Peran bawaan Azure untuk Manajemen dan tata kelola
Artikel ini mencantumkan peran bawaan Azure dalam kategori Manajemen dan tata kelola.
Kontributor Automation
Mengelola sumber daya Azure Automation dan sumber daya lainnya menggunakan Azure Automation.
Tindakan | Deskripsi |
---|---|
Microsoft.Automation/automationAccounts/* | |
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
Microsoft.Insights/ActionGroups/* | |
Microsoft.Insights/ActivityLogAlerts/* | |
Microsoft.Insights/MetricAlerts/* | |
Microsoft.Insights/ScheduledQueryRules/* | |
Microsoft.Insights/diagnosticSettings/* | Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis |
Microsoft.OperationalInsights/ruang kerja/sharedKeys/tindakan | Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Manage azure automation resources and other resources using azure automation.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867",
"name": "f353d9bd-d4a6-484e-a77a-8050b599b867",
"permissions": [
{
"actions": [
"Microsoft.Automation/automationAccounts/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Insights/ActionGroups/*",
"Microsoft.Insights/ActivityLogAlerts/*",
"Microsoft.Insights/MetricAlerts/*",
"Microsoft.Insights/ScheduledQueryRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Pekerjaan Automation
Membuat dan Mengelola Tugas menggunakan Runbook Automation.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca | Membaca Grup Hybrid Runbook Worker |
Microsoft.Automation/automationAccounts/pekerjaan/baca | Mendapatkan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan | Melanjutkan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan | Menghentikan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca | Mendapatkan aliran pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan | Menangguhkan tugas Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/tulis | Membuat tugas Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/output/ba | Mendapatkan output pekerjaan |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Automation
Operator Automation dapat memulai, menghentikan, menangguhkan, dan melanjutkan tugas
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca | Membaca Grup Hybrid Runbook Worker |
Microsoft.Automation/automationAccounts/pekerjaan/baca | Mendapatkan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan | Melanjutkan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan | Menghentikan pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca | Mendapatkan aliran pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan | Menangguhkan tugas Azure Automation |
Microsoft.Automation/automationAccounts/pekerjaan/tulis | Membuat tugas Azure Automation |
Microsoft.Automation/automationAccounts/jobSchedules/baca | Mendapatkan jadwal pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/jobSchedules/tulis | Membuat jadwal pekerjaan Azure Automation |
Microsoft.Automation/automationAccounts/linkedWorkspace/baca | Membuat ruang kerja ditautkan ke akun otomatisasi |
Microsoft.Automation/automationAccounts/baca | Mendapatkan akun Azure Automation |
Microsoft.Automation/automationAccounts/runbooks/baca | Mendapatkan buku pedoman Azure Automation |
Microsoft.Automation/automationAccounts/jadwal/baca | Mendapatkan aset jadwal Azure Automation |
Microsoft.Automation/automationAccounts/jadwal/tulis | Membuat atau memperbarui aset jadwal Azure Automation |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Automation/automationAccounts/pekerjaan/output/ba | Mendapatkan output pekerjaan |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Runbook Automation
Properti baca Runbook - agar dapat membuat Tugas runbook.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Automation/automationAccounts/runbooks/baca | Mendapatkan buku pedoman Azure Automation |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Onboarding Mesin yang Tersambung Azure
Dapat melakukan onboarding Komputer yang Tersambung Azure.
Tindakan | Deskripsi |
---|---|
Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/baca | Membaca semua privateLinkScopes Azure Arc |
Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Sumber Daya Komputer Yang Terhubung Azure
Dapat membaca, menulis, menghapus, dan melakukan onboarding ulang Komputer yang Tersambung Azure.
Tindakan | Deskripsi |
---|---|
Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
Microsoft.HybridCompute/mesin/hapus | Menghapus komputer Azure Arc |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
Microsoft.HybridCompute/mesin/ekstensi/hapus | Menghapus ekstensi Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/* | |
Microsoft.HybridCompute/*/baca | |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.HybridCompute/licenses/write | Menginstal atau Memperbarui lisensi Azure Arc |
Microsoft.HybridCompute/licenses/delete | Menghapus lisensi Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
Microsoft.HybridCompute/machines/licenseProfiles/write | Menginstal atau Memperbarui lisensi Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Menghapus lisensi Azure ArcProfiles |
Microsoft.HybridCompute/machines/runCommands/read | Membaca runcommands Azure Arc apa pun |
Microsoft.HybridCompute/machines/runCommands/write | Menginstal atau Memperbarui runcommands Azure Arc |
Microsoft.HybridCompute/machines/runCommands/delete | Menghapus runcommands Azure Arc |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/privateLinkScopes/*",
"Microsoft.HybridCompute/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/machines/runCommands/read",
"Microsoft.HybridCompute/machines/runCommands/write",
"Microsoft.HybridCompute/machines/runCommands/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Koneksi ed Machine Resource Manager
Peran Kustom untuk AzureStackHCI RP untuk mengelola komputer komputasi hibrid dan titik akhir konektivitas hibrid dalam grup sumber daya
Tindakan | Deskripsi |
---|---|
Microsoft.Hybrid Koneksi ivity/endpoints/read | Mendapatkan titik akhir ke sumber daya. |
Microsoft.Hybrid Koneksi ivity/endpoints/write | Perbarui titik akhir ke sumber daya target. |
Microsoft.Hybrid Koneksi ivity/endpoints/serviceConfigurations/read | Mendapatkan detail tentang layanan ke sumber daya. |
Microsoft.Hybrid Koneksi ivity/endpoints/serviceConfigurations/write | Perbarui detail layanan dalam konfigurasi layanan sumber daya target. |
Microsoft.HybridCompute/mesin/baca | Membaca semua komputer Azure Arc |
Microsoft.HybridCompute/mesin/tulis | Menulis mesin Azure Arc |
Microsoft.HybridCompute/mesin/hapus | Menghapus komputer Azure Arc |
Microsoft.HybridCompute/mesin/ekstensi/baca | Membaca ekstensi Azure Arc apa pun |
Microsoft.HybridCompute/mesin/ekstensi/tulis | Menginstal atau Memperbarui ekstensi Azure Arc |
Microsoft.HybridCompute/mesin/ekstensi/hapus | Menghapus ekstensi Azure Arc |
Microsoft.HybridCompute/*/baca | |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Meningkatkan Ekstensi pada komputer Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Membaca lisensi Azure ArcProfiles apa pun |
Microsoft.HybridCompute/machines/licenseProfiles/write | Menginstal atau Memperbarui lisensi Azure ArcProfiles |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Menghapus lisensi Azure ArcProfiles |
Microsoft.GuestConfiguration/guestConfigurationAssignments/baca | Mendapatkan penugasan konfigurasi tamu. |
Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read | |
Microsoft.GuestConfiguration/guestConfigurationAssignments/write | Membuat penugasan konfigurasi tamu baru. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Custom Role for AzureStackHCI RP to manage hybrid compute machines and hybrid connectivity endpoints in a resource group",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"name": "f5819b54-e033-4d82-ac66-4fec3cbf3f4c",
"permissions": [
{
"actions": [
"Microsoft.HybridConnectivity/endpoints/read",
"Microsoft.HybridConnectivity/endpoints/write",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/read",
"Microsoft.HybridConnectivity/endpoints/serviceConfigurations/write",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/*/read",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/*/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Penagihan
Memungkinkan akses data ke data penagihan
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Billing/*/baca | Baca informasi Penagihan |
Microsoft.Commerce/*/baca | |
Microsoft.Consumption/*/baca | |
Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
Microsoft.CostManagement/*/baca | |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Cetak Biru
Dapat mengelola definisi blueprint, tetapi tidak dapat menetapkannya.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Blueprint/cetak biru/* | Membuat dan mengelola definisi cetak biru atau artefak cetak biru. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Cetak Biru
Dapat menetapkan cetak biru yang dipublikasikan sebelumnya, tetapi tidak dapat membuat definisi cetak biru baru. Penugasan cetak biru hanya berfungsi jika penugasan dilakukan dengan identitas terkelola yang ditetapkan pengguna.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Blueprint/blueprintAssignments/* | Membuat dan mengelola penetapan cetak biru. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Pengoptimalan Karbon
Mengizinkan akses baca ke data Pengoptimalan Karbon Azure
Tindakan | Deskripsi |
---|---|
Microsoft.Carbon/carbonEmissionReports/action | API untuk Laporan Emisi Karbon |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allow read access to Azure Carbon Optimization data",
"id": "/providers/Microsoft.Authorization/roleDefinitions/fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"name": "fa0d39e6-28e5-40cf-8521-1eb320653a4c",
"permissions": [
{
"actions": [
"Microsoft.Carbon/carbonEmissionReports/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Carbon Optimization Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Manajemen Biaya
Dapat melihat biaya dan mengelola konfigurasi biaya (misalnya, anggaran, ekspor)
Tindakan | Deskripsi |
---|---|
Microsoft.Consumption/* | |
Microsoft.CostManagement/* | |
Microsoft.Billing/billingPeriods/baca | |
Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
Microsoft.Billing/billingProperty/baca | Mendapatkan properti penagihan untuk langganan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Cost Management
Dapat melihat data biaya dan konfigurasi (misalnya, anggaran, ekspor)
Tindakan | Deskripsi |
---|---|
Microsoft.Consumption/*/baca | |
Microsoft.CostManagement/*/baca | |
Microsoft.Billing/billingPeriods/baca | |
Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
Microsoft.Advisor/konfigurasi/baca | Mendapatkan konfigurasi |
Microsoft.Advisor/rekomendasi/baca | Membaca rekomendasi |
Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
Microsoft.Billing/billingProperty/baca | Mendapatkan properti penagihan untuk langganan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Billing/billingProperty/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Pengaturan Hierarki
Memungkinkan pengguna mengedit dan menghapus Pengaturan Hierarki
Tindakan | Deskripsi |
---|---|
Microsoft.Management/managementGroups/pengaturan/tulis | Membuat atau memperbarui pengaturan hierarki grup manajemen. |
Microsoft.Management/managementGroups/pengaturan/hapus | Menghapus pengaturan hierarki grup manajemen. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Kontributor Aplikasi Terkelola
Mengizinkan pembuatan sumber daya aplikasi terkelola.
Tindakan | Deskripsi |
---|---|
*/read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
Microsoft.Solutions/aplikasi/* | |
Microsoft.Solutions/daftar/tindakan | Mendaftarkan langganan untuk Microsoft.Solutions |
Microsoft.Resources/subscriptions/resourceGroups/* | |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Operator Aplikasi Terkelola
Memungkinkan Anda membaca dan melakukan tindakan pada sumber daya Aplikasi Terkelola
Tindakan | Deskripsi |
---|---|
*/read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
Microsoft.Solutions/aplikasi/baca | Mencantumkan semua aplikasi dalam langganan. |
Microsoft.Solutions/*/tindakan | |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Aplikasi Terkelola
Memungkinkan Anda membaca sumber daya di aplikasi terkelola dan meminta akses JIT.
Tindakan | Deskripsi |
---|---|
*/read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Solutions/jitRequests/* | |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Peran Penghapusan penetapan Pendaftaran Layanan Terkelola
Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola memungkinkan pengguna penyewa yang mengelola untuk menghapus penetapan pendaftaran yang ditetapkan kepada penyewa mereka.
Tindakan | Deskripsi |
---|---|
Microsoft.ManagedServices/registrationAssignments/baca | Mengambil daftar penugasan pendaftaran Layanan Terkelola. |
Microsoft.ManagedServices/registrationAssignments/hapus | Menghapus penugasan pendaftaran Layanan Terkelola. |
Microsoft.ManagedServices/operationStatuses/baca | Membaca status operasi untuk sumber daya. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Grup Manajemen
Peran Kontributor Grup Manajemen
Tindakan | Deskripsi |
---|---|
Microsoft.Management/managementGroups/hapus | Menghapus grup manajemen. |
Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
Microsoft.Management/managementGroups/langganan/hapus | Membatalkan pengaitan langganan dari grup manajemen. |
Microsoft.Management/managementGroups/langganan/tulis | Mengaitkan langganan yang sudah ada dengan grup manajemen. |
Microsoft.Management/managementGroups/tulis | Membuat atau memperbarui grup manajemen. |
Microsoft.Management/managementGroups/langganan/baca | Membuat daftar langganan di bawah grup manajemen tertentu. |
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Grup Manajemen
Peran Pembaca Grup Manajemen
Tindakan | Deskripsi |
---|---|
Microsoft.Management/managementGroups/baca | Grup manajemen daftar untuk pengguna yang diautentikasi. |
Microsoft.Management/managementGroups/langganan/baca | Membuat daftar langganan di bawah grup manajemen tertentu. |
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/read",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Akun New Relic APM
Memungkinkan Anda mengelola akun dan aplikasi New Relic Application Performance Management, tetapi tidak dapat mengaksesnya.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NewRelic.APM/akun/* | |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Penulis Data Policy Insights (Pratinjau)
Memungkinkan akses baca ke kebijakan sumber daya dan akses tulis ke kejadian kebijakan komponen sumber daya.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/policyassignments/baca | Mendapatkan informasi tentang penugasan kebijakan. |
Microsoft.Authorization/policydefinitions/baca | Dapatkan informasi tentang definisi kebijakan. |
Microsoft.Authorization/policyexemptions/baca | Dapatkan informasi tentang pengecualian kebijakan. |
Microsoft.Authorization/policysetdefinisi/baca | Mendapatkan informasi tentang definisi kumpulan kebijakan. |
NotActions | |
Tidak ada | |
DataActions | |
Microsoft.PolicyInsights/checkDataPolicyCompliance/tindakan | Periksa status kepatuhan komponen tertentu terhadap kebijakan data. |
Microsoft.PolicyInsights/policyEvents/logDataEvents/tindakan | Mencatat peristiwa kebijakan komponen sumber daya. |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policyexemptions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Permintaan Kuota
Baca dan buat permintaan kuota, dapatkan status permintaan kuota, dan buat tiket dukungan.
Tindakan | Deskripsi |
---|---|
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca | Dapatkan batas layanan atau kuota sumber daya dan lokasi yang ditentukan saat ini |
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/tulis | Buat batas layanan atau kuota untuk sumber daya dan lokasi yang ditentukan |
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca | Dapatkan permintaan batas layanan untuk sumber daya dan lokasi yang ditentukan |
Microsoft.Kapasitas/daftar/tindakan | Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas. |
Microsoft.Quota/usages/read | Mendapatkan penggunaan untuk penyedia sumber daya |
Microsoft.Quota/quoas/read | Dapatkan batas Layanan saat ini atau kuota sumber daya yang ditentukan |
Microsoft.Quota/quota/write | Membuat batas layanan atau permintaan kuota untuk sumber daya yang ditentukan |
Microsoft.Quota/quotaRequests/read | Mendapatkan permintaan batas layanan apa pun untuk sumber daya yang ditentukan |
Microsoft.Quota/register/action | Mendaftarkan langganan dengan Penyedia Sumber Daya Microsoft.Quota |
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Read and create quota requests, get quota request status, and create support tickets.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
"permissions": [
{
"actions": [
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
"Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
"Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
"Microsoft.Capacity/register/action",
"Microsoft.Quota/usages/read",
"Microsoft.Quota/quotas/read",
"Microsoft.Quota/quotas/write",
"Microsoft.Quota/quotaRequests/read",
"Microsoft.Quota/register/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Quota Request Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembeli Reservasi
Memungkinkan Anda membeli reservasi
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
Microsoft.Kapasitas/katalog/baca | Baca katalog Reservasi |
Microsoft.Kapasitas/daftar/tindakan | Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas. |
Microsoft.Compute/daftar/tindakan | Mendaftarkan Langganan dengan penyedia sumber Microsoft.Compute |
Microsoft.Consumption/daftar/tindakan | Mendaftarkan ke RP Konsumsi |
Microsoft.Consumption/reservationRecommendationDetails/read | Mencantumkan Detail Rekomendasi Reservasi |
Microsoft.Consumption/reservationRecommendations/baca | Mencantumkan rekomendasi tunggal atau bersama untuk instans yang dipesan untuk langganan. |
Microsoft.Resources/langganan/baca | Mendapatkan daftar langganan. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.SQL/daftar/tindakan | Mendaftarkan langganan untuk penyedia sumber daya Microsoft SQL Database dan memungkinkan pembuatan Database Microsoft SQL. |
Microsoft.Support/supporttickets/tulis | Memungkinkan membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you purchase reservations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
"name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Capacity/catalogs/read",
"Microsoft.Capacity/register/action",
"Microsoft.Compute/register/action",
"Microsoft.Consumption/register/action",
"Microsoft.Consumption/reservationRecommendationDetails/read",
"Microsoft.Consumption/reservationRecommendations/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SQL/register/action",
"Microsoft.Support/supporttickets/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservation Purchaser",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrator Reservasi
Memungkinkan seseorang membaca dan mengelola semua reservasi dalam penyewa
Tindakan | Deskripsi |
---|---|
Microsoft.Capacity/*/read | |
Microsoft.Capacity/*/action | |
Microsoft.Capacity/*/write | |
Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
Microsoft.Authorization/roleDefinisi/baca | Mendapatkan informasi tentang definisi peran. |
Microsoft.Authorization/roleAssignments/write | Membuat penetapan peran pada cakupan yang ditentukan. |
Microsoft.Authorization/roleAssignments/delete | Menghapus penetapan peran pada cakupan yang ditentukan. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read and manage all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/a8889054-8d42-49c9-bc1c-52486c10e7cd",
"name": "a8889054-8d42-49c9-bc1c-52486c10e7cd",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Capacity/*/action",
"Microsoft.Capacity/*/write",
"Microsoft.Authorization/roleAssignments/read",
"Microsoft.Authorization/roleDefinitions/read",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Reservasi
Mari kita membaca semua reservasi di penyewa
Tindakan | Deskripsi |
---|---|
Microsoft.Capacity/*/read | |
Microsoft.Authorization/roleAssignments/baca | Mendapatkan informasi tentang penetapan peran. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/providers/Microsoft.Capacity"
],
"description": "Lets one read all the reservations in a tenant",
"id": "/providers/Microsoft.Authorization/roleDefinitions/582fc458-8989-419f-a480-75249bc5db7e",
"name": "582fc458-8989-419f-a480-75249bc5db7e",
"permissions": [
{
"actions": [
"Microsoft.Capacity/*/read",
"Microsoft.Authorization/roleAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reservations Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Policy Sumber Daya
Pengguna dengan hak untuk membuat/mengubah kebijakan sumber daya, membuat tiket dukungan, dan membaca sumber daya/hierarki.
Tindakan | Deskripsi |
---|---|
*/read | Membaca sumber daya dari semua jenis, kecuali rahasia. |
Microsoft.Authorization/policyassignments/* | Membuat dan mengelola penetapan kebijakan |
Microsoft.Authorization/policydefinitions/* | Membuat dan mengelola definisi kebijakan |
Microsoft.Authorization/policyexemptions/* | Membuat dan mengelola pembebasan kebijakan |
Microsoft.Authorization/policysetdefinitions/* | Membuat dan mengelola rangkaian kebijakan |
Microsoft.PolicyInsights/* | |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policyexemptions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Patching Terjadwal
Menyediakan akses untuk mengelola konfigurasi pemeliharaan dengan cakupan pemeliharaan InGuestPatch dan penetapan konfigurasi yang sesuai
Tindakan | Deskripsi |
---|---|
Microsoft.Maintenance/maintenanceConfigurations/read | Membaca konfigurasi pemeliharaan. |
Microsoft.Maintenance/maintenanceConfigurations/write | Membuat atau memperbarui konfigurasi pemeliharaan. |
Microsoft.Maintenance/maintenanceConfigurations/delete | Menghapus konfigurasi pemeliharaan. |
Microsoft.Maintenance/configurationAssignments/read | Membaca penetapan konfigurasi pemeliharaan. |
Microsoft.Maintenance/configurationAssignments/write | Membuat atau memperbarui penetapan konfigurasi pemeliharaan. |
Microsoft.Maintenance/configurationAssignments/delete | Menghapus penetapan konfigurasi pemeliharaan. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read | Membaca penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write | Membuat atau memperbarui penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete | Menghapus penetapan konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read | Baca konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write | Membuat atau memperbarui konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete | Hapus konfigurasi pemeliharaan untuk cakupan pemeliharaan InGuestPatch. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Provides access to manage maintenance configurations with maintenance scope InGuestPatch and corresponding configuration assignments",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"name": "cd08ab90-6b14-449c-ad9a-8f8e549482c6",
"permissions": [
{
"actions": [
"Microsoft.Maintenance/maintenanceConfigurations/read",
"Microsoft.Maintenance/maintenanceConfigurations/write",
"Microsoft.Maintenance/maintenanceConfigurations/delete",
"Microsoft.Maintenance/configurationAssignments/read",
"Microsoft.Maintenance/configurationAssignments/write",
"Microsoft.Maintenance/configurationAssignments/delete",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/configurationAssignments/maintenanceScope/InGuestPatch/delete",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/read",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/write",
"Microsoft.Maintenance/maintenanceConfigurations/maintenanceScope/InGuestPatch/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Scheduled Patching Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Site Recovery
Memungkinkan Anda mengelola layanan Site Recovery selain pembuatan vault dan penetapan peran
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan | AllocateStamp adalah operasi internal yang digunakan oleh layanan |
Microsoft.RecoveryServices/Vaults/sertifikat/tulis | Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault. |
Microsoft.RecoveryServices/Vaults/extendedInformation/* | Membuat dan mengelola info yang diperluas terkait dengan kubah |
Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/* | Membuat dan mengelola identitas terdaftar |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | Membuat atau Memperbarui pengaturan pemberitahuan replikasi |
Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/* | Membuat dan mengelola susunan replikasi |
Microsoft.RecoveryServices/vaults/replicationJobs/* | Membuat dan mengelola pekerjaan replikasi |
Microsoft.RecoveryServices/vaults/replicationPolicies/* | Membuat dan mengelola kebijakan replikasi |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | Membuat dan mengelola rencana pemulihan |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/* | |
Microsoft.RecoveryServices/Vaults/storageConfig/* | Membuat dan mengelola konfigurasi penyimpanan vault Layanan Pemulihan |
Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Baca pemberitahuan untuk kubah layanan Pemulihan |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
Microsoft.RecoveryServices/vaults/replicationOperationStatus/baca | Baca Status Operasi Replikasi Kubah |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Operator Site Recovery
Memungkinkan Anda failover dan failback, tetapi tidak dapat melakukan operasi manajemen Site Recovery lainnya
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Network/virtualNetworks/baca | Dapatkan definisi jaringan virtual |
Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan | AllocateStamp adalah operasi internal yang digunakan oleh layanan |
Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca | Baca Pengaturan Pemberitahuan apa pun |
Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/tindakan | Memeriksa Konsistensi Susunan |
Microsoft.RecoveryServices/vaults/replicationFabrics/baca | Baca Susunan Apa Pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/tindakan | Pisahkan Gateway |
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/tindakan | Perbarui Sertifikat Susunan |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca | Membaca Jaringan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca | Baca Pemetaan Jaringan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Kontainer Perlindungan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Item yang Dapat Diproteksi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/tindakan | Terapkan Titik Pemulihan |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/tindakan | Penerapan Failover |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/tindakan | Failover terencana |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca | Baca Item Terproteksi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca | Baca Titik Pemulihan Replikasi apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/tindakan | Perbaiki replikasi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/tindakan | Lindungi kembali Item yang Dilindungi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/tindakan | Beralih Kontainer Perlindungan |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/tindakan | Menguji Failover |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/tindakan | Uji Pembersihan Failover |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/tindakan | Failover |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/tindakan | Memperbarui Layanan Mobilitas |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca | Membaca Pemetaan Kontainer Perlindungan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca | Baca Penyedia Layanan Pemulihan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/tindakan | Segarkan Penyedia |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca | Baca Klasifikasi Penyimpanan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca | Membaca Pemetaan Klasifikasi Penyimpanan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca | Baca vCenters apa pun |
Microsoft.RecoveryServices/vaults/replicationJobs/* | Membuat dan mengelola pekerjaan replikasi |
Microsoft.RecoveryServices/vaults/replicationPolicies/baca | Membaca Kebijakan apa pun |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/tindakan | Paket Pemulihan Penerapan Failover |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/tindakan | Rencana Pemulihan Failover yang Direncanakan |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca | Membaca Paket Pemulihan apa pun |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/tindakan | Paket Pemulihan ReProtect |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/tindakan | Menguji Paket Pemulihan Failover |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/tindakan | Uji Rencana Pemulihan Pembersihan Failover |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/t | Rencana Pemulihan Failover |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Membaca apa pun |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | Baca pemberitahuan untuk kubah layanan Pemulihan |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
Microsoft.RecoveryServices/Vaults/storageConfig/baca | |
Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
Microsoft.ResourceHealth/availabilityStatuses/baca | Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Storage/storageAccounts/baca | Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Site Recovery
Memungkinkan Anda melihat status Site Recovery, tetapi tidak dapat melakukan operasi manajemen lainnya
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.RecoveryServices/locations/allocatedStamp/baca | GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan |
Microsoft.RecoveryServices/Vaults/extendedInformation/baca | Operasi Mendapatkan Info yang Diperluas mendapatkan Info yang Diperluas objek yang mewakili sumber daya Azure jenis ?vault? |
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca | Mendapatkan peringatan untuk vault Layanan pemulihan. |
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca | |
Microsoft.RecoveryServices/Vaults/baca | Operasi Mendapatkan Vault mendapatkan objek yang mewakili sumber daya Azure jenis 'vault' |
Microsoft.RecoveryServices/Vaults/refreshContainers/baca | |
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca | Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron |
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca | Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya. |
Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca | Baca Pengaturan Pemberitahuan apa pun |
Microsoft.RecoveryServices/vaults/replicationEvents/baca | Membaca Peristiwa apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/baca | Baca Susunan Apa Pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca | Membaca Jaringan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca | Baca Pemetaan Jaringan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Kontainer Perlindungan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca | Baca Item yang Dapat Diproteksi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca | Baca Item Terproteksi |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca | Baca Titik Pemulihan Replikasi apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca | Membaca Pemetaan Kontainer Perlindungan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca | Baca Penyedia Layanan Pemulihan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca | Baca Klasifikasi Penyimpanan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca | Membaca Pemetaan Klasifikasi Penyimpanan apa pun |
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca | Baca vCenters apa pun |
Microsoft.RecoveryServices/vaults/replicationJobs/baca | Membaca Pekerjaan apa pun |
Microsoft.RecoveryServices/vaults/replicationPolicies/baca | Membaca Kebijakan apa pun |
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca | Membaca Paket Pemulihan apa pun |
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read | Membaca apa pun |
Microsoft.RecoveryServices/Vaults/storageConfig/baca | |
Microsoft.RecoveryServices/Vaults/tokenInfo/baca | |
Microsoft.RecoveryServices/Vaults/penggunaan/baca | Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan. |
Microsoft.RecoveryServices/Vaults/vaultTokens/baca | Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you view Site Recovery status but not perform other management operations",
"id": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
"name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/read",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Permintaan Dukungan
Memungkinkan Anda membuat dan mengelola Permintaan dukungan
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you create and manage Support requests",
"id": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Support Request Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Tag
Memungkinkan Anda mengelola tag pada entitas, tanpa memberikan akses ke entitas itu sendiri.
Tindakan | Deskripsi |
---|---|
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan sumber daya untuk grup sumber daya. |
Microsoft.Resources/langganan/sumber daya/baca | Mendapatkan sumber daya dari langganan. |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Insights/alertRules/* | Membuat dan mengelola pemberitahuan metrik klasik |
Microsoft.Support/* | Membuat dan memperbarui tiket dukungan |
Microsoft.Resources/tags/* | |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage tags on entities, without providing access to the entities themselves.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read",
"Microsoft.Resources/subscriptions/resources/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Support/*",
"Microsoft.Resources/tags/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Tag Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Kontributor Spesifikasi Templat
Memungkinkan akses penuh ke operasi Spesifikasi Templat pada cakupan yang ditetapkan.
Tindakan | Deskripsi |
---|---|
Microsoft.Resources/templateSpecs/* | Membuat dan mengelola spesifikasi templat dan versi spesifikasi templat |
Microsoft.Authorization/*/baca | Membaca peran dan penetapan peran |
Microsoft.Resources/penyebaran/* | Membuat dan mengelola penyebaran |
Microsoft.Resources/langganan/resourceGroups/baca | Mendapatkan atau mencantumkan grup sumber daya. |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to Template Spec operations at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"name": "1c9b6475-caf0-4164-b5a1-2142a7116f4b",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Pembaca Spesifikasi Templat
Memungkinkan akses baca ke Spesifikasi Templat pada cakupan yang ditetapkan.
Tindakan | Deskripsi |
---|---|
Microsoft.Resources/templateSpecs/*/read | Mendapatkan atau mencantumkan spesifikasi templat dan versi spesifikasi templat |
NotActions | |
Tidak ada | |
DataActions | |
Tidak ada | |
NotDataActions | |
Tidak ada |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to Template Specs at the assigned scope.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e",
"name": "392ae280-861d-42bd-9ea5-08ee6d83b80e",
"permissions": [
{
"actions": [
"Microsoft.Resources/templateSpecs/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Template Spec Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}