push) ou écrit des images dans un registre de conteneurs.Push or Write images to a container registry.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

lecteur de données de quarantaine ACRacr quarantine data reader

ActionsActions
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

écriture de données de quarantaine ACRacr quarantine data writer

ActionsActions
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read Tire (pull) ou obtient des images en quarantaine à partir du registre de conteneursPull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write Écrit ou modifie l’état des images en quarantaineWrite/Modify quarantine state of quarantined images
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle d’administrateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster Admin Role

Répertorie les actions relatives aux informations d’identification de l’administrateur du cluster.List cluster admin credential action.

ActionsActions
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action Obtient un profil d’accès au cluster géré en fonction du nom de rôle à l’aide des informations d’identification de la listeGet a managed cluster access profile by role name using list credential
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle d’utilisateur de cluster Azure Kubernetes ServiceAzure Kubernetes Service Cluster User Role

Répertorie les actions relatives aux informations d’identification de l’utilisateur du cluster.List cluster user credential action.

ActionsActions
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Répertorier les informations d’identification clusterAdmin d’un cluster géréList the clusterUser credential of a managed cluster
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Bases de donnéesDatabases

Rôle de lecteur de compte Cosmos DBCosmos DB Account Reader Role

Lire les données de comptes Azure Cosmos DB.Can read Azure Cosmos DB account data. Consultez Contributeur de compte DocumentDB pour en savoir plus sur la gestion des comptes Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read Lire n’importe quelle collectionRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action Lire les clés en lecture seule du compte de base de données.Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read Lire les définitions des mesuresRead metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read Lire des mesuresRead metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur Cosmos DBCosmos DB Operator

Permet de gérer des comptes Azure Cosmos DB, mais pas d’accéder aux données qu’ils contiennent.Lets you manage Azure Cosmos DB accounts, but not access data in them. Empêche d’accéder aux clés de compte et aux chaînes de connexion.Prevents access to account keys and connection strings.

ActionsActions
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Peut envoyer une requête de restauration d’une base de données Cosmos DB ou d’un conteneur pour un compteCan submit restore request for a Cosmos DB database or a container for an account

ActionsActions
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action Soumettre une demande pour configurer la sauvegardeSubmit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action Soumettre une demande de restaurationSubmit a restore request
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte DocumentDBDocumentDB Account Contributor

Gérer des comptes Azure Cosmos DB.Can manage Azure Cosmos DB accounts. Azure Cosmos DB était auparavant appelé DocumentDB.Azure Cosmos DB is formerly known as DocumentDB.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Créer et gérer des comptes Azure Cosmos DBCreate and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Cache RedisRedis Cache Contributor

Permet de gérer des caches Redis, mais pas d’y accéder.Lets you manage Redis caches, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Cache/redis/*Microsoft.Cache/redis/* Créer et gérer les caches RedisCreate and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de base de données SQLSQL DB Contributor

Permet de gérer des bases de données SQL, mais pas d’y accéder.Lets you manage SQL databases, but not access to them. Vous ne pouvez pas non plus gérer leurs stratégies de sécurité ni leurs serveurs SQL parents.Also, you can't manage their security-related policies or their parent SQL servers.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* Créer et gérer les bases de données SQLCreate and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Modifier les stratégies d'auditEdit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Modifier les paramètres d'auditEdit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Modifier les stratégies de connexionEdit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Modifier les stratégies de masquage des donnéesEdit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Modifier les stratégies d'alerte de sécuritéEdit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Modifier les mesures de sécuritéEdit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur d’Instance managée SQLSQL Managed Instance Contributor

Permet de gérer des instances SQL Managed Instance et la configuration réseau requise, mais pas d’accorder l’accès à d’autres personnes.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

ActionsActions
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gestionnaire de sécurité SQLSQL Security Manager

Permet de gérer les stratégies de sécurité des serveurs et bases de données SQL, mais pas d’y accéder.Lets you manage the security-related policies of SQL servers and databases, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Joint des ressources telles qu’un compte de stockage ou une base de données SQL à un sous-réseau.Joins resource such as storage account or SQL database to a subnet. Impossible à alerter.Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* Créer et gérer les stratégies d’audit de serveur SQLCreate and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Créer et gérer les paramètres d’audit de serveur SQLCreate and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read Récupère les détails de la stratégie étendue d’audit des objets blob de serveur configurée sur un serveur spécifiéRetrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Créer et gérer les stratégies d’audit de base de données de serveur SQLCreate and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Créer et gérer les paramètres d’audit de base de données de serveur SQLCreate and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Créer et gérer les stratégies de connexion de base de données de serveur SQLCreate and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Créer et gérer les stratégies de masquage de données de base de données de serveur SQLCreate and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read Récupère les détails de la stratégie étendue d’audit d’objets blob configurée dans une base de données spécifiqueRetrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read Retourner la liste des bases de données ou obtenir les propriétés pour la base de données spécifiée.Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read Obtenir un schéma de base de données.Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read Obtenir une colonne de base de données.Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read Obtenir un tableau de base de données.Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Créer et gérer les stratégies d’alerte de sécurité de base de données de serveur SQLCreate and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Créer et gérer les mesures de sécurité de base de données de serveur SQLCreate and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read Retourner la liste des serveurs ou obtenir les propriétés pour le serveur spécifié.Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Créer et gérer les stratégies d’alerte de sécurité de serveur SQLCreate and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur SQL ServerSQL Server Contributor

Permet de gérer des serveurs et bases de données SQL, mais pas d’y accéder, ni de gérer leurs stratégies de sécurité.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* Créer et gérer les serveurs SQLCreate and manage SQL servers
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read Lire les définitions des mesuresRead metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* Modifier les stratégies d'audit d'un serveur SQLEdit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Modifier les paramètres d'audit d'un serveur SQLEdit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* Modifier les stratégies d'audit d'une base de données de serveur SQLEdit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Modifier les paramètres d'audit d'une base de données de serveur SQLEdit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read Récupère les enregistrements d’audit d’objet blob de base de données.Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* Modifier les stratégies de connexion d'une base de données de serveur SQLEdit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Modifier les stratégies de masquage de données d'une base de données de serveur SQLEdit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Modifier les stratégies d'alerte de sécurité d'une base de données de serveur SQLEdit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Modifier les mesures de sécurité d'une base de données de serveur SQLEdit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Modifier les stratégies d'alerte de sécurité du serveur SQLEdit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnalyticsAnalytics

Propriétaire de données Azure Event HubsAzure Event Hubs Data Owner

Permet un accès complet aux ressources Azure Event Hubs.Allows for full access to Azure Event Hubs resources.

ActionsActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Récepteur de données Azure Event HubsAzure Event Hubs Data Receiver

Permet d’obtenir un accès en réception aux ressources Azure Event Hubs.Allows receive access to Azure Event Hubs resources.

ActionsActions
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Expéditeur de données Azure Event HubsAzure Event Hubs Data Sender

Permet d’obtenir un accès en envoi aux ressources Azure Event Hubs.Allows send access to Azure Event Hubs resources.

ActionsActions
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeurs de fabrique de donnéesData Factory Contributor

Créer et gérer des fabriques de données, ainsi que les ressources enfants qu’elles contiennent.Create and manage data factories, as well as child resources within them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* Créer et gérer des fabriques de données ainsi que leurs ressources enfantsCreate and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write Créer ou mettre à jour un abonnement à un événementCreate or update an eventSubscription
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Videur de donnéesData Purger

Peut vider les données d’analytiqueCan purge analytics data

ActionsActions
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action Vider des données d’Application InsightsPurging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action Supprime les données spécifiées de l’espace de travailDelete specified data from workspace
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur de cluster HDInsightHDInsight Cluster Operator

Permet de lire et de modifier des configurations de cluster HDInsight.Lets you read and modify HDInsight cluster configurations.

ActionsActions
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action Obtenir les paramètres de passerelle pour un HDInsight ClusterGet gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action Mettre à jour les paramètres de passerelle pour un HDInsight ClusterUpdate gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur HDInsight Domain ServicesHDInsight Domain Services Contributor

Peut lire, créer, modifier et supprimer les opérations Domain Services nécessaires pour le pack Sécurité Entreprise HDInsightCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package

ActionsActions
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Log AnalyticsLog Analytics Contributor

Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Log Analytics Contributor can read all monitoring data and edit monitoring settings. La modification des paramètres de supervision inclut l’ajout de l’extension de machine virtuelle aux machines virtuelles, la lecture des clés de comptes de stockage permettant de configurer la collection de journaux d’activité du stockage Azure, la création et la configuration de comptes Automation, l’ajout de solutions et la configuration de diagnostics Azure sur toutes les ressources Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Installe ou met à jour toutes les extensions Azure ArcInstalls or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Log AnalyticsLog Analytics Reader

Peut afficher et rechercher toutes les données de surveillance, ainsi qu’afficher les paramètres de surveillance, notamment la configuration des diagnostics Azure sur toutes les ressources Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Exécute une requête de recherche.Executes a search query
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read Récupère les clés partagées de l’espace de travail.Retrieves the shared keys for the workspace. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BlockchainBlockchain

Accès au nœud du membre blockchain (préversion)Blockchain Member Node Access (Preview)

Permet d’accéder aux nœuds du membre blockchainAllows for access to Blockchain Member nodes

ActionsActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read Crée ou répertorie un ou plusieurs nœuds de transaction existants du membre blockchain.Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action Connecte à un nœud de transaction d’un membre blockchain.Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IA + Machine LearningAI + machine learning

Contributeur Cognitive ServicesCognitive Services Contributor

Vous permet de créer, lire, mettre à jour, supprimer et gérer les clés de Cognitive Services.Lets you create, read, update, delete and manage keys of Cognitive Services.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read Afficher les fonctionnalités d’un abonnementGets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read Afficher les fonctionnalités d’un abonnement pour un fournisseur de ressources donnéGets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Lire les définitions de journalRead log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Lire les définitions des mesuresRead metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de données Cognitive Services (préversion)Cognitive Services Data Reader (Preview)

Permet de lire des données Cognitive Services.Lets you read Cognitive Services data.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Utilisateur Cognitive ServicesCognitive Services User

Vous permet de lire et de répertorier les clés de Cognitive Services.Lets you read and list keys of Cognitive Services.

ActionsActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action Afficher la liste des clésList Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read Lire une alerte de métrique classiqueRead a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read Lire un paramètre de diagnostic de ressourceRead a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read Lire les définitions de journalRead log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read Lire les définitions des mesuresRead metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read Lire des mesuresRead metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Réalité mixteMixed reality

Contributeur de compte Spatial AnchorsSpatial Anchors Account Contributor

Permet de gérer des ancres spatiales dans votre compte, mais pas de les supprimerLets you manage spatial anchors in your account, but not delete them

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action Créer des ancres spatialesCreate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Détecter des ancres spatiales prochesDiscover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Obtenir les propriétés d’ancres spatialesGet properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Localiser des ancres spatialesLocate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Envoyer des données de diagnostic pour aider à améliorer la qualité du service Azure Spatial AnchorsSubmit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write Mettre à jour les propriétés d’ancres spatialesUpdate spatial anchors properties
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, but not delete them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire de compte Spatial AnchorsSpatial Anchors Account Owner

Permet de gérer des ancres spatiales dans votre compte, y compris de les supprimerLets you manage spatial anchors in your account, including deleting them

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action Créer des ancres spatialesCreate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete Supprimer des ancres spatialesDelete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Détecter des ancres spatiales prochesDiscover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Obtenir les propriétés d’ancres spatialesGet properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Localiser des ancres spatialesLocate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Envoyer des données de diagnostic pour aider à améliorer la qualité du service Azure Spatial AnchorsSubmit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write Mettre à jour les propriétés d’ancres spatialesUpdate spatial anchors properties
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, including deleting them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
  "name": "70bbe301-9835-447d-afdd-19eb3167307c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de compte Spatial AnchorsSpatial Anchors Account Reader

Permet de localiser et de lire les propriétés d’ancres spatiales dans votre compteLets you locate and read properties of spatial anchors in your account

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read Détecter des ancres spatiales prochesDiscover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read Obtenir les propriétés d’ancres spatialesGet properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read Localiser des ancres spatialesLocate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Envoyer des données de diagnostic pour aider à améliorer la qualité du service Azure Spatial AnchorsSubmit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you locate and read properties of spatial anchors in your account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IntégrationIntegration

Contributeur du service de gestion des APIAPI Management Service Contributor

Peut gérer le service et les APICan manage service and the APIs

ActionsActions
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* Créer et gérer le service Gestion des APICreate and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle d’opérateur du service Gestion des APIAPI Management Service Operator Role

Peut gérer le service, mais pas les APICan manage service but not the APIs

ActionsActions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read Lire les instances du service Gestion des APIRead API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action Sauvegarder le service Gestion des API dans le conteneur spécifié dans un compte de stockage fourni par l’utilisateurBackup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete Supprimer l’instance du service Gestion des APIDelete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action Modifier une référence/unité, ajouter/supprimer des déploiements régionaux du service Gestion des APIChange SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read Lire les métadonnées d’une instance du service Gestion des APIRead metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action Restaurer le service Gestion des API à partir du conteneur spécifié dans un compte de stockage fourni par l’utilisateurRestore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action Télécharger le certificat TLS/SSL pour un service Gestion des APIUpload TLS/SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action Configurer, mettre à jour ou supprimer des noms de domaine personnalisés pour un service Gestion des APISetup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write Créer ou mettre à jour une instance du service Gestion des APICreate or Update API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read Obtenir les clés associées à un utilisateurGet keys associated with user
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle de lecteur du service Gestion des APIAPI Management Service Reader Role

Accès en lecture seule au service et aux APIRead-only access to service and APIs

ActionsActions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read Lire les instances du service Gestion des APIRead API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read Lire les métadonnées d’une instance du service Gestion des APIRead metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read Obtenir les clés associées à un utilisateurGet keys associated with user
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire des données App ConfigurationApp Configuration Data Owner

Permet l’accès total aux données App Configuration.Allows full access to App Configuration data.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write
Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur des données App ConfigurationApp Configuration Data Reader

Permet de lire les données App Configuration.Allows read access to App Configuration data.

ActionsActions
Aucunenone
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire de données Azure Service BusAzure Service Bus Data Owner

Permet un accès total aux ressources Azure Service Bus.Allows for full access to Azure Service Bus resources.

ActionsActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Récepteur de données Azure Service BusAzure Service Bus Data Receiver

Permet d’obtenir un accès en réception aux ressources Azure Service Bus.Allows for receive access to Azure Service Bus resources.

ActionsActions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Expéditeur de données Azure Service BusAzure Service Bus Data Sender

Permet d’obtenir un accès en envoi aux ressources Azure Service Bus.Allows for send access to Azure Service Bus resources.

ActionsActions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Propriétaire de l’inscription Azure StackAzure Stack Registration Owner

Permet de gérer les inscriptions Azure Stack.Lets you manage Azure Stack registrations.

ActionsActions
Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read Obtient les propriétés d’un produit de la place de marché Azure Stack.Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read Obtient les propriétés d’une inscription Azure Stack.Gets the properties of an Azure Stack registration
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Stack registrations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureStack/registrations/products/*/action",
        "Microsoft.AzureStack/registrations/products/read",
        "Microsoft.AzureStack/registrations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Stack Registration Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur EventGrid EventSubscriptionEventGrid EventSubscription Contributor

Vous permet de gérer les opérations d’abonnement aux événements EventGrid.Lets you manage EventGrid event subscription operations.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/*
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read Lister les abonnements à des événements globaux par type de rubriqueList global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read Lister les abonnements à des événements régionauxList regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read Lister des abonnements à des événements régionaux par type de rubriqueList regional event subscriptions by topictype
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur EventGrid EventSubscriptionEventGrid EventSubscription Reader

Vous permet de lire les abonnements aux événements EventGrid.Lets you read EventGrid event subscriptions.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read Lit un abonnement à un événementRead an eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read Lister les abonnements à des événements globaux par type de rubriqueList global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read Lister les abonnements à des événements régionauxList regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read Lister des abonnements à des événements régionaux par type de rubriqueList regional event subscriptions by topictype
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte Intelligent SystemsIntelligent Systems Account Contributor

Permet de gérer des comptes Intelligent Systems, mais pas d’y accéder.Lets you manage Intelligent Systems accounts, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* Créer et gérer les comptes Intelligent SystemsCreate and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Intelligent Systems accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
  "name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.IntelligentSystems/accounts/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Intelligent Systems Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur d’application logiqueLogic App Contributor

Permet de gérer des applications logiques, mais pas d’en modifier l’accès.Lets you manage logic apps, but not change access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Répertorie les clés d’accès des comptes de stockage.Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read Retourne le compte de stockage avec le compte spécifique.Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* Cette autorisation est nécessaire pour les utilisateurs qui doivent accéder aux journaux d’activité via le portail.This permission is necessary for users who need access to Activity Logs via the portal. Répertorier les catégories de journaux dans le journal d’activité.List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* Lire des définitions de mesure (liste de types de mesure disponibles pour une ressource).Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/*Microsoft.Logic/* Gère les ressources Logic Apps.Manages Logic Apps resources.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* Crée et gère une passerelle de connexion.Create and manages a Connection Gateway.
Microsoft.Web/connections/*Microsoft.Web/connections/* Crée et gère une connexion.Create and manages a Connection.
Microsoft.Web/customApis/*Microsoft.Web/customApis/* Crée et gère une API personnalisée.Creates and manages a Custom API.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Récupère les propriétés d’un plan App Service.Get the properties on an App Service Plan
Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action Liste les secrets de fonction.List Function secrets.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage logic app, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logdefinitions/*",
        "Microsoft.Insights/metricDefinitions/*",
        "Microsoft.Logic/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/functions/listSecrets/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur d’application logiqueLogic App Operator

Permet de lire, d’activer et de désactiver des applications logiques, mais pas de les modifier ou de les mettre à jour.Lets you read, enable, and disable logic apps, but not edit or update them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read Lit les règles d’alerte d’Insights.Read Insights alert rules
Microsoft.Insights/metricAlerts/*/readMicrosoft.Insights/metricAlerts/*/read
Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read Obtient les paramètres de diagnostic de Logic Apps.Gets diagnostic settings for Logic Apps
Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read Obtient les mesures disponibles pour Logic Apps.Gets the available metrics for Logic Apps.
Microsoft.Logic/*/readMicrosoft.Logic/*/read Lit les ressources Logic Apps.Reads Logic Apps resources.
Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action Désactive le workflow.Disables the workflow.
Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action Active le workflow.Enables the workflow.
Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action Valide le workflow.Validates the workflow.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read Obtenir les résultats de l’opération de l’abonnement.Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read Lit les passerelles de connexion.Read Connection Gateways.
Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read Lit les connexions.Read Connections.
Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read Lit l’API personnalisée.Read Custom API.
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read Récupère les propriétés d’un plan App Service.Get the properties on an App Service Plan
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read, enable and disable logic app.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metricAlerts/*/read",
        "Microsoft.Insights/diagnosticSettings/*/read",
        "Microsoft.Insights/metricDefinitions/*/read",
        "Microsoft.Logic/*/read",
        "Microsoft.Logic/workflows/disable/action",
        "Microsoft.Logic/workflows/enable/action",
        "Microsoft.Logic/workflows/validate/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*/read",
        "Microsoft.Web/connections/*/read",
        "Microsoft.Web/customApis/*/read",
        "Microsoft.Web/serverFarms/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IdentitéIdentity

Contributeur d’identités géréesManaged Identity Contributor

Peut créer, lire, mettre à jour et supprimer une identité attribuée à l’utilisateur.Create, Read, Update, and Delete User Assigned Identity

ActionsActions
Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read Obtient l’identité assignée d’un utilisateur existantGets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write Crée une identité assignée d’utilisateur ou met à jour les balises associées à l’identité assignée d’un utilisateur existantCreates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete Supprime l’identité assignée d’un utilisateur existantDeletes an existing user assigned identity
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/write",
        "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur d’identités géréesManaged Identity Operator

Peut lire et assigner une identité attribuée à l’utilisateur.Read and Assign User Assigned Identity

ActionsActions
Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read
Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and Assign User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
  "name": "f1a07417-d97a-45cb-824c-7a7467783830",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SécuritéSecurity

Contributeur Azure SentinelAzure Sentinel Contributor

Contributeur Azure SentinelAzure Sentinel Contributor

ActionsActions
Microsoft.SecurityInsights/*Microsoft.SecurityInsights/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/*
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read Obtenir la solution OMS existante.Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read Exécuter des requêtes sur les données dans l’espace de travailRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read Obtenir des sources de données sous un espace de travail.Get datasources under a workspace.
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Contributor",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
  "name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Azure SentinelAzure Sentinel Reader

Lecteur Azure SentinelAzure Sentinel Reader

ActionsActions
Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action Vérifier l’autorisation et la licence de l’utilisateurCheck user authorization and license
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.OperationalInsights/workspaces/LinkedServices/readMicrosoft.OperationalInsights/workspaces/LinkedServices/read Obtient les services liés sous un espace de travail spécifié.Get linked services under given workspace.
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read Obtient une requête de recherche enregistrée.Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read Obtenir la solution OMS existante.Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read Exécuter des requêtes sur les données dans l’espace de travailRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read Obtenir des sources de données sous un espace de travail.Get datasources under a workspace.
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read Lire un classeurRead a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/LinkedServices/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Répondeur Azure SentinelAzure Sentinel Responder

Répondeur Azure SentinelAzure Sentinel Responder

ActionsActions
Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action Vérifier l’autorisation et la licence de l’utilisateurCheck user authorization and license
Microsoft.SecurityInsights/cases/*Microsoft.SecurityInsights/cases/*
Microsoft.SecurityInsights/incidents/*Microsoft.SecurityInsights/incidents/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action Effectue les recherches à l’aide d’un nouveau moteur.Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read Obtenir des sources de données sous un espace de travail.Get datasources under a workspace.
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read Obtient une requête de recherche enregistrée.Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read Obtenir la solution OMS existante.Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read Exécuter des requêtes sur les données dans l’espace de travailRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read Obtenir des sources de données sous un espace de travail.Get datasources under a workspace.
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read Lire un classeurRead a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Responder",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.SecurityInsights/cases/*",
        "Microsoft.SecurityInsights/incidents/*",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Responder",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Key VaultKey Vault Contributor

Permet de gérer des coffres de clés, mais pas d’y accéder.Lets you manage key vaults, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.KeyVault/*Microsoft.KeyVault/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action Vider un coffre Key Vault supprimé de manière réversiblePurge a soft deleted key vault
Microsoft.KeyVault/hsmPools/*Microsoft.KeyVault/hsmPools/*
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage key vaults, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
  "name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.KeyVault/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.KeyVault/locations/deletedVaults/purge/action",
        "Microsoft.KeyVault/hsmPools/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur de la sécuritéSecurity Admin

Autorisations d’affichage et de mise à jour pour Security Center.View and update permissions for Security Center. Dispose des mêmes autorisations que le rôle Lecteur de sécurité et peut également modifier la stratégie de sécurité et ignorer les alertes et les recommandations.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* Créer et gérer des attributions de stratégiesCreate and manage policy assignments
Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* Créer et gérer des définitions de stratégiesCreate and manage policy definitions
Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* Créer et gérer des ensembles de stratégiesCreate and manage policy sets
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* Créer et gérer des stratégies et des composants de sécuritéCreate and manage security components and policies
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Admin Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Authorization/policyAssignments/*",
        "Microsoft.Authorization/policyDefinitions/*",
        "Microsoft.Authorization/policySetDefinitions/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur d'évaluation de la sécuritéSecurity Assessment Contributor

Vous permet d’envoyer (push) les évaluations à Security CenterLets you push assessments to Security Center

ActionsActions
Microsoft.Security/assessments/writeMicrosoft.Security/assessments/write Créer ou mettre à jour des évaluations de la sécurité de votre abonnementCreate or update security assessments on your subscription
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you push assessments to Security Center",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Security/assessments/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Assessment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gestionnaire de sécurité (hérité)Security Manager (Legacy)

Il s’agit d’un rôle hérité.This is a legacy role. Utilisez plutôt l’administrateur de sécurité.Please use Security Admin instead.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read Lire les informations de configuration relatives aux machines virtuelles classiquesRead configuration information classic virtual machines
Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write Écrire la configuration des machines virtuelles classiquesWrite configuration for classic virtual machines
Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read Lire les informations de configuration relatives au réseau classiqueRead configuration information about classic network
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* Créer et gérer des stratégies et des composants de sécuritéCreate and manage security components and policies
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "This is a legacy role. Please use Security Administrator instead",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/*/read",
        "Microsoft.ClassicCompute/virtualMachines/*/write",
        "Microsoft.ClassicNetwork/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Manager (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de sécuritéSecurity Reader

Autorisations d’affichage pour Security Center.View permissions for Security Center. Peut afficher les recommandations, les alertes, une stratégie de sécurité et les états de sécurité, mais ne peut pas apporter de modifications.Can view recommendations, alerts, a security policy, and security states, but cannot make changes.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read Afficher les données Log AnalyticsView log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Security/*/readMicrosoft.Security/*/read Lire des stratégies et des composants de sécuritéRead security components and policies
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*/read",
        "Microsoft.Support/*",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DevOpsDevOps

Utilisateur de DevTest LabsDevTest Labs User

Permet de connecter, de démarrer, de redémarrer et d’arrêter vos machines virtuelles dans votre Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read Obtenir les propriétés d’un groupe à haute disponibilitéGet the properties of an availability set
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read Lire les propriétés d’une machine virtuelle (tailles de machine virtuelle, état de l’exécution, extensions de machine virtuelle, etc.)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.)
Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action Mettre hors tension la machine virtuelle et libérer les ressources de calculPowers off the virtual machine and releases the compute resources
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read Obtenir les propriétés d’une machine virtuelleGet the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action Redémarrer la machine virtuelleRestarts the virtual machine
Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action Démarrer la machine virtuelleStarts the virtual machine
Microsoft.DevTestLab/*/readMicrosoft.DevTestLab/*/read Lire les propriétés d’un laboratoireRead the properties of a lab
Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action Revendiquer une machine virtuelle exigible aléatoire dans le laboratoire.Claim a random claimable virtual machine in the lab.
Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action Créer des machines virtuelles dans un laboratoire.Create virtual machines in a lab.
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action Vérifiez que l’utilisateur actuel dispose d’un profil valide dans le labo.Ensure the current user has a valid profile in the lab.
Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete Supprimer des formules.Delete formulas.
Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read Lire des formules.Read formulas.
Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write Ajouter ou modifier des formules.Add or modify formulas.
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action Évaluer la stratégie de laboratoire.Evaluates lab policy.
Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action Prendre possession d’une machine virtuelle existante.Take ownership of an existing virtual machine
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action Répertorie les planifications de démarrage/arrêt applicables, le cas échéant.Lists the applicable start/stop schedules, if any.
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action Obtenir une chaîne qui représente le contenu du fichier RDP pour la machine virtuelleGets a string that represents the contents of the RDP file for the virtual machine
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action Joint un pool d’adresses principales d’équilibrage de charge.Joins a load balancer backend address pool. Impossible à alerter.Not Alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action Joint une règle nat de trafic entrant d’équilibrage de charge.Joins a load balancer inbound nat rule. Impossible à alerter.Not Alertable.
Microsoft.Network/networkInterfaces/*/readMicrosoft.Network/networkInterfaces/*/read Lire les propriétés d’une interface réseau (par exemple, tous les équilibreurs de charge dont l’interface réseau fait partie)Read the properties of a network interface (for example, all the load balancers that the network interface is a part of)
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action Joint une machine virtuelle à une interface réseau.Joins a Virtual Machine to a network interface. Impossible à alerter.Not Alertable.
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read Obtient une définition d’interface réseau.Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write Crée une interface réseau ou met à jour une interface réseau existante.Creates a network interface or updates an existing network interface.
Microsoft.Network/publicIPAddresses/*/readMicrosoft.Network/publicIPAddresses/*/read Lire les propriétés d’une adresse IP publiqueRead the properties of a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action Joint une adresse IP publique.Joins a public ip address. Impossible à alerter.Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read Obtient une définition de l’adresse IP publique.Gets a public ip address definition.
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action Joint un réseau virtuel.Joins a virtual network. Impossible à alerter.Not Alertable.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read Obtient ou répertorie les opérations de déploiement.Gets or lists deployment operations.
Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read Obtient ou répertorie les déploiements.Gets or lists deployments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action Retourne les clés d’accès au compte de stockage spécifié.Returns the access keys for the specified storage account.
NotActionsNotActions
Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read Répertorier les tailles disponibles pour la mise à jour de la machine virtuelleLists available sizes the virtual machine can be updated to
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
  "name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.Compute/virtualMachines/deallocate/action",
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Compute/virtualMachines/restart/action",
        "Microsoft.Compute/virtualMachines/start/action",
        "Microsoft.DevTestLab/*/read",
        "Microsoft.DevTestLab/labs/claimAnyVm/action",
        "Microsoft.DevTestLab/labs/createEnvironment/action",
        "Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
        "Microsoft.DevTestLab/labs/formulas/delete",
        "Microsoft.DevTestLab/labs/formulas/read",
        "Microsoft.DevTestLab/labs/formulas/write",
        "Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
        "Microsoft.DevTestLab/labs/virtualMachines/claim/action",
        "Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
        "Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/networkInterfaces/*/read",
        "Microsoft.Network/networkInterfaces/join/action",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/publicIPAddresses/*/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listKeys/action"
      ],
      "notActions": [
        "Microsoft.Compute/virtualMachines/vmSizes/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DevTest Labs User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Créateur LabLab Creator

Permet de créer, de gérer et de supprimer des labs gérés dans vos comptes Azure Lab.Lets you create, manage, delete your managed labs under your Azure Lab Accounts.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.LabServices/labAccounts/*/readMicrosoft.LabServices/labAccounts/*/read
Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action Crée un lab dans un compte lab.Create a lab in a lab account.
Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action
Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action Obtenir des informations de disponibilité régionale pour chaque catégorie de taille configurée sous un compte LabGet regional availability information for each size category configured under a lab account
Microsoft.LabServices/labAccounts/getPricingAndAvailability/actionMicrosoft.LabServices/labAccounts/getPricingAndAvailability/action Permet d'obtenir le prix et la disponibilité de combinaisons de tailles, de zones géographiques et de systèmes d'exploitation pour le compte Lab.Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account.
Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/actionMicrosoft.LabServices/labAccounts/getRestrictionsAndUsage/action Permet d'obtenir les informations principales sur les restrictions et l'utilisation de cet abonnementGet core restrictions and usage for this subscription
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, manage, delete your managed labs under your Azure Lab Accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.LabServices/labAccounts/*/read",
        "Microsoft.LabServices/labAccounts/createLab/action",
        "Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/action",
        "Microsoft.LabServices/labAccounts/getRegionalAvailability/action",
        "Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
        "Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Creator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SuperviserMonitor

Contributeur de composants Application InsightsApplication Insights Component Contributor

Gérer les composants Application InsightsCan manage Application Insights components

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer des règles d’alerte classiquesCreate and manage classic alert rules
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* Créer et gérer de nouvelles règles d’alerteCreate and manage new alert rules
Microsoft.Insights/components/*Microsoft.Insights/components/* Créer et gérer les composants InsightsCreate and manage Insights components
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* Créer et gérer les tests web InsightsCreate and manage Insights web tests
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage Application Insights components",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
  "name": "ae349356-3a1b-4a5e-921d-050484c6347e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Component Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Débogueur de capture instantanée d’Application InsightsApplication Insights Snapshot Debugger

Autorise l’utilisateur à consulter et à télécharger les instantanés de débogage collectés à l’aide du débogueur de capture instantanée Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Ces autorisations ne sont pas incluses dans les rôles Propriétaire et Contributeur.Note that these permissions are not included in the Owner or Contributor roles. Lorsque vous donnez aux utilisateurs le rôle Débogueur de capture instantanée Application Insights, vous devez leur accorder directement le rôle.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. Le rôle n’est pas reconnu lorsqu’il est ajouté à un rôle personnalisé.The role is not recognized when it is added to a custom role.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives user permission to use Application Insights Snapshot Debugger features",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Snapshot Debugger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur d’analyseMonitoring Contributor

Peut lire toutes les données de surveillance et modifier les paramètres de surveillance.Can read all monitoring data and edit monitoring settings. Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/*
Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/*
Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Créer et gérer les composants InsightsCreate and manage Insights components
Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* Crée, met à jour ou lit le paramètre de diagnostic pour Analysis Server.Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* Événements du journal d’activité, (événements de gestion) dans un abonnement.List Activity Log events (management events) in a subscription. Cette autorisation est applicable pour l’accès par programme et portail dans le journal d’activité.This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* Cette autorisation est nécessaire pour les utilisateurs qui doivent accéder aux journaux d’activité via le portail.This permission is necessary for users who need access to Activity Logs via the portal. Répertorier les catégories de journaux dans le journal d’activité.List log categories in Activity Log.
Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* Lire des définitions de mesure (liste de types de mesure disponibles pour une ressource).Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* Lire des mesures pour une ressource.Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action Inscrire le fournisseur Microsoft InsightsRegister the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* Créer et gérer les tests web InsightsCreate and manage Insights web tests
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.Insights/privateLinkScopes/*Microsoft.Insights/privateLinkScopes/*
Microsoft.Insights/privateLinkScopeOperationStatuses/*Microsoft.Insights/privateLinkScopeOperationStatuses/*
Microsoft.OperationalInsights/workspaces/writeMicrosoft.OperationalInsights/workspaces/write Crée un espace de travail ou lie un espace de travail existant en fournissant l’ID de client à partir de l’espace de travail existant.Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* Lire/écrire/supprimer des packs de solution Log Analytics.Read/write/delete log analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* Lire/écrire/supprimer des recherches enregistrées Log Analytics.Read/write/delete log analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Exécute une requête de recherche.Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action Récupère les clés partagées de l’espace de travail.Retrieves the shared keys for the workspace. Ces clés sont utilisées pour connecter les agents Microsoft Operational Insights à l’espace de travail.These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* Lire/écrire/supprimer les configurations des insights de stockage Log Analytics.Read/write/delete log analytics storage insight configurations.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/*
Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/*
Microsoft.AlertsManagement/smartDetectorAlertRules/*Microsoft.AlertsManagement/smartDetectorAlertRules/*
Microsoft.AlertsManagement/actionRules/*Microsoft.AlertsManagement/actionRules/*
Microsoft.AlertsManagement/smartGroups/*Microsoft.AlertsManagement/smartGroups/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data and update monitoring settings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.AlertsManagement/alerts/*",
        "Microsoft.AlertsManagement/alertsSummary/*",
        "Microsoft.Insights/actiongroups/*",
        "Microsoft.Insights/activityLogAlerts/*",
        "Microsoft.Insights/AlertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/DiagnosticSettings/*",
        "Microsoft.Insights/eventtypes/*",
        "Microsoft.Insights/LogDefinitions/*",
        "Microsoft.Insights/metricalerts/*",
        "Microsoft.Insights/MetricDefinitions/*",
        "Microsoft.Insights/Metrics/*",
        "Microsoft.Insights/Register/Action",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Insights/privateLinkScopes/*",
        "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
        "Microsoft.OperationalInsights/workspaces/write",
        "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
        "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
        "Microsoft.Support/*",
        "Microsoft.WorkloadMonitor/monitors/*",
        "Microsoft.WorkloadMonitor/notificationSettings/*",
        "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
        "Microsoft.AlertsManagement/actionRules/*",
        "Microsoft.AlertsManagement/smartGroups/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Publication des métriques de surveillanceMonitoring Metrics Publisher

Permet de publier les métriques relatives aux ressources AzureEnables publishing metrics against Azure resources

ActionsActions
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action Inscrire le fournisseur Microsoft InsightsRegister the Microsoft Insights provider
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write Écrit des métriquesWrite metrics
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Enables publishing metrics against Azure resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
  "name": "3913510d-42f4-4e42-8a64-420c390055eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/Register/Action",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Insights/Metrics/Write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Metrics Publisher",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur d’analyseMonitoring Reader

Peut lire toutes les données de supervision (métriques, journaux d’activité, etc.)Can read all monitoring data (metrics, logs, etc.). Consultez aussi Bien démarrer avec les rôles, les autorisations et la sécurité dans Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action Exécute une requête de recherche.Executes a search query
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de classeurWorkbook Contributor

Peut enregistrer les classeurs partagés.Can save shared workbooks.

ActionsActions
Microsoft.Insights/workbooks/writeMicrosoft.Insights/workbooks/write Créer ou mettre à jour un classeurCreate or update a workbook
Microsoft.Insights/workbooks/deleteMicrosoft.Insights/workbooks/delete Supprimer un classeurDelete a workbook
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read Lire un classeurRead a workbook
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can save shared workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/workbooks/write",
        "Microsoft.Insights/workbooks/delete",
        "Microsoft.Insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de classeurWorkbook Reader

Peut lire les classeurs.Can read workbooks.

ActionsActions
microsoft.insights/workbooks/readmicrosoft.insights/workbooks/read Lire un classeurRead a workbook
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "permissions": [
    {
      "actions": [
        "microsoft.insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gestion + gouvernanceManagement + governance

Opérateur de travaux AutomationAutomation Job Operator

Permet de créer et de gérer des travaux avec des runbooks Automation.Create and Manage Jobs using Automation Runbooks.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read Lit des ressources Runbook Worker hybridesReads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read Obtient un travail Azure AutomationGets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action Reprend un travail Azure AutomationResumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action Arrête un travail Azure AutomationStops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read Obtient un flux de travail Azure AutomationGets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action Suspend un travail Azure AutomationSuspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write Crée un travail Azure AutomationCreates an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read Obtient le résultat d’un travailGets the output of a job
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and Manage Jobs using Automation Runbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Job Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur AutomationAutomation Operator

Les opérateurs d’Automation sont en mesure de démarrer, d’arrêter, de suspendre et de reprendre des travauxAutomation Operators are able to start, stop, suspend, and resume jobs

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read Lit des ressources Runbook Worker hybridesReads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read Obtient un travail Azure AutomationGets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action Reprend un travail Azure AutomationResumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action Arrête un travail Azure AutomationStops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read Obtient un flux de travail Azure AutomationGets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action Suspend un travail Azure AutomationSuspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write Crée un travail Azure AutomationCreates an Azure Automation job
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read Obtient une planification du travail Azure AutomationGets an Azure Automation job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write Crée une planification du travail Azure AutomationCreates an Azure Automation job schedule
Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read Obtient l’espace de travail lié au compte Automation.Gets the workspace linked to the automation account
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read Obtient un compte Azure AutomationGets an Azure Automation account
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read Obtient un runbook Azure AutomationGets an Azure Automation runbook
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read Obtient une ressource de planification Azure AutomationGets an Azure Automation schedule asset
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write Crée ou met à jour une ressource de planification Azure AutomationCreates or updates an Azure Automation schedule asset
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read Obtient le résultat d’un travailGets the output of a job
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Automation Operators are able to start, stop, suspend, and resume jobs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
  "name": "d3881f73-407a-4167-8283-e981cbba0404",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobSchedules/read",
        "Microsoft.Automation/automationAccounts/jobSchedules/write",
        "Microsoft.Automation/automationAccounts/linkedWorkspace/read",
        "Microsoft.Automation/automationAccounts/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Automation/automationAccounts/schedules/read",
        "Microsoft.Automation/automationAccounts/schedules/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur de runbook AutomationAutomation Runbook Operator

Propriétés de lecture du runbook : pour pouvoir créer des travaux depuis le runbook.Read Runbook properties - to be able to create Jobs of the runbook.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read Obtient un runbook Azure AutomationGets an Azure Automation runbook
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read Runbook properties - to be able to create Jobs of the runbook.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Runbook Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Intégration de machine connectée à AzureAzure Connected Machine Onboarding

Peut intégrer des machines connectées à Azure.Can onboard Azure Connected Machines.

ActionsActions
Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read Lit les données des machines Azure ArcRead any Azure Arc machines
Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write Écrit toutes les machines Azure ArcWrites an Azure Arc machines
Microsoft.GuestConfiguration/guestConfigurationAssignments/readMicrosoft.GuestConfiguration/guestConfigurationAssignments/read Obtient l’attribution de la configuration des invités.Get guest configuration assignment.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Onboarding",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur des ressources de la machine connectée à AzureAzure Connected Machine Resource Administrator

Peut lire, écrire, supprimer et réintégrer des machines connectées à Azure.Can read, write, delete and re-onboard Azure Connected Machines.

ActionsActions
Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read Lit les données des machines Azure ArcRead any Azure Arc machines
Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write Écrit toutes les machines Azure ArcWrites an Azure Arc machines
Microsoft.HybridCompute/machines/deleteMicrosoft.HybridCompute/machines/delete Supprime toutes les machines Azure ArcDeletes an Azure Arc machines
Microsoft.HybridCompute/machines/reconnect/actionMicrosoft.HybridCompute/machines/reconnect/action Reconnecte toutes les machines Azure ArcReconnects an Azure Arc machines
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Installe ou met à jour toutes les extensions Azure ArcInstalls or Updates an Azure Arc extensions
Microsoft.HybridCompute/*/readMicrosoft.HybridCompute/*/read
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read, write, delete and re-onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
  "name": "cd570a14-e51a-42ad-bac8-bafd67325302",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.HybridCompute/machines/delete",
        "Microsoft.HybridCompute/machines/reconnect/action",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.HybridCompute/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Resource Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur de facturationBilling Reader

Autorise l’accès en lecture aux données de facturationAllows read access to billing data

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Billing/*/readMicrosoft.Billing/*/read Lire les informations de facturationRead Billing information
Microsoft.Commerce/*/readMicrosoft.Commerce/*/read
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to billing data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Billing/*/read",
        "Microsoft.Commerce/*/read",
        "Microsoft.Consumption/*/read",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Billing Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur blueprintBlueprint Contributor

Peut gérer les définitions blueprint, mais ne peut pas les affecter.Can manage blueprint definitions, but not assign them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Blueprint/blueprints/*Microsoft.Blueprint/blueprints/* Créer et gérer des définitions de blueprint ou des artefacts de blueprint.Create and manage blueprint definitions or blueprint artifacts.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage blueprint definitions, but not assign them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
  "name": "41077137-e803-4205-871c-5a86e6a753b4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprints/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur blueprintBlueprint Operator

Peut affecter des blueprints publiés existants, mais ne peut pas en créer de nouveaux.Can assign existing published blueprints, but cannot create new blueprints. Notez que cela fonctionne uniquement si l’affectation est effectuée avec une identité managée affectée par l’utilisateur.Note that this only works if the assignment is done with a user-assigned managed identity.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Blueprint/blueprintAssignments/*Microsoft.Blueprint/blueprintAssignments/* Créer et gérer des affectations de blueprintCreate and manage blueprint assignments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprintAssignments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Cost ManagementCost Management Contributor

Peut afficher les coûts et gérer la configuration des coûts (par exemple, budgets, exportations)Can view costs and manage cost configuration (e.g. budgets, exports)

ActionsActions
Microsoft.Consumption/*Microsoft.Consumption/*
Microsoft.CostManagement/*Microsoft.CostManagement/*
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read Obtenir des configurationsGet configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read Lit les recommandationsReads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
  "name": "434105ed-43f6-45c7-a02f-909b2ba83430",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*",
        "Microsoft.CostManagement/*",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Cost ManagementCost Management Reader

Peut afficher les données et la configuration des coûts (par exemple, budgets, exportations)Can view cost data and configuration (e.g. budgets, exports)

ActionsActions
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read Obtient la liste des abonnements.Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read Obtenir des configurationsGet configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read Lit les recommandationsReads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view cost data and configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
  "name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrateur de paramètres de hiérarchieHierarchy Settings Administrator

Permet aux utilisateurs de modifier et de supprimer des paramètres de hiérarchieAllows users to edit and delete Hierarchy Settings

ActionsActions
Microsoft.Management/managementGroups/settings/writeMicrosoft.Management/managementGroups/settings/write Crée ou met à jour les paramètres de hiérarchie de groupe d’administration.Creates or updates management group hierarchy settings.
Microsoft.Management/managementGroups/settings/deleteMicrosoft.Management/managementGroups/settings/delete Supprime les paramètres de hiérarchie de groupe d’administration.Deletes management group hierarchy settings.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows users to edit and delete Hierarchy Settings",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
  "name": "350f8d15-c687-4448-8ae1-157740a3936d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/settings/write",
        "Microsoft.Management/managementGroups/settings/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Hierarchy Settings Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle Contributeur d'application managéeManaged Application Contributor Role

Permet de créer des ressources d’application managées.Allows for creating managed application resources.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Solutions/applications/*Microsoft.Solutions/applications/*
Microsoft.Solutions/register/actionMicrosoft.Solutions/register/action Inscrit à Solutions.Register to Solutions.
Microsoft.Resources/subscriptions/resourceGroups/*Microsoft.Resources/subscriptions/resourceGroups/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for creating managed application resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
  "name": "641177b8-a67a-45b9-a033-47bc880bb21e",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/*",
        "Microsoft.Solutions/register/action",
        "Microsoft.Resources/subscriptions/resourceGroups/*",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Rôle opérateur d’application managéeManaged Application Operator Role

Permet de lire les ressources d’application managée et d’effectuer des actions sur ces ressources.Lets you read and perform actions on Managed Application resources

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read Récupère une liste d’applications.Retrieves a list of applications.
Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and perform actions on Managed Application resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/read",
        "Microsoft.Solutions/*/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur Applications managéesManaged Applications Reader

Vous permet de lire les ressources dans une application managée et de demander un accès JIT.Lets you read resources in a managed app and request JIT access.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read resources in a managed app and request JIT access.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Solutions/jitRequests/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Applications Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Suppression du rôle d’attribution d’inscription de services managéManaged Services Registration assignment Delete Role

La suppression du rôle d’attribution d’inscription de services managés permet aux utilisateurs du client gérant de supprimer l’attribution d’inscription assignée à leur locataire.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.

ActionsActions
Microsoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/read Récupère la liste des affectations d'inscription des services managés.Retrieves a list of Managed Services registration assignments.
Microsoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationAssignments/delete Supprime l'affectation d'inscription des services managés.Removes Managed Services registration assignment.
Microsoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/operationStatuses/read Lit l’état de l’opération pour la ressource.Reads the operation status for the resource.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
  "name": "91c1777a-f3dc-4fae-b103-61d183457e46",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedServices/registrationAssignments/read",
        "Microsoft.ManagedServices/registrationAssignments/delete",
        "Microsoft.ManagedServices/operationStatuses/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Services Registration assignment Delete Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Collaborateur du groupe d’administrationManagement Group Contributor

Rôle de collaborateur du groupe d’administrationManagement Group Contributor Role

ActionsActions
Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete Supprime un groupe d’administration.Delete management group.
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete Dissocie un abonnement du groupe d’administration.De-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write Associe un abonnement existant au groupe d’administration.Associates existing subscription with the management group.
Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write Crée ou met à jour un groupe d’administration.Create or update a management group.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Contributor Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/delete",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Management/managementGroups/subscriptions/delete",
        "Microsoft.Management/managementGroups/subscriptions/write",
        "Microsoft.Management/managementGroups/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lecteur du groupe d’administrationManagement Group Reader

Rôle de lecteur du groupe d’administrationManagement Group Reader Role

ActionsActions
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read Répertorie les groupes d’administration de l’utilisateur authentifié.List management groups for the authenticated user.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
  "name": "ac63b705-f282-497d-ac71-919bf39d939d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de compte NewRelic APMNew Relic APM Account Contributor

Vous permet de gérer des comptes et applications New Relic Application Performance Management, mais pas d’y accéder.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NewRelic.APM/accounts/*NewRelic.APM/accounts/*
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
  "name": "5d28c62d-5b37-4476-8438-e587778df237",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "NewRelic.APM/accounts/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "New Relic APM Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Policy Insights Data Writer (préversion)Policy Insights Data Writer (Preview)

Permet de lire les stratégies de ressources et d’écrire les événements de stratégie de composant de ressource.Allows read access to resource policies and write access to resource component policy events.

ActionsActions
Microsoft.Authorization/policyassignments/readMicrosoft.Authorization/policyassignments/read Obtenez des informations sur une affectation de stratégie.Get information about a policy assignment.
Microsoft.Authorization/policydefinitions/readMicrosoft.Authorization/policydefinitions/read Obtenez des informations sur une définition de stratégie.Get information about a policy definition.
Microsoft.Authorization/policysetdefinitions/readMicrosoft.Authorization/policysetdefinitions/read Obtient des informations sur une définition d’ensemble de stratégiesGet information about a policy set definition.
NotActionsNotActions
Aucunenone
DataActionsDataActions
Microsoft.PolicyInsights/checkDataPolicyCompliance/actionMicrosoft.PolicyInsights/checkDataPolicyCompliance/action Vérifie l’état de conformité d’un composant donné par rapport aux stratégies de données.Check the compliance status of a given component against data policies.
Microsoft.PolicyInsights/policyEvents/logDataEvents/actionMicrosoft.PolicyInsights/policyEvents/logDataEvents/action Journalise les événements de stratégie de composant de ressource.Log the resource component policy events.
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to resource policies and write access to resource component policy events.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/policyassignments/read",
        "Microsoft.Authorization/policydefinitions/read",
        "Microsoft.Authorization/policysetdefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
        "Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Policy Insights Data Writer (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur de la stratégie de ressourceResource Policy Contributor

Utilisateurs dotés de droits pour créer ou modifier une stratégie de ressource, créer un ticket de support et lire des ressources ou la hiérarchie.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.

ActionsActions
*/read*/read Lire les ressources de tous les types, à l’exception des secrets.Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* Créer et gérer des attributions de stratégiesCreate and manage policy assignments
Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* Créer et gérer des définitions de stratégiesCreate and manage policy definitions
Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* Créer et gérer des ensembles de stratégiesCreate and manage policy sets
Microsoft.PolicyInsights/*Microsoft.PolicyInsights/*
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
  "name": "36243c78-bf99-498c-9df9-86d9f8d28608",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/policyassignments/*",
        "Microsoft.Authorization/policydefinitions/*",
        "Microsoft.Authorization/policysetdefinitions/*",
        "Microsoft.PolicyInsights/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Resource Policy Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Contributeur Site RecoverySite Recovery Contributor

Permet de gérer le service Site Recovery sauf la création de coffre et l’attribution de rôleLets you manage Site Recovery service except vault creation and role assignment

ActionsActions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read Lire les rôles et les affectations de rôlesRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* Créer et gérer une alerte de métrique classiqueCreate and manage a classic metric alert
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read Obtenir la définition de réseau virtuel.Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp est une opération interne utilisée par le service.GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp est une opération interne utilisée par le service.AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write L’opération de mise à jour de certificat de ressource met à jour le certificat d’identification du coffre/de la ressource.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Créer et gérer des informations étendues associées au coffreCreate and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read L’opération d’obtention de coffre obtient un objet représentant la ressource Azure de type « coffre ».The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Créer et gérer les identités inscritesCreate and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* Créer ou mettre à jour les paramètres d’alerte de réplicationCreate or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read Lire des événements.Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* Créer et gérer des structures de réplicationCreate and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* Créer et gérer des travaux de réplicationCreate and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* Créer et gérer des stratégies de réplicationCreate and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* Créer et gérer des plans de récupérationCreate and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* Créer et gérer la configuration de stockage du coffre Recovery ServicesCreate and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Renvoie des détails d’utilisation d’un coffre Recovery Services.Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read L’opération de jeton de coffre peut être utilisée pour obtenir un jeton de coffre pour les opérations de serveur principal au niveau du coffre.The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* Lire les alertes pour le coffre Recovery ServicesRead alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read Obtient les états de disponibilité de toutes les ressources dans l’étendue spécifiée.Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* Créer et gérer un déploiementCreate and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read Obtient ou répertorie les groupes de ressources.Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read Retourne la liste des comptes de stockage ou récupère les propriétés du compte de stockage spécifié.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/vaults/replicationOperationStatus/readMicrosoft.RecoveryServices/vaults/replicationOperationStatus/read Lit tout état de l’opération de réplication du coffreRead any Vault Replication Operation Status
Microsoft.Support/*Microsoft.Support/* Créer et mettre à jour un ticket de supportCreate and update a support ticket
NotActionsNotActions
Aucunenone
DataActionsDataActions
Aucunenone
NotDataActionsNotDataActions
Aucunenone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Site Recovery service except vault creation and role assignment",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/locations/allocateStamp/action",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/*",
        "Microsoft.RecoveryServices/vaults/replicationJobs/*",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/*",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
        "Microsoft.RecoveryServices/Vaults/storageConfig/*",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Opérateur Site Recovery