Peran bawaan Azure

Kontrol akses berbasis peran Azure (Azure RBAC) memiliki beberapa peran bawaan Azure yang dapat Anda tetapkan kepada pengguna, grup, prinsipal layanan, dan identitas terkelola. Penetapan peran adalah cara Anda mengontrol akses ke sumber daya Azure. Jika peran bawaan tidak memenuhi kebutuhan spesifik organisasi, Anda bisa membuat peran kustom Azure. Untuk informasi tentang cara menetapkan peran, lihat Langkah-langkah untuk menetapkan peran Azure.

Artikel ini mencantumkan peran bawaan Azure. Jika Anda mencari peran administrator untuk Azure Active Directory (Azure AD), lihat Peran bawaan Azure AD.

Tabel berikut ini menyediakan deskripsi singkat tentang setiap peran bawaan. Klik nama peran untuk melihat daftar Actions,NotActions,DataActions, dan NotDataActionsuntuk setiap peran. Untuk informasi tentang apa maksud tindakan ini dan bagaimana tindakan tersebut berlaku untuk kontrol dan data plane, lihat Memahami definisi peran Azure.

Semua

Peran bawaan Deskripsi ID
Umum
Kontributor Memberikan akses penuh untuk mengelola semua sumber daya, tetapi tidak mengizinkan Anda untuk menetapkan peran di RBAC Azure, mengelola tugas di Azure Blueprints, atau berbagi galeri gambar. b24988ac-6180-42a0-ab88-20f7382dd24c
Pemilik Memberikan akses penuh untuk mengelola semua sumber daya, termasuk kemampuan untuk menetapkan peran di RBAC Azure. 8e3af657-a8ff-443c-a75c-2fe8c4bcb635
Pembaca Melihat semua sumber daya, namun tidak mengizinkan Anda untuk melakukan perubahan apa pun. acdd72a7-3385-48ef-bd42-f606fba81ae7
Administrator Akses Pengguna Memungkinkan Anda mengelola akses pengguna ke sumber daya Azure. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d9
Compute
Kontributor Mesin Virtual Klasik Memungkinkan Anda mengelola virtual machines klasik, tetapi tidak dapat mengaksesnya, dan bukan jaringan virtual atau akun penyimpanan tempat virtual machines klasik tersambung. d73bb868-a0df-4d4d-bd69-98a00b01fccb
Informasi Masuk Administrator Virtual Machine Melihat Virtual Machines dalam portal dan masuk sebagai administrator 1c0163c0-47e6-4577-8991-ea5c82e286e4
Kontributor Komputer Virtual Buat dan kelola mesin virtual, kelola disk dan snapshot disk, instal dan jalankan perangkat lunak, reset kata sandi pengguna root mesin virtual menggunakan ekstensi VM, dan kelola akun pengguna lokal menggunakan ekstensi VM. Peran ini tidak memberi Anda akses manajemen ke jaringan virtual atau akun penyimpanan yang terhubung dengan mesin virtual. Peran ini tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Login Pengguna Mesin Virtual Melihat Virtual Machines di portal dan masuk sebagai pengguna biasa. fb879df8-f326-4884-b1cf-06f3ad86be52
Jaringan
Kontributor Endpoint CDN Dapat mengelola titik akhir CDN, tetapi tidak dapat memberikan akses kepada pengguna lain. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Pembaca Endpoint CDN Dapat melihat titik akhir CDN, namun tidak dapat melakukan perubahan. 871e35f6-b5c1-49cc-a043-bde969a0f2cd
Kontributor Profil CDN Dapat mengelola profil CDN dan titik akhirnya, tetapi tidak dapat memberikan akses ke pengguna lain. ec156ff8-a8d1-4d15-830c-5b80698ca432
Pembaca Profil CDN Dapat melihat profil CDN dan titik akhirnya, tetapi tidak dapat melakukan perubahan. 8f96442b-4075-438f-813d-ad51ab4019af
Kontributor Jaringan Klasik Memungkinkan Anda mengelola jaringan klasik, tetapi tidak dapat mengaksesnya. b34d265f-36f7-4a0d-a4d4-e158ca92e90f
Kontributor Zona DNS Memungkinkan Anda mengelola zona DNS dan kumpulan catatan di Azure DNS, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. befefa01-2a29-4197-83a8-272ff33ce314
Kontributor Jaringan Memungkinkan Anda mengelola jaringan, tetapi tidak dapat mengaksesnya. 4d97b98b-1d4f-4787-a291-c67834d212e7
Kontributor Zona DNS Privat Memungkinkan Anda mengelola sumber daya zona DNS privat, tetapi bukan jaringan virtual tempat sumber daya zona DNS privat tersambung. b12aa53e-6015-4669-85d0-8515ebb3ae7f
Kontributor Traffic Manager Memungkinkan Anda mengelola profil Traffic Manager, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
Penyimpanan
Kontributor Avere Dapat membuat dan mengelola kluster Avere vFXT. 4f8fab4f-1852-4a58-a46a-8eaf358af14a
Operator Avere Digunakan oleh kluster Avere vFXT untuk mengelola kluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Kontributor Cadangan Memungkinkan Anda mengelola layanan pencadangan,tetapi tidak dapat membuat vault dan memberi akses kepada orang lain 5e467623-bb1f-42f4-a55d-6e525e11384b
Operator Microsoft Azure Backup Memungkinkan Anda mengelola layanan pencadangan, kecuali penghapusan cadangan, pembuatan vault, dan memberikan akses kepada orang lain 00c29273-979b-4161-815c-10b084fb9324
Pembaca Backup Dapat melihat layanan pencadangan, tetapi tidak dapat membuat perubahan a795c7a0-d4a2-40c1-ae25-d81f01202912
Kontributor Akun Storage Klasik Memungkinkan Anda mengelola akun penyimpanan klasik, tetapi tidak dapat mengaksesnya. 86e8f5dc-a6e9-4c67-9d15-de283e8eac25
Peran Layanan Operator Kunci Akun Storage Klasik Operator Kunci Akun Penyimpanan Klasik diizinkan untuk mencantumkan dan membuat kunci pada Akun Penyimpanan Klasik 985d6b00-f706-48f5-a6fe-d0ca12fb668d
Kontributor Data Box Memungkinkan Anda mengelola semuanya dalam Layanan Data Box, kecuali memberikan akses kepada orang lain. add466c9-e687-43fc-8d98-dfcf8d720be5
Pembaca Data Box Memungkinkan Anda mengelola Layanan Data Box, kecuali membuat urutan atau mengedit detail urutan dan memberikan akses kepada orang lain. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Pengembang Data Lake Analytics Memungkinkan Anda untuk mengirim, memantau, dan mengelola tugas Anda sendiri, namun tidak dapat membuat atau menghapus akun Data Lake Analytics. 47b7735b-770e-4598-a7da-8b91488b4c88
Pembaca dan Akses Data Memungkinkan Anda melihat semuanya tetapi tidak akan membiarkan Anda menghapus atau membuat akun penyimpanan atau sumber daya yang terkandung. Ini juga akan memungkinkan akses baca / tulis ke semua data yang terkandung dalam akun penyimpanan melalui akses ke kunci akun penyimpanan. c12c1c16-33a1-487b-954d-41c89c60f349
Kontributor Akun Storage Mengizinkan pengelolaan akun penyimpanan. Menyediakan akses ke kunci akun, yang dapat digunakan untuk mengakses data melalui otorisasi Kunci Bersama. 17d1049b-9a84-46fb-8f53-869881c3d3ab
Peran Layanan Operator Kunci Akun Penyimpanan Mengizinkan pencatatan dan regenerasi kunci akses akun penyimpanan. 81a9662b-bebf-436f-a333-f67b29880f12
Kontributor Data Blob Penyimpanan Baca, tulis, dan hapus kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. ba92f5b4-2d11-453d-a403-e96b0029c9fe
Pemilik Data Blob Penyimpanan Memungkinkan akses penuh ke kontainer dan data blob Azure Storage, termasuk menetapkan kontrol akses POSIX. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. b7e6dc6d-f1e8-4753-8033-0f276bb0955b
Pembaca Data Blob Penyimpanan. Baca dan daftar kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Delegator Bloob Penyimpanan Dapatkan kunci delegasi pengguna, yang kemudian dapat digunakan untuk membuat penanda akses bersama untuk kontainer atau blob yang ditandai dengan kredensial Azure AD. Untuk informasi selengkapnya, lihat Membuat delegasi pengguna SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4a
Kontributor Berbagi SMB Data File Penyimpanan Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini tidak memiliki bawaan yang setara pada server file Windows. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Kontributor Lanjutan Berbagi SMB Data File Penyimpanan Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. a7264617-510b-434b-a828-9731dc254ea7
Pembaca Berbagi SMB Data File Penyimpanan Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. aba4ae5f-2193-4029-9191-0cb91df5e314
Kontributor Data Antrean Penyimpanan Baca, tulis, dan hapus antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. 974c5e8b-45b9-4653-ba55-5f855dd0fb88
Pemroses Pesan Data Antrean Penyimpanan Mengintip, mengambil, dan menghapus pesan dari antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. 8a0f0c08-91a1-4084-bc3d-661d67233fed
Storage Queue Data Message Sender Tambah pesan ke antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. c6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Kontributor Data Antrean Penyimpanan Baca dan daftar antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. 19e7f393-937e-4f77-808e-94535e297925
Kontributor Data Tabel Penyimpanan Memungkinkan untuk membaca, menulis, dan menghapus akses ke Azure Storage tabel dan entitas 0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3
Pembaca Data Tabel Penyimpanan Memungkinkan akses baca ke tabel dan entitas Azure Storage 76199698-9eea-4c19-bc75-cec21354c6b6
Web
Kontributor Data Azure Maps Memberikan akses baca, tulis, dan hapus ke data terkait peta dari akun Azure maps. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Pembaca Data Azure Maps Memberikan akses untuk membaca data terkait peta dari akun Azure maps. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Kontributor Server Azure Spring Cloud Config Mengizinkan membaca, menulis, dan menghapus akses ke Server Config Azure Spring Cloud a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b
Pembaca Server Azure Spring Cloud Config Mengizinkan akses baca ke Server Config Azure Spring Cloud d04c6db6-4947-4782-9e91-30a88feb7be7
Pembaca Data Azure Spring Cloud Izinkan akses baca ke Azure Spring Cloud Data b5537268-8956-4941-a8f0-646150406f0c
Kontributor Registri Layanan Azure Spring Cloud Mengizinkan membaca, menulis, dan menghapus akses ke Registri Layanan Azure Spring Cloud f5880b48-c26d-48be-b172-7927bfa1c8f1
Pembaca Registri Layanan Azure Spring Cloud Mengizinkan akses baca ke Registri Layanan Azure Spring Cloud cff1b556-2399-4e7e-856d-a8f754be7b65
Administrator Akun Media Services Membuat, membaca, mengubah, dan menghapus akun Media Services; akses baca-saja ke sumber daya Media Services lainnya. 054126f8-9a2b-4f1c-a9ad-eca461f08466
Administrator Acara Langsung Media Services Membuat, membaca, dan memodifikasi Acara Langsung, Aset, Filter Aset, dan Pencari Streaming; akses baca-saja ke sumber daya Media Services lainnya. 532bc159-b25e-42c0-969e-a1d439f60d77
Operator Media untuk Media Services Membuat, membaca, memodifikasi, dan menghapus Aset, Filter Aset, Pencari Streaming, dan Pekerjaan; akses baca-saja ke sumber daya Media Services lainnya. e4395492-1534-4db2-bedf-88c14621589c
Administrator Policy Media Services Membuat, membaca, memodifikasi, dan menghapus Filter Akun, Kebijakan Streaming, Kebijakan Kunci Konten, dan Transformasi; akses baca-saja ke sumber daya Media Services lainnya. Tidak dapat membuat sumber daya Pekerjaan, Aset, atau Streaming. c4bba371-dacd-4a26-b320-7250bca963ae
Administrator Titik Akhir Streaming Media Services Membuat, membaca, mengubah, dan menghapus akun Titik Akhir Streaming; akses baca-saja ke sumber daya Media Services lainnya. 99dba123-b5fe-44d5-874c-ced7199a5804
Kontributor Data Indeks Pencarian Memberikan akses penuh ke data indeks Azure Cognitive Search. 8ebe5a00-799e-43f5-93ac-243d3dce84a7
Pembaca Data Indeks Pencarian Memberikan akses membaca ke data indeks Azure Cognitive Search. 1407120a-92aa-4202-b7e9-c0e197c71c8f
Kontributor Layanan Pencarian Memungkinkan Anda mengelola Layanan pencarian, tetapi tidak dapat mengaksesnya. 7ca78c08-252a-4471-8644-bb5ff32d4ba0
Pembaca SignalR AccessKey Membaca Kunci Akses Layanan SignalR 04165923-9d83-45d5-8227-78b77b0a687e
Server Aplikasi SignalR (Pratinjau) Memungkinkan server aplikasi Anda mengakses SignalR Service dengan opsi autentikasi AAD. 420fcaa2-552c-430f-98ca-3264be4806c7
Pemilik REST API SignalR Akses penuh ke REST API Azure SignalR Service fd53cd77-2268-407a-8f46-7e7863d0f521
Pembaca REST API SignalR Akses baca saja ke REST API Azure SignalR Service ddde6b66-c0df-4114-a159-3618637b3035
Pemilik SignalR Service Akses penuh ke REST API Azure SignalR Service 7e4f1700-ea5a-4f59-8f37-079cfe29dce3
Kontributor SignalR/Web PubSub Membuat, Membaca, Memperbarui, dan Menghapus sumber daya layanan SignalR 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
Kontributor Rencana Web Memungkinkan Anda mengelola rencana web untuk situs web, tetapi tidak dapat mengaksesnya. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Kontributor Situs Web Memungkinkan Anda mengelola situs web (bukan rencana web), tetapi tidak dapat mengaksesnya. de139f84-1756-47ae-9be6-808fbbe84772
Kontainer
AcrDelete Hapus repositori, tag, atau manifes dari registri kontainer. c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSigner Dorong gambar tepercaya ke atau tarik gambar tepercaya dari registri kontainer yang diaktifkan untuk kepercayaan konten. 6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPull Tarik artefak dari registri kontainer. 7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPush Dorong artefak ke atau tarik artefak dari registri kontainer. 8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReader Tarik gambar yang dikarantina dari registri kontainer. cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriter Dorong gambar yang dikarantina ke atau tarik gambar yang dikarantina dari registri kontainer. c8d4ff99-41c3-41a8-9f60-21dfdad59608
Peran Admin kluster Azure Kubernetes Service Tindakan buat daftar kredensial admin kluster. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Peran Pengguna kluster Azure Kubernetes Service Tindakan buat daftar kredensial pengguna kluster. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Peran Kontributor Azure Kubernetes Service Memberikan akses untuk membaca dan menulis kluster Azure Kubernetes Service ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Admin RBAC Azure Kubernetes Service Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. 3498e952-d568-435e-9b2c-8d77e338d7f7
Admin Klaster RBAC Azure Kubernetes Service Memungkinkan Anda mengelola semua sumber daya dalam kluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Pembaca RBAC Azure Kubernetes Service Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. 7f6c6a51-bcf8-42ba-9220-52d62157d7db
Penulis RBAC Azure Kubernetes Service Memperbolehkan akses baca/tulis ke sebagian besar obyek dalam sebuah namespace. Peran ini tidak memungkinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan akses Rahasia dan menjalankan Pod sebagai ServiceAccount mana pun di namespace, sehingga dapat digunakan untuk mendapatkan level akses API dari ServiceAccount apa pun di namespace. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
Database
Onboarding SQL Server yang Terhubung ke Azure Memungkinkan untuk membaca dan menulis akses ke sumber daya Azure untuk SQL Server pada server arc-enabled. e8113dce-c529-4d33-91fa-e9b972617508
Peran Cosmos DB Account Reader Dapat membaca data Akun Azure Cosmos DB. Lihat Kontributor Akun DocumentDB untuk mengelola akun Azure Cosmos DB. fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Operator Cosmos DB Memungkinkan Anda mengelola akun Azure Cosmos DB, tetapi tidak mengakses data di dalamnya. Mencegah akses ke kunci akun dan string koneksi. 230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperator Dapat mengirim permintaan pemulihan untuk database Cosmos DB atau kontainer untuk akun db7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperator Dapat melakukan tindakan pemulihan untuk akun database Cosmos DB dengan mode pencadangan kontinu 5432c526-bc82-444a-b7ba-57c5b0b5b34f
Kontributor Akun DocumentDB Dapat mengelola akun Azure Cosmos DB. Azure Cosmos DB sebelumnya dikenal sebagai DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e15450
Kontributor Redis Cache Memungkinkan Anda mengelola Redis cache, tetapi tidak dapat mengaksesnya. e0f68234-74aa-48ed-b826-c38b57376e17
Kontributor SQL DB Memungkinkan Anda mengelola database SQL, tetapi tidak mengaksesnya. Selain itu, Anda tidak dapat mengelola kebijakan terkait keamanan atau server SQL induk mereka. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Kontributor SQL Managed Instance Memungkinkan Anda mengelola SQL Managed Instances dan konfigurasi jaringan yang diperlukan, tetapi tidak dapat memberikan akses kepada orang lain. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL Security Manager Memungkinkan Anda mengelola kebijakan terkait keamanan dari server dan database SQL, tetapi tidak dapat mengaksesnya. 056cd41c-7e88-42e1-933e-88ba6a50c9c3
Kontributor SQL Server Memungkinkan Anda mengelola server dan database SQL, tetapi tidak dapat mengaksesnya, dan bukan kebijakan terkait keamanannya. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
Analitik
Pemilik Data Azure Event Hubs Memungkinkan akses penuh ke sumber daya Azure Event Hubs. f526a384-b230-433a-b45c-95f59c4a2dec
Penerima Data Azure Event Hubs Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs. a638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure Service Bus Data Sender Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs. 2b629674-e913-4c01-ae53-ef4638d8f975
Kontributor Data Factory Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. 673868aa-7521-48a0-acc6-0f60742d39f5
Penghapus Seluruh Data Menghapus data pribadi dari ruang kerja Analitik Log. 150f5e0c-0603-4f03-8c7f-cf70034c4e90
Operator Klaster HDInsight Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight. 61ed4efc-fab3-44fd-b111-e24485cc132a
Kontributor Layanan Domain HDInsight Dapat Membaca, Membuat, Mengubah, dan Menghapus operasi terkait Layanan Domain yang diperlukan untuk Paket Keamanan Perusahaan HDInsight 8d8d5a11-05d3-4bda-a417-a08778121c7c
Kontributor Analitik Log Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure. 92aaf0da-9dab-42b6-94a3-d43ce8d16293
Pembaca Analitik Log Pembaca Analitik Log dapat melihat dan mencari semua data pemantauan serta melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure. 73c42c96-874c-492b-b04d-ab87d138a893
Kurator Data Purview (Warisan) Kurator data Microsoft.Purview adalah peran warisan yang dapat membuat, membaca, mengubah, dan menghapus objek data katalog dan membangun hubungan antar objek. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan kurator data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran 8a3c2885-9b38-4fd2-9d99-91af537c1347
Pembaca Data Purview (Warisan) Pembaca data Microsoft.Purview adalah peran warisan yang dapat membaca objek data katalog. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan pembaca data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran ff100721-1b9d-43d8-af52-42b69c1272db
Administrator Sumber Data Purview (Warisan) Administrator sumber data Microsoft.Purview adalah peran warisan yang dapat mengelola sumber data dan pemindaian data. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan admin sumber data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran 200bba9e-f0c8-430f-892b-6f0794863803
Kontributor Schema Registry (Pratinjau) Membaca, menulis, dan menghapus grup dan skema Schema Registry. 5dffeca3-4936-4216-b2bc-10343a5abb25
Pembaca Schema Registry (Pratinjau) Membaca dan membuat daftar grup dan skema Schema Registry. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d2
Blockchain
Akses Node Anggota Blockchain (Pratinjau) Memungkinkan akses ke node Anggota Blockchain 31a002a1-acaf-453e-8a5b-297c9ca1ea24
AI + pembelajaran mesin
Ilmuwan Data AzureML Dapat melakukan semua tindakan dalam ruang kerja Azure Machine Learning, kecuali untuk membuat atau menghapus sumber daya komputasi dan memodifikasi ruang kerja itu sendiri. f6c7c914-8db3-469d-8ca1-694a8f32e121
Kontributor Cognitive Services Memungkinkan Anda membuat, membaca, memperbarui, menghapus, dan mengelola kunci Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Kontributor Visi Kustom Cognitive Services Akses penuh ke proyek, termasuk kemampuan untuk melihat, membuat, mengedit, atau menghapus proyek. c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
Penyebaran Visi Kustom Cognitive Services Publikasikan, batal terbitkan, atau ekspor model. Penyebaran dapat melihat proyek tetapi tidak dapat memperbarui. 5c4089e1-6d96-4d2f-b296-c1bc7137275f
Pemberi Label Visi Kustom Cognitive Services Lihat, edit gambar pelatihan dan buat, tambahkan, hapus, atau hapus tag gambar. Pelabel dapat melihat proyek tetapi tidak dapat memperbarui apa pun selain gambar dan tag pelatihan. 88424f51-ebe7-446f-bc41-7fa16989e96c
Pembaca Visi Kustom Cognitive Services Tindakan baca-saja di ruang kerja. Pembaca tidak dapat membuat atau memperbarui aset ini. 93586559-c37d-4a6b-ba08-b9f0940c2d73
Pelatih Custom Vision Cognitive Services Lihat, edit proyek, dan latih model, termasuk kemampuan untuk menerbitkan, membatalkan penerbitan, mengekspor model. Pelatih tidak dapat membuat atau menghapus proyek. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
Pembaca Data Cognitive Services (Pratinjau) Memungkinkan Anda membaca data Cognitive Services. b59867f0-fa02-499b-be73-45a86b5b3e1c
Pengenal Wajah Cognitive Services Memungkinkan Anda melakukan deteksi, verifikasi, identifikasi, kelompokkan, dan temukan operasi serupa di Face API. Peran ini tidak memungkinkan operasi buat atau hapus, yang membuatnya sangat cocok untuk titik akhir yang hanya perlu kemampuan yang lebih rendah, mengikuti praktik terbaik 'hak istimewa paling sedikit'. 9894cab4-e18a-44aa-828b-cb588cd6f2d7
Administrator Advisor Metrik Cognitive Services Akses penuh ke proyek, termasuk konfigurasi tingkat sistem. cb43c632-a144-4ec5-977c-e80c4affc34a
Editor Pembuat QnA Cognitive Services Mari kita membuat, mengedit, mengimpor, dan mengekspor KB. Anda tidak dapat menerbitkan atau menghapus KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025
Pembaca Pembuat QnA Cognitive Services Memungkinkan Anda membaca dan menguji KB saja. 466ccd10-b268-4a11-b098-b4849f024126
Pengguna Cognitive Services Memungkinkan Anda membaca dan mencantumkan kunci Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908
Internet of Things
Administrator Pembaruan Perangkat Memberi Anda akses penuh ke operasi manajemen dan konten 02ca0879-e8e4-47a5-a61e-5c618b76e64a
Administrator Konten Pembaruan Perangkat Memberi Anda akses penuh ke operasi konten 0378884a-3af5-44ab-8323-f5b22f9f3c98
Pembaca Konten Pembaruan Perangkat Memberi Anda akses baca ke operasi konten, tetapi tidak mengizinkan untuk melakukan perubahan d1ee9a80-8b14-47f0-bdc2-f4a351625a7b
Administrator Penyebaran Pembaruan Perangkat Memberi Anda akses penuh ke operasi manajemen e4237640-0e3d-4a46-8fda-70bc94856432
Pembaca Penyebaran Pembaruan Perangkat Memberi Anda akses baca ke operasi manajemen, tetapi tidak mengizinkan untuk melakukan perubahan 49e2f5d2-7741-4835-8efa-19e1fe35e47f
Pembaca Pembaruan Perangkat Memberi Anda akses baca ke operasi manajemen dan konten, tetapi tidak mengizinkan untuk melakukan perubahan e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f
Kontributor Data IoT Hub Memungkinkan akses penuh ke operasi pesawat data IoT Hub. 4fc6c259-987e-4a07-842e-c321cc9d413f
Pembaca Data IoT Hub Memungkinkan akses baca penuh ke properti pesawat data IoT Hub b447c946-2db7-41ec-983d-d8bf3b1c77e3
Kontributor Registri IoT Hub Memungkinkan akses penuh ke registri perangkat IoT Hub. 4ea46cd5-c1b2-4a8e-910b-273211f9ce47
Kontributor Kembar IoT Hub Memungkinkan untuk membaca dan menulis akses ke semua perangkat IoT Hub dan modul kembar. 494bdba2-168f-4f31-a0a1-191d2f7c028c
Realitas campuran
Administrator Remote Rendering Memberi pengguna kemampuan konversi, mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Klien Remote Rendering Memberi pengguna kemampuan mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0a
Kontributor Akun Spatial Anchors Memungkinkan Anda mengelola spatial anchors dalam akun, tetapi tidak dapat menghapusnya 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Pemilik Akun Spatial Anchors Memungkinkan Anda mengelola spatial anchors dalam akun, termasuk menghapusnya 70bbe301-9835-447d-afdd-19eb3167307c
Pemilik Akun Spatial Anchors Memungkinkan Anda menemukan dan membaca properti spatial anchors dalam akun 5d51204f-eb77-4b1c-b86a-2ec626c49413
Integrasi
Kontributor Layanan API Management Dapat mengelola layanan dan API 312a565d-c81f-4fd8-895a-4e21e48d571c
Peran Operator Layanan API Management Dapat mengelola layanan, tetapi bukan API e022efe7-f5ba-4159-bbe4-b44f577e9b61
Peran Pembaca Layanan API Management Akses baca-saja ke layanan dan API 71522526-b88f-4d52-b57f-d31fc3546d0d
Pemilik Data App Configuration Memungkinkan akses penuh ke data App Configuration. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
Pembaca Data App Configuration Memungkinkan akses baca ke data App Configuration. 516239f1-63e1-4d78-a4de-a74fb236a071
Pendengar Azure Relay Memungkinkan untuk mendengarkan akses ke sumber daya Azure Relay. 26e0b698-aa6d-4085-9386-aadae190014d
Pemilik Azure Relay Memungkinkan akses penuh ke sumber daya Azure Relay. 2787bf04-f1f5-4bfe-8383-c8a24483ee38
Pengirim Azure Relay Memungkinkan untuk mengirimkan akses ke sumber daya Azure Relay. 26baccc8-eea7-41f1-98f4-1762cc7f685d
Pemilik Data Azure Service Bus Memungkinkan akses penuh ke sumber daya Azure Service Bus. 090c5cfd-751d-490a-894a-3ce6f1109419
Penerima Data Bus Layanan Azure Memungkinkan untuk menerima akses ke sumber daya Azure Service Bus. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure Service Bus Data Sender Memungkinkan untuk mengirim akses ke sumber daya Azure Service Bus. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Pemilik Pendaftaran Tumpukan Azure Memungkinkan Anda mengelola pendaftaran Azure Stack Hub. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Kontributor EventGrid Memungkinkan Anda mengelola operasi EventGrid. 1e241071-0855-49ea-94dc-649edcd759de
Pengirim Data EventGrid Memungkinkan mengirim akses ke acara grid acara. d5a91429-5739-47e2-a06b-3470a27159e7
Kontributor EventSubscription EventGrid Memungkinkan Anda mengelola operasi langganan kejadian EventGrid. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Pembaca EventSubscription EventGrid Memungkinkan Anda membaca langganan kejadian EventGrid. 2414bbcf-6497-4faf-8c65-045460748405
Kontributor Data FHIR Peran memungkinkan pengguna atau prinsipal mengakses penuh Data FHIR 5a1fc7df-4bf1-4951-a576-89034ee01acd
Pengekspor Data FHIR Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengekspor Data FHIR 3db33094-8700-4567-8da5-1501d4e7e843
Pembaca Data FHIR Peran memungkinkan pengguna atau prinsipal untuk membaca Data FHIR 4c8d0bbc-75d3-4935-991f-5f3c56d81508
Penulis Data FHIR Peran memungkinkan pengguna atau prinsipal untuk membaca dan menulis Data FHIR 3f88fce4-5892-4214-ae73-ba5294559913
Kontributor Lingkungan Layanan Integrasi Memungkinkan Anda mengelola lingkungan layanan integrasi, tetapi tidak dapat mengaksesnya. a41e2c5b-bd99-4a07-88f4-9bf657a760b8
Pengembang Lingkungan Layanan Integrasi Memungkinkan pengembang untuk membuat dan memperbarui alur kerja, akun integrasi, dan koneksi API dalam lingkungan layanan integrasi. c7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Kontributor Akun Sistem Cerdas Memungkinkan Anda mengelola akun Intelligent Systems, tetapi tidak dapat mengaksesnya. 03a6d094-3444-4b3d-88af-7477090a9e5e
Kontributor Aplikasi Logika Memungkinkan Anda mengelola aplikasi logika, tetapi tidak mengubah akses ke aplikasi tersebut. 87a39d53-fc1b-424a-814c-f7e04687dc9e
Operator Aplikasi Logika Memungkinkan Anda membaca, mengaktifkan, dan menonaktifkan aplikasi logika, tetapi tidak mengedit atau memperbaruinya. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
Identitas
Kontributor Identitas Terkelola Membuat, Membaca, Memperbarui, dan Menghapus Identitas yang Ditetapkan Pengguna e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Operator Identitas Terkelola Membaca dan Menetapkan Identitas yang Ditetapkan Pengguna f1a07417-d97a-45cb-824c-7a7467783830
Keamanan
Kontributor Pengesahan Dapat membaca, menulis, atau menghapus contoh penyedia pengesahan bbf86eb8-f7b4-4cce-96e4-18cddf81d86e
Pembaca Pengesahan Dapat membaca properti penyedia pengesahan fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Kontributor Otomatisasi Sentinel Azure Kontributor Azure Sentinel Automation f4c81013-99ee-4d62-a7ee-b3f1f648599a
Kontributor Azure Sentinel Kontributor Azure Sentinel ab8e14d6-4a74-4a29-9ba8-549422addade
Pembaca Azure Sentinel. Pembaca Azure Sentinel. 8d289c81-5878-46d4-8554-54e1e3d8b5cb
Penanggap Azure Sentinel Penanggap Azure Sentinel 3e150937-b8fe-4cfb-8069-0eaf05ecd056
Administrator Key Vault Lakukan semua operasi bidang data pada brankas kunci dan semua objek di dalamnya, termasuk sertifikat, kunci, dan rahasia. Tidak dapat mengelola sumber daya brankas kunci atau mengelola penetapan peran. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'Kontrol akses berbasis peran Azure'. 00482a5a-887f-4fb3-b363-3b7fe8e74483
Petugas Sertifikat Key Vault Lakukan tindakan apa pun pada sertifikat brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. a4417e6f-fecd-4de8-b567-7b0420556985
Kontributor Key Vault Kelola kubah utama, tetapi tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC, dan tidak memungkinkan Anda mengakses rahasia, kunci, atau sertifikat. f25e0fa2-a7c8-4377-a976-54943a77a395
Petugas Kripto Key Vault Lakukan tindakan apa pun pada kunci brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. 14b46e9e-c2b7-41b4-b07b-48a6ebf60603
Pengguna Enkripsi Layanan Kripto Key Vault Baca metadata kunci dan lakukan operasi bungkus/buka bungkus. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. e147488a-f6f5-4113-8e2d-b22465e65bf6
Pengguna Kripto Key Vault Lakukan operasi kriptografi menggunakan kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. 12338af0-0e69-4776-bea7-57ae8d297424
Pembaca Key Vault Baca metadata brankas kunci serta sertifikat, kunci, dan rahasianya. Tidak dapat membaca nilai sensitif seperti konten rahasia atau materi kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. 21090545-7ca7-4776-b22c-e363652d74d2
Petugas Rahasia Key Vault Lakukan tindakan apa pun pada rahasia brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Pengguna Rahasia Key Vault Baca konten rahasia. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. 4633458b-17de-408a-b874-0445c86b69e6
Kontributor HSM Terkelola Memungkinkan Anda mengelola kumpulan HSM terkelola, tetapi tidak dapat mengaksesnya. 18500a29-7fe2-46b2-a342-b16a415e101d
Admin Keamanan Melihat dan memperbarui izin untuk Security Center. Izin yang sama dengan peran Pembaca Keamanan dan juga dapat memperbarui kebijakan keamanan dan menghilangkan peringatan dan rekomendasi. fb1c8493-542b-48eb-b624-b4c8fea62acd
Kontributor Penilaian Keamanan Memungkinkan Anda mendorong penilaian ke Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5
Manajer Keamanan (Legasi) Ini adalah peran legasi. Silakan gunakan Admin Keamanan sebagai gantinya. e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Pembaca Keamanan Lihat izin Security Center. Pengguna dapat melihat rekomendasi, pemberitahuan, kebijakan keamanan, status keamanan, tetapi tidak dapat mengubahnya. 39bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOps
Pengguna DevTest Labs Memungkinkan Anda menyambungkan, memulai, memulai ulang, dan mematikan virtual machines Anda di Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c64
Pembuat Lab Memungkinkan Anda membuat lab baru di bawah Akun Azure Lab. b97fb8bc-a8b2-4522-a38b-dd33c7e65ead
Monitor
Kontributor Komponen Application Insights Dapat mengelola komponen Application Insights ae349356-3a1b-4a5e-921d-050484c6347e
Snapshot Debugger Application Insights Memberikan izin kepada pengguna untuk melihat dan mengunduh snapshot debug yang dikumpulkan dengan Application Insights Snapshot Debugger. Perhatikan bahwa izin ini tidak disertakan dalam peran Pemilik atau Kontributor. Saat memberi pengguna peran Snapshot Debugger Application Insights, Anda harus memberikan peran langsung kepada pengguna. Peran tidak dikenali ketika ditambahkan ke peran kustom. 08954f03-6346-4c2e-81c0-ec3a5cfae23b
Kontributor Pemantauan Dapat membaca semua data pemantauan dan memperbarui pengaturan pemantauan. Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa
Penerbit Metrik Pemantauan Mengaktifkan penerbitan metrik terhadap sumber daya Azure 3913510d-42f4-4e42-8a64-420c390055eb
Pembaca Pemantauan Dapat membaca semua data pemantauan (metrik, log, dll.). Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe05
Kontributor Buku Kerja Dapat menyimpan buku kerja bersama. e8ddcd69-c73f-4f9f-9844-4100522f16ad
Pembaca Buku Kerja Dapat membaca buku kerja. b279062a-9be3-42a0-92ae-8b3cf002ec4d
Manajemen + tata kelola
Operator Pekerjaan Automation Membuat dan Mengelola Tugas menggunakan Runbook Automation. 4fe576fe-1146-4730-92eb-48519fa6bf9f
Operator Automation Operator Automation dapat memulai, menghentikan, menangguhkan, dan melanjutkan tugas d3881f73-407a-4167-8283-e981cbba0404
Operator Runbook Automation Properti baca Runbook - agar dapat membuat Tugas runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Peran Pengguna Kluster Kubernetes yang Mendukung Azure Arc Tindakan buat daftar kredensial pengguna kluster. 00493d72-78f6-4148-b6c5-d3ce8e4799dd
Azure Arc Kubernetes Admin Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. dffb1e0c-446f-4dde-a09f-99eb5cc68b96
Admin Klaster Azure Arc Kubernetes Memungkinkan Anda mengelola semua sumber daya dalam kluster. 8393591c-06b9-48a2-a542-1bd6b377f6a2
Penampil Kubernetes Azure Arc Memungkinkan Anda melihat semua sumber daya di kluster/namespace, kecuali rahasia. 63f0a09d-1495-4db4-a681-037d84835eb4
Penulis Kubernetes Azure Arc Memungkinkan Anda memperbarui semuanya di kluster/namespace, kecuali peran (kluster) dan ikatan peran (kluster). 5b999177-9696-4545-85c7-50de3797e5a1
Onboarding Komputer yang Tersambung Azure Dapat melakukan onboarding Komputer yang Tersambung Azure. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Administrator Sumber Daya Komputer Yang Terhubung Azure Dapat membaca, menulis, menghapus, dan melakukan onboarding ulang Komputer yang Tersambung Azure. cd570a14-e51a-42ad-bac8-bafd67325302
Pembaca Penagihan Memungkinkan akses data ke data penagihan fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Kontributor Cetak Biru Dapat mengelola definisi blueprint, tetapi tidak dapat menetapkannya. 41077137-e803-4205-871c-5a86e6a753b4
Operator Cetak Biru Dapat menetapkan cetak biru yang dipublikasikan sebelumnya, tetapi tidak dapat membuat definisi cetak biru baru. Penugasan cetak biru hanya berfungsi jika penugasan dilakukan dengan identitas terkelola yang ditetapkan pengguna. 437d2ced-4a38-4302-8479-ed2bcb43d090
Kontributor Manajemen Biaya Dapat melihat biaya dan mengelola konfigurasi biaya (misalnya, anggaran, ekspor) 434105ed-43f6-45c7-a02f-909b2ba83430
Pembaca Cost Management Dapat melihat data biaya dan konfigurasi (misalnya, anggaran, ekspor) 72fafb9e-0641-4937-9268-a91bfd8191a3
Administrator Pengaturan Hierarki Memungkinkan pengguna mengedit dan menghapus Pengaturan Hierarki 350f8d15-c687-4448-8ae1-157740a3936d
Klaster Kubernetes - Azure Arc Onboarding Definisi peran untuk mengotorisasi setiap pengguna/layanan untuk membuat sumber daya connectedClusters 34e09817-6cbe-4d01-b1a2-e0eac5743d41
Kontributor Ekstensi Kubernetes Dapat membuat, memperbarui, mendapatkan, daftar dan menghapus Ekstensi Kubernetes, dan mendapatkan operasi async ekstensi 85cb6faf-e071-4c9b-8136-154b5a04f717
Peran Kontributor Aplikasi Terkelola Mengizinkan pembuatan sumber daya aplikasi terkelola. 641177b8-a67a-45b9-a033-47bc880bb21e
Peran Operator Aplikasi Terkelola Memungkinkan Anda membaca dan melakukan tindakan pada sumber daya Aplikasi Terkelola c7393b34-138c-406f-901b-d8cf2b17e6ae
Pembaca Aplikasi Terkelola Memungkinkan Anda membaca sumber daya di aplikasi terkelola dan meminta akses JIT. b9331d33-8a36-4f8c-b097-4f54124fdb44
Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola memungkinkan pengguna penyewa yang mengelola untuk menghapus penetapan pendaftaran yang ditetapkan kepada penyewa mereka. 91c1777a-f3dc-4fae-b103-61d183457e46
Kontributor Grup Manajemen Peran Kontributor Grup Manajemen 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Pembaca Grup Manajemen Peran Pembaca Grup Manajemen ac63b705-f282-497d-ac71-919bf39d939d
Kontributor Akun New Relic APM Memungkinkan Anda mengelola akun dan aplikasi New Relic Application Performance Management, tetapi tidak dapat mengaksesnya. 5d28c62d-5b37-4476-8438-e587778df237
Penulis Data Wawasan Kebijakan (Pratinjau) Memungkinkan akses baca ke kebijakan sumber daya dan akses tulis ke kejadian kebijakan komponen sumber daya. 66bb4e9e-b016-4a94-8249-4c0511c2be84
Operator Permintaan Kuota Baca dan buat permintaan kuota, dapatkan status permintaan kuota, dan buat tiket dukungan. 0e5f05e5-9ab9-446b-b98d-1e2157c94125
Pembeli Reservasi Memungkinkan Anda membeli reservasi f7b75c60-3036-4b75-91c3-6b41c27c1689
Kontributor Policy Sumber Daya Pengguna dengan hak untuk membuat/mengubah kebijakan sumber daya, membuat tiket dukungan, dan membaca sumber daya/hierarki. 36243c78-bf99-498c-9df9-86d9f8d28608
Kontributor Site Recovery Memungkinkan Anda mengelola layanan Site Recovery selain pembuatan vault dan penetapan peran 6670b86e-a3f7-4917-ac9b-5d6ab1be4567
Operator Site Recovery Memungkinkan Anda failover dan failback, tetapi tidak dapat melakukan operasi manajemen Site Recovery lainnya 494ae006-db33-4328-bf46-533a6560a3ca
Pembaca Site Recovery Memungkinkan Anda melihat status Site Recovery, tetapi tidak dapat melakukan operasi manajemen lainnya dbaa88c4-0c30-4179-9fb3-46319faa6149
Kontributor Permintaan Dukungan Memungkinkan Anda membuat dan mengelola Permintaan dukungan cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Kontributor Tag Memungkinkan Anda mengelola tag pada entitas, tanpa memberikan akses ke entitas itu sendiri. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f
Lainnya
Pemilik Data Azure Digital Twins Peran akses penuh untuk sarana data Digital Twins bcd981a7-7f74-457b-83e1-cceb9e632ffe
Pembaca Data Azure Digital Twins Peran baca saja untuk properti sarana data Digital Twins d57506d4-4c8d-48b1-8587-93c323f6a5a3
Kontributor BizTalk Memungkinkan Anda mengelola layanan BizTalk, tetapi tidak dapat mengaksesnya. 5e3c6656-6cfa-4708-81fe-0de47ac73342
Kontributor Grup Aplikasi Virtualisasi Desktop Kontributor Grup Aplikasi Virtualisasi Desktop. 86240b0e-9422-4c43-887b-b61143f32ba8
Pembaca Grup Aplikasi Virtualisasi Desktop Pembaca Grup Aplikasi Virtualisasi Desktop. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
Kontributor Virtualisasi Desktop Kontributor Virtualisasi Desktop. 082f0a83-3be5-4ba1-904c-961cca79b387
Kontributor Kumpulan Host Virtualisasi Desktop Kontributor Kumpulan Host Virtualisasi Desktop. e307426c-f9b6-4e81-87de-d99efb3c32bc
Pembaca Kumpulan Host Virtualisasi Desktop Pembaca Kumpulan Host Virtualisasi Desktop. ceadfde2-b300-400a-ab7b-6143895aa822
Pembaca Virtualisasi Desktop Pembaca Virtualisasi Desktop. 49a72310-ab8d-41df-bbb0-79b649203868
Operator Host Sesi Virtualisasi Desktop Operator Host Sesi Desktop Virtualization. 2ad6aaab-ead9-4eaa-8ac5-da422f562408
Pembaca Virtualisasi Desktop Memungkinkan pengguna untuk menggunakan aplikasi di grup aplikasi. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Operator Sesi Pengguna Virtualisasi Desktop Operator Sesi Pengguna Virtualisasi Desktop. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
Kontributor Ruang Kerja Virtualisasi Desktop Kontributor Ruang Kerja Virtualisasi Desktop. 21efdde3-836f-432b-bf3d-3e8e734d4b2b
Pembaca Ruang Kerja Virtualisasi Desktop Pembaca Ruang Kerja Virtualisasi Desktop. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
Pembaca Backup Disk Memberikan izin ke vault cadangan untuk melakukan pencadangan disk. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f24
Operator Kumpulan Disk Berikan izin kepada Penyedia Sumber Daya StoragePool untuk mengelola disk yang ditambahkan ke kumpulan disk. 60fc6e62-5479-42d4-8bf4-67625fcc2840
Operator Pemulihan Disk Memberikan izin ke vault cadangan untuk melakukan pemulihan disk. b50d9833-a0cb-478e-945f-707fcc997c13
Kontributor Snapshot Disk Memberikan izin ke vault cadangan untuk mengelola rekam jepret disk. 7efff54f-a5b4-42b5-a1c5-5411624893ce
Kontributor Kumpulan Tugas Scheduler Memungkinkan Anda mengelola koleksi tugas Scheduler, tetapi tidak dapat mengaksesnya. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94
Operator Hub Layanan Operator Hub Layanan memungkinkan Anda melakukan semua operasi baca, tulis, dan penghapusan terkait dengan Konektor Hub Layanan. 82200a5b-e217-47a5-b665-6d8765ee745b

Umum

Kontributor

Memberikan akses penuh untuk mengelola semua sumber daya, tetapi tidak mengizinkan Anda untuk menetapkan peran di RBAC Azure, mengelola tugas di Azure Blueprints, atau berbagi galeri gambar. Pelajari lebih lanjut

Tindakan Deskripsi
* Membuat dan mengelola sumber daya dari semua jenis
Bukan Tindakan
Microsoft.Authorization/*/Hapus Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan
Microsoft.Authorization/*/Tulis Menghapus peran, penetapan kebijakan, definisi kebijakan, dan definisi yang ditetapkan kebijakan
Microsoft.Authorization/elevateAccess/Tindakan Memberi pemanggil akses Administrator Akses Pengguna pada lingkup penyewa
Microsoft.Blueprint/blueprintAssignments/tulis Membuat atau memperbarui penetapan cetak biru apa pun
Microsoft.Blueprint/blueprintAssignments/hapus Menghapus tugas cetak biru apa pun
Microsoft.Compute/galeri/berbagi/tindakan Berbagi Galeri ke lingkup yang berbeda
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik

Memberikan akses penuh untuk mengelola semua sumber daya, termasuk kemampuan untuk menetapkan peran di RBAC Azure. Pelajari lebih lanjut

Tindakan Deskripsi
* Membuat dan mengelola sumber daya dari semua jenis
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca

Melihat semua sumber daya, namun tidak mengizinkan Anda untuk melakukan perubahan apa pun. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Akses Pengguna

Memungkinkan Anda mengelola akses pengguna ke sumber daya Azure. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.Authorization/* Mengelola otorisasi
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Compute

Kontributor Mesin Virtual Klasik

Memungkinkan Anda mengelola virtual machines klasik, tetapi tidak dapat mengaksesnya, dan bukan jaringan virtual atau akun penyimpanan tempat virtual machines klasik tersambung.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ClassicCompute/domainNames/* Membuat dan mengelola nama domain komputasi klasik
Microsoft.ClassicCompute/virtualMachines/* Membuat dan mengelola komputer virtual
Microsoft.ClassicNetwork/networkSecurityGroups/gabung/tindakan
Microsoft.ClassicNetwork/reservedIps/tautan/tindakan Tautkan IP Khusus
Microsoft.ClassicNetwork/reservedIps/baca Mendapatkan IP Khusus
Microsoft.ClassicNetwork/virtualNetworks/gabung/tindakan Buat jaringan virtual.
Microsoft.ClassicNetwork/virtualNetworks/baca Buat jaringan virtual.
Microsoft.ClassicStorage/storageAkcount/disk/baca Mengembalikan disk akun penyimpanan.
Microsoft.ClassicStorage/storageAkcount/gambar/baca Mengembalikan disk akun penyimpanan. (Tidak digunakan lagi. Gunakan 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan Mencantumkan kunci akses untuk akun penyimpanan.
Microsoft.ClassicStorage/storageAccounts/baca Kembalikan akun penyimpanan dengan akun yang diberikan.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Informasi Masuk Administrator Virtual Machine

Lihat Virtual Machines di portal dan masuk sebagai administrator Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Network/publicIPAddresses/baca Mendapatkan definisi alamat ip publik.
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/loadBalancers/baca Mendapatkan definisi penyeimbang muatan
Microsoft.Network/networkInterfaces/baca Mendapatkan definisi antarmuka jaringan.
Microsoft.Compute/virtualMachines/*/baca
Microsoft.HybridCompute/machines/*/read
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Compute/virtualMachines/login/tindakan Masuk ke mesin virtual sebagai pengguna biasa
Microsoft.Compute/virtualMachines/loginAsAdmin/tindakan Masuk ke mesin virtual dengan hak istimewa administrator Windows atau pengguna akar Linux
Microsoft.HybridCompute/machines/login/action Masuk ke komputer Azure Arc sebagai pengguna biasa
Microsoft.HybridCompute/machines/loginAsAdmin/action Masuk ke komputer Azure Arc dengan administrator Windows atau hak istimewa pengguna akar Linux
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.HybridCompute/machines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action",
        "Microsoft.HybridCompute/machines/login/action",
        "Microsoft.HybridCompute/machines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Komputer Virtual

Buat dan kelola mesin virtual, kelola disk dan snapshot disk, instal dan jalankan perangkat lunak, reset kata sandi pengguna root mesin virtual menggunakan ekstensi VM, dan kelola akun pengguna lokal menggunakan ekstensi VM. Peran ini tidak memberi Anda akses manajemen ke jaringan virtual atau akun penyimpanan yang terhubung dengan mesin virtual. Peran ini tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Compute/availabilitySets/* Membuat dan mengelola set ketersediaan
Microsoft.Compute/cloudServices/* Membuat dan mengelola Cloud Services (dukungan perpanjangan)
Microsoft.Compute/lokasi/* Membuat dan mengelola lokasi komputasi
Microsoft.Compute/virtualMachines/* Lakukan semua tindakan mesin virtual termasuk membuat, memperbarui, menghapus, memulai, memulai ulang, dan mematikan mesin virtual. Jalankan skrip pada mesin virtual.
Microsoft.Compute/virtualMachineScaleSets/* Membuat dan mengelola set skala komputer virtual
Microsoft.Compute/disks/tulis Membuat Image baru atau memperbarui Image yang sudah ada
Microsoft.Compute/disks/baca Dapatkan properti Disk
Microsoft.Compute/disks/hapus Menghapus Disk
Microsoft.DevTestLab/jadwal/*
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/applicationGateways/backendAddressPools/gabung/tindakan Kumpulan alamat backend Application Gateway kosong. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan Bergabung dengan kumpulan alamat backend penyeimbang muatan. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/inboundNatPools/gabung/tindakan Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/probes/gabung/tindakan Memungkinkan penggunaan probe penyeimbang muatan. Misalnya, dengan izin ini properti healthProbe set skala VM dapat mereferensikan penyelidikan. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/baca Mendapatkan definisi penyeimbang muatan
Microsoft.Network/lokasi/* Membuat dan mengelola lokasi jaringan
Microsoft.Network/networkInterfaces/* Membuat dan mengelola antarmuka jaringan
Microsoft.Network/networkSecurityGroups/gabung/tindakan Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan.
Microsoft.Network/networkSecurityGroups/baca Mendapatkan grup keamanan jaringan
Microsoft.Network/publicIPAddresses/gabung/tindakan Tambahkan alamat ip publik. Tidak bisa diperingatkan.
Microsoft.Network/publicIPAddresses/baca Mendapatkan definisi alamat ip publik.
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/virtualNetworks/subnets/gabung/tindakan Bergabung dengan jaringan virtual. Tidak bisa diperingatkan.
Microsoft.RecoveryServices/lokasi/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis Buat Niat Perlindungan cadangan
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/baca
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca Mengembalikan detail objek Item yang Diproteksi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis Buat Item yang Diproteksi cadangan
Microsoft.RecoveryServices/Vaults/backupPolicies/baca Mengembalikan semua Kebijakan Proteksi
Microsoft.RecoveryServices/Vaults/backupPolicies/tulis Membuat Policy Proteksi
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/tulis Operasi Create Vault membuat sumber daya Azure jenis 'vault'
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.SerialConsole/serialPorts/connect/action Menyambungkan ke port serial
Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SerialConsole/serialPorts/connect/action",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Informasi Masuk Pengguna Virtual Machine

Melihat Virtual Machines di portal dan masuk sebagai pengguna biasa. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Network/publicIPAddresses/baca Mendapatkan definisi alamat ip publik.
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/loadBalancers/baca Mendapatkan definisi penyeimbang muatan
Microsoft.Network/networkInterfaces/baca Mendapatkan definisi antarmuka jaringan.
Microsoft.Compute/virtualMachines/*/baca
Microsoft.HybridCompute/machines/*/read
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Compute/virtualMachines/login/tindakan Masuk ke mesin virtual sebagai pengguna biasa
Microsoft.HybridCompute/machines/login/action Masuk ke komputer Azure Arc sebagai pengguna biasa
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.HybridCompute/machines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.HybridCompute/machines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Jaringan

Kontributor Endpoint CDN

Dapat mengelola titik akhir CDN, tetapi tidak dapat memberikan akses kepada pengguna lain.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Cdn/edgenodes/baca
Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profil/endpoints/*
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Endpoint CDN

Dapat melihat titik akhir CDN, namun tidak dapat melakukan perubahan.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Cdn/edgenodes/baca
Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profil/endpoints/*/baca
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Profil CDN

Dapat mengelola profil CDN dan titik akhirnya, tetapi tidak dapat memberikan akses ke pengguna lain. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Cdn/edgenodes/baca
Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profil/*
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Profil CDN

Dapat melihat profil CDN dan titik akhirnya, tetapi tidak dapat melakukan perubahan.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Cdn/edgenodes/baca
Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/baca
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Jaringan Klasik

Memungkinkan Anda mengelola jaringan klasik, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ClassicNetwork/* Membuat dan mengelola jaringan klasik
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Zona DNS

Memungkinkan Anda mengelola zona DNS dan kumpulan catatan di Azure DNS, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/dnsZones/* Membuat dan mengelola zona dan catatan DNS
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Jaringan

Memungkinkan Anda mengelola jaringan, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/* Membuat dan mengelola jaringan
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Zona DNS Privat

Memungkinkan Anda mengelola sumber daya zona DNS privat, tetapi bukan jaringan virtual tempat sumber daya zona DNS privat tersambung. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Network/privateDnsZones/*
Microsoft.Network/privateDnsOperationResults/*
Microsoft.Network/privateDnsOperationStatuses/*
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/virtualNetworks/gabung/tindakan Bergabung dengan jaringan virtual. Tidak bisa diperingatkan.
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Traffic Manager

Memungkinkan Anda mengelola profil Traffic Manager, tetapi tidak mengizinkan Anda mengontrol siapa yang memiliki aksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penyimpanan

Kontributor Avere

Dapat membuat dan mengelola kluster Avere vFXT. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Compute/*/baca
Microsoft.Compute/availabilitySets/*
Microsoft.Compute/proximityPlacementGroups/*
Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*
Microsoft.Network/*/baca
Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/virtualNetworks/subnets/baca Mendapatkan definisi subnet jaringan virtual
Microsoft.Network/virtualNetworks/subnets/gabung/tindakan Bergabung dengan jaringan virtual. Tidak bisa diperingatkan.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan.
Microsoft.Network/networkSecurityGroups/gabung/tindakan Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/*/baca
Microsoft.Storage/storageAccounts/* Membuat dan mengelola akun penyimpanan
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan sumber daya untuk grup sumber daya.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan hasil menghapus blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan blob atau daftar blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis Mengembalikan hasil penulisan blob
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Avere

Digunakan oleh klaster Avere vFXT untuk mengelola klaster Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Compute/virtualMachines/baca Dapatkan properti mesin virtual
Microsoft.Network/networkInterfaces/baca Mendapatkan definisi antarmuka jaringan.
Microsoft.Network/networkInterfaces/tulis Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada.
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.Network/virtualNetworks/subnets/baca Mendapatkan definisi subnet jaringan virtual
Microsoft.Network/virtualNetworks/subnets/gabung/tindakan Bergabung dengan jaringan virtual. Tidak bisa diperingatkan.
Microsoft.Network/networkSecurityGroups/gabung/tindakan Mendapatkan grup keamanan jaringan. Tidak bisa diperingatkan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan hasil menghapus kontainer
Microsoft.Storage/storageAccounts/blobServices/containers/baca Daftar kontainer yang diperbarui
Microsoft.Storage/storageAccounts/blobServices/containers/tulis Mengembalikan hasil dari wadah blob put
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan hasil menghapus blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan blob atau daftar blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis Mengembalikan hasil penulisan blob
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Cadangan

Memungkinkan Anda mengelola layanan pencadangan, tetapi tidak dapat membuat kubah dan memberikan akses ke orang lain Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.RecoveryServices/lokasi/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Kelola hasil operasi pada manajemen cadangan
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Membuat dan mengelola kontainer cadangan di dalam kain cadangan kubah Layanan Pemulihan
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan Me-refresh daftar kontainer
Microsoft.RecoveryServices/Vaults/backupJobs/* Membuat dan mengelola pekerjaan pencadangan
Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan Ekspor pekerjaan
Microsoft.RecoveryServices/Vaults/backupOperationResults/* Membuat dan mengelola Hasil operasi manajemen cadangan
Microsoft.RecoveryServices/Vaults/backupPolicies/* Membuat dan mengelola pekerjaan pencadangan
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Membuat dan mengelola item yang bisa dicadangkan
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Membuat dan mengelola item yang dicadangkan
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Membuat dan mengelola kontainer yang menyimpan item cadangan
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/sertifikat/* Membuat dan mengelola sertifikat yang terkait dengan pencadangan di brankas Layanan Pemulihan
Microsoft.RecoveryServices/Vaults/extendedInformation/* Membuat dan mengelola info yang diperluas terkait dengan kubah
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Mendapatkan peringatan untuk vault Layanan pemulihan.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/* Membuat dan mengelola identitas terdaftar
Microsoft.RecoveryServices/Vaults/penggunaan/* Membuat dan mengelola penggunaan kubah Layanan Pemulihan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan Validasi Operasi pada Item yang Dilindungi
Microsoft.RecoveryServices/Vaults/tulis Operasi Create Vault membuat sumber daya Azure jenis 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/baca Menghasilkan Status Operasi Backup untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupEngines/baca Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca Dapatkan semua kontainer yang dapat dilindungi
Microsoft.RecoveryServices/locations/backupStatus/tindakan Periksa Status Backup untuk Vault Layanan Pemulihan
Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan
Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan Validasi Fitur
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Menyelesaikan peringatan.
Microsoft.RecoveryServices/operations/baca Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya
Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca Mendapatkan Status Operasi untuk Operasi yang diberikan
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca Daftar semua cadangan Niat Proteksi
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.DataProtection/locations/getBackupStatus/action Memeriksa Status Cadangan untuk Vault Layanan Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/write Membuat Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/delete Menghapus sebuah Instans Backup
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/backup/action Melakukan Pencadangan pada Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action Menvalidasi Pemulihan dari Instans Pencadangan
Microsoft.DataProtection/backupVaults/backupInstances/restore/action Memicu pemulihan pada Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/write Membuat Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/delete Menghapus Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action Menemukan Rentang Waktu yang Dapat Dipulihkan
Microsoft.DataProtection/backupVaults/write Membuat operasi BackupVault membuat sumber daya Azure jenis 'Backup Vault'
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/operationResults/read Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup
Microsoft.DataProtection/locations/checkNameAvailability/action Memeriksa apakah Nama BackupVault yang diminta Tersedia
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/locations/operationStatus/read Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/locations/operationResults/read Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/backupVaults/validateForBackup/action Memvalidasi pencadangan Instans Microsoft Azure Backup
Microsoft.DataProtection/providers/operations/read Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*",
        "Microsoft.DataProtection/locations/getBackupStatus/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/write",
        "Microsoft.DataProtection/backupVaults/backupInstances/delete",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
        "Microsoft.DataProtection/backupVaults/backupPolicies/write",
        "Microsoft.DataProtection/backupVaults/backupPolicies/delete",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
        "Microsoft.DataProtection/backupVaults/write",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/operationResults/read",
        "Microsoft.DataProtection/locations/checkNameAvailability/action",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/locations/operationStatus/read",
        "Microsoft.DataProtection/locations/operationResults/read",
        "Microsoft.DataProtection/backupVaults/validateForBackup/action",
        "Microsoft.DataProtection/providers/operations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Microsoft Azure Backup

Memungkinkan Anda mengelola layanan pencadangan, kecuali penghapusan cadangan, pembuatan kubah, dan memberikan akses ke orang lain Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Mengembalikan status operasi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca Mendapatkan hasil Operasi yang dilakukan pada Kontainer Proteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/tindakan Melakukan Backup untuk item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca Mengembalikan status Operasi yang dilakukan pada Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca Mengembalikan detail objek Item yang Diproteksi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan Penyediaan Pemulihan Item Instan untuk Item yang Dilindungi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan Dapatkan AccessToken untuk Pemulihan Lintas Wilayah.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca Dapatkan Titik Pemulihan untuk Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca Pulihkan Titik Pemulihan untuk Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/tindakan Membatalkan Pemulihan Item Instan untuk Item yang Dilindungi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/tulis Buat Item yang Diproteksi cadangan
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca Mengembalikan semua kontainer yang terdaftar
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/tindakan Me-refresh daftar kontainer
Microsoft.RecoveryServices/Vaults/backupJobs/* Membuat dan mengelola pekerjaan pencadangan
Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan Ekspor pekerjaan
Microsoft.RecoveryServices/Vaults/backupOperationResults/* Membuat dan mengelola Hasil operasi manajemen cadangan
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Dapatkan Hasil Operasi Policy.
Microsoft.RecoveryServices/Vaults/backupPolicies/baca Mengembalikan semua Kebijakan Proteksi
Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Membuat dan mengelola item yang bisa dicadangkan
Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca Mengembalikan daftar semua Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca Mengembalikan semua kontainer milik langganan
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/sertifikat/tulis Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault.
Microsoft.RecoveryServices/Vaults/extendedInformation/baca Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/baca Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Mendapatkan peringatan untuk vault Layanan pemulihan.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya.
Microsoft.RecoveryServices/Vaults/registeredIdentities/tulis Operasi Daftarkan Kontainer Layanan dapat digunakan untuk mendaftarkan kontainer dengan Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/tindakan Validasi Operasi pada Item yang Dilindungi
Microsoft.RecoveryServices/Vaults/backupOperations/baca Mengembalikan Status Operasi Backup untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Dapatkan Status Operasi Policy.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/tulis Buat kontainer terdaftar
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/tindakan Lakukan permintaan beban kerja dalam kontainer
Microsoft.RecoveryServices/Vaults/backupEngines/baca Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/tulis Buat Niat Proteksi cadangan
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca Dapatkan cadangan Niat Proteksi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/baca Dapatkan semua kontainer yang dapat dilindungi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca Dapatkan semua item dalam kontainer
Microsoft.RecoveryServices/locations/backupStatus/tindakan Periksa Status Backup untuk Vault Layanan Pemulihan
Microsoft.RecoveryServices/locations/backupPreValidateProtection/tindakan
Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan Validasi Fitur
Microsoft.RecoveryServices/locations/backupAadProperties/baca Dapatkan Properti AAD untuk autentikasi di wilayah ketiga untuk Pemulihan Lintas Wilayah.
Microsoft.RecoveryServices/locations/backupStatus/tindakan Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupStatus/tindakan Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupCrossRegionRestore/tindakan Mulai Pemulihan lintas wilayah.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Menyelesaikan peringatan.
Microsoft.RecoveryServices/operations/baca Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya
Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca Mendapatkan Status Operasi untuk Operasi yang diberikan
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca Daftar semua cadangan Niat Proteksi
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action Menemukan Rentang Waktu yang Dapat Dipulihkan
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/operationResults/read Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/locations/operationStatus/read Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/locations/operationResults/read Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/providers/operations/read Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/operationResults/read",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/locations/operationStatus/read",
        "Microsoft.DataProtection/locations/operationResults/read",
        "Microsoft.DataProtection/providers/operations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Backup

Bisa melihat layanan pencadangan, tetapi tidak bisa membuat perubahan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.RecoveryServices/locations/allocatedStamp/baca GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Mengembalikan status operasi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/baca Mendapatkan hasil Operasi yang dilakukan pada Kontainer Proteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca Mendapatkan Hasil Operasi yang Dilakukan pada Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/baca Mengembalikan status Operasi yang dilakukan pada Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/baca Mengembalikan detail objek Item yang Diproteksi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/baca Dapatkan Titik Pemulihan untuk Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca Mengembalikan semua kontainer yang terdaftar
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Mengembalikan Hasil Operasi Tugas.
Microsoft.RecoveryServices/Vaults/backupJobs/baca Menghasilkan semua Objek Tugas
Microsoft.RecoveryServices/Vaults/backupJobsExport/tindakan Ekspor pekerjaan
Microsoft.RecoveryServices/Vaults/backupOperationResults/baca Mengembalikan Hasil Operasi Backup untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Dapatkan Hasil Operasi Policy.
Microsoft.RecoveryServices/Vaults/backupPolicies/baca Mengembalikan semua Kebijakan Proteksi
Microsoft.RecoveryServices/Vaults/backupProtectedItems/baca Mengembalikan daftar semua Item yang Diproteksi.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/baca Mengembalikan semua kontainer milik langganan
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/baca Menghasilkan ringkasan untuk Item yang Dilindungi dan Server yang Dilindungi untuk Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/extendedInformation/baca Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Mendapatkan peringatan untuk vault Layanan pemulihan.
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/baca Menghasilkan Konfigurasi Penyimpanan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupconfig/baca Menghasilkan Konfigurasi untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupOperations/baca Mengembalikan Status Operasi Backup untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/baca Dapatkan Status Operasi Policy.
Microsoft.RecoveryServices/Vaults/backupEngines/baca Mengembalikan semua server manajemen cadangan yang terdaftar dengan vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/baca Dapatkan cadangan Niat Proteksi
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/baca Dapatkan semua item dalam kontainer
Microsoft.RecoveryServices/locations/backupStatus/tindakan Periksa Status Backup untuk Vault Layanan Pemulihan
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Menyelesaikan peringatan.
Microsoft.RecoveryServices/operations/baca Operasi menghasilkan daftar Operasi untuk Penyedia Sumber Daya
Microsoft.RecoveryLayanan/lokasi/operasiStatus/baca Mendapatkan Status Operasi untuk Operasi yang diberikan
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/baca Daftar semua cadangan Niat Proteksi
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupValidateFeatures/tindakan Validasi Fitur
Microsoft.RecoveryServices/locations/backupStatus/tindakan Cantumkan Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupStatus/tindakan Dapatkan Detail Pekerjaan Pemulihan Lintas Wilayah di wilayah sekunder untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca Mengembalikan Hasil Operasi CRR untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/locations/backupCrrOperationResults/baca Mengembalikan Status Operasi CRR untuk Vault Layanan Pemulihan.
Microsoft.DataProtection/locations/getBackupStatus/action Memeriksa Status Cadangan untuk Vault Layanan Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/write Membuat Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/read Mengembalikan semua Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/backup/action Melakukan Pencadangan pada Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action Menvalidasi Pemulihan dari Instans Pencadangan
Microsoft.DataProtection/backupVaults/backupInstances/restore/action Memicu pemulihan pada Instans Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupPolicies/read Mengembalikan semua Kebijakan Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Mengembalikan semua Titik Pemulihan
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action Menemukan Rentang Waktu yang Dapat Dipulihkan
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/operationResults/read Mendapatkan Hasil Operasi Patch untuk Vault Microsoft Azure Backup
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/backupVaults/read Mendapatkan daftar Vault Backup dalam sebuah berlangganan
Microsoft.DataProtection/locations/operationStatus/read Mengembalikan Status Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/locations/operationResults/read Mengembalikan Hasil Operasi Microsoft Azure Backup untuk Vault Microsoft Azure Backup.
Microsoft.DataProtection/backupVaults/validateForBackup/action Memvalidasi pencadangan Instans Microsoft Azure Backup
Microsoft.DataProtection/providers/operations/read Operasi menampilkan daftar Operasi untuk Penyedia Sumber Daya
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.DataProtection/locations/getBackupStatus/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/write",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/backup/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action",
        "Microsoft.DataProtection/backupVaults/backupInstances/restore/action",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupPolicies/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read",
        "Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/operationResults/read",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/backupVaults/read",
        "Microsoft.DataProtection/locations/operationStatus/read",
        "Microsoft.DataProtection/locations/operationResults/read",
        "Microsoft.DataProtection/backupVaults/validateForBackup/action",
        "Microsoft.DataProtection/providers/operations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun Storage Klasik

Memungkinkan Anda mengelola akun penyimpanan klasik, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ClassicStorage/storageAccounts/* Membuat dan mengelola akun penyimpanan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Layanan Operator Kunci Akun Storage Klasik

Operator Kunci Akun Penyimpanan Klasik diizinkan untuk mencantumkan dan meregenerasi kunci pada Akun Penyimpanan Klasik Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan Mencantumkan kunci akses untuk akun penyimpanan.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan Membuat ulang kunci akses yang ada untuk akun penyimpanan.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Box

Memungkinkan Anda mengelola semuanya dalam Layanan Data Box, kecuali memberikan akses kepada orang lain. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Databox/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Box

Memungkinkan Anda mengelola Layanan Data Box, kecuali membuat urutan atau mengedit detail urutan dan memberikan akses kepada orang lain. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Databox/*/baca
Microsoft.Databox/jobs/listsecrets/tindakan
Microsoft.Databox/jobs/listcredentials/tindakan Mencantumkan mandat tak terenkripsi yang terkait dengan urutan.
Microsoft.Databox/locations/availableSkus/tindakan Metode ini mengembalikan daftar siku yang tersedia.
Microsoft.Databox/locations/validasiInputs/tindakan Metode ini melakukan semua jenis validasi.
Microsoft.Databox/locations/regionConfiguration/tindakan Metode ini mengembalikan konfigurasi untuk wilayah tersebut.
Microsoft.Databox/locations/validasiInputs/tindakan Memvalidasi alamat pengiriman dan menyediakan alamat alternatif jika ada.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengembang Data Lake Analytics

Memungkinkan Anda untuk mengirim, memantau, dan mengelola tugas Anda sendiri, namun tidak dapat membuat atau menghapus akun Data Lake Analytics. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.BigAnalytics/akun/*
Microsoft.DataLakeAnalytics/akun/*
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.BigAnalytics/akun/Hapus
Microsoft.BigAnalytics/akun/TakeOwnership/tindakan
Microsoft.BigAnalytics/akun/Hapus
Microsoft.DataLakeAnalytics/akun/Hapus Menghapus akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/akun/TakeOwnership/tindakan Memberikan izin untuk membatalkan pekerjaan yang dikirimkan oleh pengguna lain.
Microsoft.DataLakeAnalytics/akun/Tulis Membuat atau memperbarui akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis Membuat atau memperbarui akun DataLakeStore yang ditautkan dari akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Tulis Batalkan tautan akun DataLakeStore dari akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/akun/storageAccounts/Tulis Membuat atau memperbarui akun DataLakeStore yang ditautkan dari akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/akun/storageAccounts/Hapus Batalkan tautan akun DataLakeStore dari akun DataLakeAnalytics.
Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis Membuat atau memperbarui aturan firewall.
Microsoft.DataLakeAnalytics/akun/firewallRules/Tulis Menghapus aturan firewall.
Microsoft.DataLakeAnalytics/akun/computePolicies/Tulis Membuat atau memperbarui kebijakan komputasi.
Microsoft.DataLakeAnalytics/akun/computePolicies/Hapus Menghapus kebijakan komputasi.
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Akses Data dan Pembaca

Memungkinkan Anda melihat semuanya tetapi tidak akan membiarkan Anda menghapus atau membuat akun penyimpanan atau sumber daya yang terkandung. Ini juga akan memungkinkan akses baca / tulis ke semua data yang terkandung dalam akun penyimpanan melalui akses ke kunci akun penyimpanan.

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.Storage/storageAccounts/ListAccountSas/tindakan Mengembalikan token SAS Akun untuk akun penyimpanan tertentu.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun Penyimpanan

Mengizinkan pengelolaan akun penyimpanan. Menyediakan akses ke kunci akun, yang dapat digunakan untuk mengakses data melalui otorisasi Kunci Bersama. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/diagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/* Membuat dan mengelola akun penyimpanan
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Layanan Operator Kunci Akun Penyimpanan

Mengizinkan pencatatan dan regenerasi kunci akses akun penyimpanan. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Blob Penyimpanan

Baca, tulis, dan hapus kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Hapus kontainer.
Microsoft.Storage/storageAccounts/blobServices/containers/baca Mengembalikan kontainer atau daftar kontainer.
Microsoft.Storage/storageAccounts/blobServices/containers/tulis Mengubah metadata atau properti kontainer.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan Mengembalikan kunci delegasi pengguna untuk Blob service.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Hapus blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan blob atau daftar blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tulis Menulis ke blob.
Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/pindah/tindakan Memindahkan gumpalan dari satu jalur ke jalur lainnya
Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/tambah/tindakan Mengembalikan hasil penambahan konten blob
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Data Blob Penyimpanan

Memungkinkan akses penuh ke kontainer dan data blob Azure Storage, termasuk menetapkan kontrol akses POSIX. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/blobServices/kontainer/* Izin penuh pada kontainer.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan Mengembalikan kunci delegasi pengguna untuk Blob service.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/blobServices/kontainer/blobs/* Izin penuh pada blob.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Blob Penyimpanan.

Baca dan daftar kontainer dan blob Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/blobServices/containers/baca Mengembalikan kontainer atau daftar kontainer.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan Mengembalikan kunci delegasi pengguna untuk Blob service.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/hapus Mengembalikan blob atau daftar blob.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Delegator Blob Penyimpanan

Dapatkan kunci delegasi pengguna, yang kemudian dapat digunakan untuk membuat penanda akses bersama untuk kontainer atau blob yang ditandai dengan kredensial Azure AD. Untuk informasi selengkapnya, lihat Membuat delegasi pengguna SAS. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/tindakan Mengembalikan kunci delegasi pengguna untuk Blob service.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Berbagi SMB Data File Penyimpanan

Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini tidak memiliki bawaan yang setara pada server file Windows. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca Mengembalikan file/folder atau daftar file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis Mengembalikan hasil penulisan file atau membuat folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus Mengembalikan hasil menghapus file/folder.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Lanjutan Berbagi SMB Data File Penyimpanan

Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca Mengembalikan file/folder atau daftar file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/tulis Mengembalikan hasil penulisan file atau membuat folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/hapus Mengembalikan hasil menghapus file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/tindakan Mengembalikan hasil dari mengubah izin pada file/folder.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Berbagi SMB Data File Penyimpanan

Memungkinkan untuk membaca, menulis, dan menghapus akses pada file / direktori di berbagi file Azure. Peran ini setara dengan ACL berbagi berkas perubahan pada peladen berkas Windows. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/baca Mengembalikan file/folder atau daftar file/folder.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Antrean Penyimpanan

Baca, tulis, dan hapus antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/hapus Hapus antrean.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca Mengembalikan antrean atau daftar antrean.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/tulis Mengubah metadata atau properti antrean.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/hapus Menghapus satu atau beberapa pesan dari antrean.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca Mengintip atau mengambil satu atau beberapa pesan dari antrean.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tulis Kirim pesan ke antrean.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan Mengembalikan hasil pemrosesan pesan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemroses Pesan Data Antrean Penyimpanan

Mengintip, mengambil, dan menghapus pesan dari antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca Mengintip pesan.
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/proses/tindakan Mengambil dan menghapus pesan.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Queue Data Message Sender

Tambah pesan ke antrean Azure Storage. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/tambah/tulis Kirim pesan ke antrean.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Antrean Penyimpanan

Baca dan daftar antrean Azure Storage dan pesan antrean. Untuk mempelajari tindakan mana yang diperlukan untuk operasi data tertentu, lihat Izin untuk memanggil blob dan mengantre operasi data. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/baca Mengembalikan antrean atau daftar antrean.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/antrianLayanan/antrean/pesan/baca Mengintip atau mengambil satu atau beberapa pesan dari antrean.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Tabel Penyimpanan

Memungkinkan untuk membaca, menulis, dan menghapus akses ke Azure Storage tabel dan entitas

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/tableServices/tables/read Mengkueri tabel
Microsoft.Storage/storageAccounts/tableServices/tables/write Membuat tabel
Microsoft.Storage/storageAccounts/tableServices/tables/delete Menghapus tabel
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/tableServices/tables/entities/read Mengkueri entitas tabel
Microsoft.Storage/storageAccounts/tableServices/tables/entities/write Menyisipkan, menggabungkan, atau mengganti entitas tabel
Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete Menghapus entitas tabel
Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action Menyisipkan entitas tabel
Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action Menggabungkan atau memperbarui entitas tabel
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage tables and entities",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
  "name": "0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/tableServices/tables/read",
        "Microsoft.Storage/storageAccounts/tableServices/tables/write",
        "Microsoft.Storage/storageAccounts/tableServices/tables/delete"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read",
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/write",
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/delete",
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/add/action",
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/update/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Table Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Tabel Penyimpanan

Memungkinkan akses baca ke tabel dan entitas Azure Storage

Tindakan Deskripsi
Microsoft.Storage/storageAccounts/tableServices/tables/read Mengkueri tabel
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Storage/storageAccounts/tableServices/tables/entities/read Mengkueri entitas tabel
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage tables and entities",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6",
  "name": "76199698-9eea-4c19-bc75-cec21354c6b6",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/tableServices/tables/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/tableServices/tables/entities/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Table Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Web

Kontributor Data Azure Maps

Memberikan akses baca, tulis, dan hapus ke data terkait peta dari akun Azure maps. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Maps/akun/*/baca
Microsoft.Maps/akun/*/tulis
Microsoft.Maps/akun/*/hapus
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Azure Maps

Memberikan akses untuk membaca data terkait peta dari akun Azure maps. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Maps/akun/*/baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Server Azure Spring Cloud Config

Mengizinkan membaca, menulis, dan menghapus akses ke Server Config Azure Spring Cloud Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppPlatform/Spring/configService/read Membaca konten konfigurasi (misalnya, application.yaml) untuk instans layanan Azure Spring Cloud tertentu
Microsoft.AppPlatform/Spring/configService/write Tuliskan konten server config untuk instans layanan Azure Spring Cloud tertentu
Microsoft.AppPlatform/Spring/configService/delete Hapus konten server config untuk instans layanan Azure Spring Cloud tertentu
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read, write and delete access to Azure Spring Cloud Config Server",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
  "name": "a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/configService/read",
        "Microsoft.AppPlatform/Spring/configService/write",
        "Microsoft.AppPlatform/Spring/configService/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Config Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Server Azure Spring Cloud Config

Mengizinkan akses baca ke Server Config Azure Spring Cloud Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppPlatform/Spring/configService/read Membaca konten konfigurasi (misalnya, application.yaml) untuk instans layanan Azure Spring Cloud tertentu
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read access to Azure Spring Cloud Config Server",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7",
  "name": "d04c6db6-4947-4782-9e91-30a88feb7be7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/configService/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Config Server Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Azure Spring Cloud

Izinkan akses baca ke Azure Spring Cloud Data

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppPlatform/Spring/*/baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read access to Azure Spring Cloud Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c",
  "name": "b5537268-8956-4941-a8f0-646150406f0c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Registri Layanan Azure Spring Cloud

Mengizinkan membaca, menulis, dan menghapus akses ke Registri Layanan Azure Spring Cloud Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppPlatform/Spring/eurekaService/read Membaca informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Cloud tertentu
Microsoft.AppPlatform/Spring/eurekaService/write Menulis informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Cloud tertentu
Microsoft.AppPlatform/Spring/eurekaService/delete Menghapus informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Cloud tertentu
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read, write and delete access to Azure Spring Cloud Service Registry",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1",
  "name": "f5880b48-c26d-48be-b172-7927bfa1c8f1",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/eurekaService/read",
        "Microsoft.AppPlatform/Spring/eurekaService/write",
        "Microsoft.AppPlatform/Spring/eurekaService/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Service Registry Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Registri Layanan Azure Spring Cloud

Mengizinkan akses baca ke Registri Layanan Azure Spring Cloud Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppPlatform/Spring/eurekaService/read Membaca informasi pendaftaran aplikasi pengguna untuk instans layanan Azure Spring Cloud tertentu
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allow read access to Azure Spring Cloud Service Registry",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65",
  "name": "cff1b556-2399-4e7e-856d-a8f754be7b65",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppPlatform/Spring/eurekaService/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Spring Cloud Service Registry Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Akun Media Services

Membuat, membaca, mengubah, dan menghapus akun Media Services; akses baca-saja ke sumber daya Media Services lainnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Media/mediaservices/*/baca
Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan Pencari Informasi Streaming Daftar untuk Aset
Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan Jalur Daftar
Microsoft.Media/mediaservices/tulis Membuat atau Memperbarui Akun Media Services apa pun
Microsoft.Media/mediaservices/hapus Hapus Akun Media Services apa pun
Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/tindakan Setujui koneksi titik akhir privat
Microsoft.Media/mediaservices/privateEndpointConnections/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, read, modify, and delete Media Services accounts; read-only access to other Media Services resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466",
  "name": "054126f8-9a2b-4f1c-a9ad-eca461f08466",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Media/mediaservices/*/read",
        "Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
        "Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
        "Microsoft.Media/mediaservices/write",
        "Microsoft.Media/mediaservices/delete",
        "Microsoft.Media/mediaservices/privateEndpointConnectionsApproval/action",
        "Microsoft.Media/mediaservices/privateEndpointConnections/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Media Services Account Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Acara Langsung Media Services

Membuat, membaca, dan memodifikasi Acara Langsung, Aset, Filter Aset, dan Pencari Streaming; akses baca-saja ke sumber daya Media Services lainnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Media/mediaservices/*/baca
Microsoft.Media/mediaservices/aset/*
Microsoft.Media/mediaservices/assets/assetfilters/*
Microsoft.Media/mediaservices/streamingLocators/*
Microsoft.Media/mediaservices/liveEvents/*
Bukan Tindakan
Microsoft.Media/layanan media/aset/getEncryptionKey/tindakan Dapatkan Kunci Enkripsi Aset
Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan Daftar Kunci Konten
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, read, modify, and delete Live Events, Assets, Asset Filters, and Streaming Locators; read-only access to other Media Services resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77",
  "name": "532bc159-b25e-42c0-969e-a1d439f60d77",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Media/mediaservices/*/read",
        "Microsoft.Media/mediaservices/assets/*",
        "Microsoft.Media/mediaservices/assets/assetfilters/*",
        "Microsoft.Media/mediaservices/streamingLocators/*",
        "Microsoft.Media/mediaservices/liveEvents/*"
      ],
      "notActions": [
        "Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
        "Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Media Services Live Events Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Media Media Services

Membuat, membaca, memodifikasi, dan menghapus Aset, Filter Aset, Pencari Streaming, dan Pekerjaan; akses baca-saja ke sumber daya Media Services lainnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Media/mediaservices/*/baca
Microsoft.Media/mediaservices/aset/*
Microsoft.Media/mediaservices/assets/assetfilters/*
Microsoft.Media/mediaservices/streamingLocators/*
Microsoft.Media/layanan media/transformasi/pekerjaan/*
Bukan Tindakan
Microsoft.Media/layanan media/aset/getEncryptionKey/tindakan Dapatkan Kunci Enkripsi Aset
Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan Daftar Kunci Konten
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, read, modify, and delete Assets, Asset Filters, Streaming Locators, and Jobs; read-only access to other Media Services resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c",
  "name": "e4395492-1534-4db2-bedf-88c14621589c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Media/mediaservices/*/read",
        "Microsoft.Media/mediaservices/assets/*",
        "Microsoft.Media/mediaservices/assets/assetfilters/*",
        "Microsoft.Media/mediaservices/streamingLocators/*",
        "Microsoft.Media/mediaservices/transforms/jobs/*"
      ],
      "notActions": [
        "Microsoft.Media/mediaservices/assets/getEncryptionKey/action",
        "Microsoft.Media/mediaservices/streamingLocators/listContentKeys/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Media Services Media Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Media Services Policy

Membuat, membaca, memodifikasi, dan menghapus Filter Akun, Kebijakan Streaming, Kebijakan Kunci Konten, dan Transformasi; akses baca-saja ke sumber daya Media Services lainnya. Tidak dapat membuat sumber daya Pekerjaan, Aset, atau Streaming.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Media/mediaservices/*/baca
Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan Pencari Informasi Streaming Daftar untuk Aset
Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan Jalur Daftar
Microsoft.Media/mediaservices/accountFilters/*
Microsoft.Media/mediaservices/streamingPolicies/*
Microsoft.Media/mediaservices/contentKeyPolicies/*
Microsoft.Media/mediaservices/transformasi/*
Bukan Tindakan
Microsoft.Media/layanan media/contentKeyPolicies/getPolicyPropertiesWithSecrets/action Dapatkan Properti Policy Dengan Rahasia
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, read, modify, and delete Account Filters, Streaming Policies, Content Key Policies, and Transforms; read-only access to other Media Services resources. Cannot create Jobs, Assets or Streaming resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae",
  "name": "c4bba371-dacd-4a26-b320-7250bca963ae",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Media/mediaservices/*/read",
        "Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
        "Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
        "Microsoft.Media/mediaservices/accountFilters/*",
        "Microsoft.Media/mediaservices/streamingPolicies/*",
        "Microsoft.Media/mediaservices/contentKeyPolicies/*",
        "Microsoft.Media/mediaservices/transforms/*"
      ],
      "notActions": [
        "Microsoft.Media/mediaservices/contentKeyPolicies/getPolicyPropertiesWithSecrets/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Media Services Policy Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Endpoint Streaming Media Services

Membuat, membaca, mengubah, dan menghapus akun Titik Akhir Streaming; akses baca-saja ke sumber daya Media Services lainnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Media/mediaservices/*/baca
Microsoft.Media/mediaservices/aset/listStreamingLocators/tindakan Pencari Informasi Streaming Daftar untuk Aset
Microsoft.Media/mediaservices/streamingLocators/listPaths/tindakan Jalur Daftar
Microsoft.Media/layanan media/streamingEndpoints/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, read, modify, and delete Streaming Endpoints; read-only access to other Media Services resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804",
  "name": "99dba123-b5fe-44d5-874c-ced7199a5804",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Media/mediaservices/*/read",
        "Microsoft.Media/mediaservices/assets/listStreamingLocators/action",
        "Microsoft.Media/mediaservices/streamingLocators/listPaths/action",
        "Microsoft.Media/mediaservices/streamingEndpoints/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Media Services Streaming Endpoints Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Indeks Pencarian

Memberikan akses penuh ke data indeks Azure Cognitive Search.

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Search/searchServices/indexes/documents/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to Azure Cognitive Search index data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "name": "8ebe5a00-799e-43f5-93ac-243d3dce84a7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Indeks Pencarian

Memberikan akses membaca ke data indeks Azure Cognitive Search.

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Search/searchServices/indexes/documents/read Membaca dokumen ataupun istilah kueri yang disarankan dari indeks.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants read access to Azure Cognitive Search index data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "name": "1407120a-92aa-4202-b7e9-c0e197c71c8f",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Search/searchServices/indexes/documents/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Search Index Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Layanan Pencarian

Memungkinkan Anda mengelola Layanan pencarian, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Search/searchServices/* Membuat dan mengelola layanan pencarian
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca SignalR AccessKey

Membaca Kunci Akses Layanan SignalR

Tindakan Deskripsi
Microsoft.SignalRService/*/baca
Microsoft.SignalRService/SignalR/listkeys/tindakan Lihat nilai kunci akses SignalR di portal manajemen atau melalui API
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Server Aplikasi SignalR (Pratinjau)

Memungkinkan server aplikasi Anda mengakses SignalR Service dengan opsi autentikasi AAD.

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.SignalRService/SignalR/auth/accessKey/tindakan Buat AccessKey untuk menandatangani AccessTokens, kunci akan kedaluwarsa dalam 90 menit secara default.
Microsoft.SignalRService/SignalR/serverConnection/tulis Memulai koneksi server.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik REST API SignalR

Akses penuh ke REST API Azure SignalR Service

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.SignalRService/SignalR/auth/clientToken/tindakan Hasilkan AccessToken untuk klien yang terhubung ke ASRS, token akan kedaluwarsa dalam 5 menit secara default.
Microsoft.SignalRService/SignalR/listkeys/tindakan Menyiarkan pesan ke semua koneksi klien di hub.
Microsoft.SignalRService/SignalR/listkeys/tindakan Menyiarkan pesan ke grup.
Microsoft.SignalRService/SignalR/grup/baca Periksa keberadaan grup atau keberadaan pengguna dalam grup.
Microsoft.SignalRService/SignalR/group/tulis Bergabung / Tinggalkan grup.
Microsoft.SignalRService/SignalR/clientConnection/kirim/tindakan Mengirim pesan langsung ke koneksi klien.
Microsoft.SignalRService/SignalR/clientConnection/baca Periksa keberadaan koneksi klien.
Microsoft.SignalRService/SignalR/clientConnection/tulis Tutup sambungan klien.
Microsoft.SignalRService/SignalR/pengguna/kirim/tindakan Kirim pesan ke pengguna, yang mungkin terdiri dari beberapa koneksi klien.
Microsoft.SignalRService/SignalR/pengguna/baca Periksa keberadaan pengguna.
Microsoft.SignalRService/SignalR/pengguna/tulis Mengubah pengguna.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action",
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR REST API Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca REST API SignalR

Akses baca saja ke REST API Azure SignalR Service

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.SignalRService/SignalR/grup/baca Periksa keberadaan grup atau keberadaan pengguna dalam grup.
Microsoft.SignalRService/SignalR/clientConnection/baca Periksa keberadaan koneksi klien.
Microsoft.SignalRService/SignalR/pengguna/baca Periksa keberadaan pengguna.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR REST API Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik SignalR Service

Akses penuh ke REST API Azure SignalR Service

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.SignalRService/SignalR/auth/accessKey/tindakan Buat AccessKey untuk menandatangani AccessTokens, kunci akan kedaluwarsa dalam 90 menit secara default.
Microsoft.SignalRService/SignalR/auth/clientToken/tindakan Hasilkan AccessToken untuk klien yang terhubung ke ASRS, token akan kedaluwarsa dalam 5 menit secara default.
Microsoft.SignalRService/SignalR/listkeys/tindakan Menyiarkan pesan ke semua koneksi klien di hub.
Microsoft.SignalRService/SignalR/listkeys/tindakan Menyiarkan pesan ke grup.
Microsoft.SignalRService/SignalR/grup/baca Periksa keberadaan grup atau keberadaan pengguna dalam grup.
Microsoft.SignalRService/SignalR/group/tulis Bergabung / Tinggalkan grup.
Microsoft.SignalRService/SignalR/clientConnection/kirim/tindakan Mengirim pesan langsung ke koneksi klien.
Microsoft.SignalRService/SignalR/clientConnection/baca Periksa keberadaan koneksi klien.
Microsoft.SignalRService/SignalR/clientConnection/tulis Tutup sambungan klien.
Microsoft.SignalRService/SignalR/serverConnection/tulis Memulai koneksi server.
Microsoft.SignalRService/SignalR/pengguna/kirim/tindakan Kirim pesan ke pengguna, yang mungkin terdiri dari beberapa koneksi klien.
Microsoft.SignalRService/SignalR/pengguna/baca Periksa keberadaan pengguna.
Microsoft.SignalRService/SignalR/pengguna/tulis Mengubah pengguna.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/auth/clientToken/action",
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/serverConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor SignalR/Web PubSub

Membuat, Membaca, Memperbarui, dan Menghapus sumber daya layanan SignalR

Tindakan Deskripsi
Microsoft.SignalRService/*
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR/Web PubSub Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Rencana Web

Memungkinkan Anda mengelola rencana web untuk situs web, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Web/serverFarms/* Membuat dan mengelola peternakan server
Microsoft.Web/hostingEnvironments/Gabung/Tindakan Menggunakan Lingkungan App Service
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Situs Web

Memungkinkan Anda mengelola situs web (bukan rencana web), tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/komponen/* Membuat dan mengelola komponen Insight
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Web/sertifikat/* Membuat dan mengelola sertifikat situs web
Microsoft.Web/listSitesAssignedToHostName/baca Dapatkan nama situs yang ditetapkan ke nama host.
Microsoft.Web/serverFarms/gabung/tindakan Bergabung dengan App Service Plan
Microsoft.Web/serverFarms/baca Dapatkan properti di Paket App Service
Microsoft.Web/situs/* Membuat dan mengelola situs web (pembuatan situs juga memerlukan izin tulis ke Paket App Service terkait)
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontainer

AcrDelete

Hapus repositori, tag, atau manifes dari registri kontainer. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/registries/artefak/hapus Hapus artefak dalam registri kontainer.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSigner

Dorong gambar tepercaya ke atau tarik gambar tepercaya dari registri kontainer yang diaktifkan untuk kepercayaan konten. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/daftar/masuk/tulis Tekan/Tarik metadata kepercayaan konten untuk registri kontainer.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerRegistry/registries/trustedCollections/write Memungkinkan untuk mendorong atau menerbitkan koleksi tepercaya dari konten registri kontainer. Hal ini mirip dengan tindakan microsoft.ContainerRegistry/registries/sign/write namun ini adalah tindakan data
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerRegistry/registries/trustedCollections/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPull

Tarik artefak dari registri kontainer. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/daftar/tarik/baca Tarik atau Dapatkan gambar dari registri kontainer.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPush

Dorong artefak ke atau tarik artefak dari registri kontainer. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/daftar/tarik/baca Tarik atau Dapatkan gambar dari registri kontainer.
Microsoft.ContainerRegistry/registries/push/write Mendorong atau Menulis gambar ke registri kontainer.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReader

Tarik gambar yang dikarantina dari registri kontainer. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/daftar/karantina/baca Tarik atau Dapatkan gambar yang dikarantina dari registri kontainer
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read Memungkinkan untuk menarik ataupun mendapatkan artefak yang dikarantina dari registri kontainer. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/read namun itu adalah tindakan data
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriter

Dorong gambar yang dikarantina ke atau tarik gambar yang dikarantina dari registri kontainer. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerRegistry/daftar/karantina/baca Tarik atau Dapatkan gambar yang dikarantina dari registri kontainer
Microsoft.ContainerRegistry/daftar/karantina/tulis Menulis/Memodifikasi status karantina gambar yang dikarantina
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read Memungkinkan untuk menarik ataupun mendapatkan artefak yang dikarantina dari registri kontainer. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/read namun itu adalah tindakan data
Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write Memungkinkan untuk menulis atau memperbarui status karantina artefak yang dikarantina. Hal ini mirip dengan Microsoft.ContainerRegistry/registries/quarantine/write action namun itu adalah tindakan data
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/read",
        "Microsoft.ContainerRegistry/registries/quarantinedArtifacts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Admin kluster Azure Kubernetes Service

Tindakan buat daftar kredensial admin kluster. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan Mencantumkan klusterMenambahkan kredensial kluster terkelola
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/tindakan Dapatkan profil akses klaster terkelola berdasarkan nama peran menggunakan kredensial daftar
Microsoft.ContainerService/managedClusters/baca Membuat kluster terkelola
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Pengguna kluster Azure Kubernetes Service

Tindakan buat daftar kredensial pengguna kluster. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan Mencantumkan klusterMenambahkan kredensial kluster terkelola
Microsoft.ContainerService/managedClusters/baca Membuat kluster terkelola
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Kontributor Azure Kubernetes Service

Memberikan akses untuk membaca dan menulis klaster Azure Kubernetes Service Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ContainerService/managedClusters/baca Membuat kluster terkelola
Microsoft.ContainerService/managedClusters/tulis Membuat kluster terkelola baru atau memperbarui klaster yang sudah ada
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin RBAC Azure Kubernetes Service

Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan Mencantumkan klusterMenambahkan kredensial kluster terkelola
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerService/managedClusters/*
NotDataActions
Microsoft.ContainerService/managedClusters/resourcequotas/tulis Menulis resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/hapus Menghapus resourcequotas
Microsoft.ContainerService/managedClusters/namespaces/tulis Menulis namespaces
Microsoft.ContainerService/managedClusters/namespaces/hapus Menghapus namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin Klaster RBAC Azure Kubernetes Service

Memungkinkan Anda mengelola semua sumber daya dalam kluster. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/tindakan Mencantumkan klusterMenambahkan kredensial kluster terkelola
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerService/managedClusters/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca RBAC Azure Kubernetes Service

Izinkan akses read-only untuk melihat sebagian besar objek di namespace layanan. Hal ini tidak mengizinkan untuk menampilkan peran atau pengikatan peran. Peran ini tidak memungkinkan penayangan, karena membaca konten Rahasia memungkinkan akses ke kredensial ServiceAccount di namespace, yang akan memungkinkan akses API sebagai ServiceAccount apa pun di namespace (bentuk eskalasi hak istimewa). Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerService/managedClusters/aplikasi/controllerrevisions/baca Membaca controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/baca Membaca daemonset
Microsoft.ContainerService/managedClusters/apps/daemonsets/baca Membaca penyebaran
Microsoft.ContainerService/managedClusters/apps/daemonsets/baca Membaca replikasi
Microsoft.ContainerService/managedClusters/apps/daemonsets/baca Membaca statefulset
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/baca Membaca horizontalpodautoscalers
Microsoft.ContainerService/managedClusters/batch/cronjobs/baca Membaca cronjobs
Microsoft.ContainerService/managedClusters/batch/cronjobs/baca Membaca tugas
Microsoft.ContainerService/managedClusters/configmaps/baca Membaca peta konfigurasi
Microsoft.ContainerService/managedClusters/endpoints/baca Membaca titik akhir
Microsoft.ContainerService/managedClusters/events.k8s.io/acara/baca Membaca acara
Microsoft.ContainerService/managedClusters/endpoints/baca Membaca acara
Microsoft.ContainerService/managedClusters/extensions/daemonsets/baca Membaca daemonset
Microsoft.ContainerService/managedClusters/extensions/daemonsets/baca Membaca penyebaran
Microsoft.ContainerService/managedClusters/extensions/ingresses/baca Membaca ingresses
Microsoft.ContainerService/managedClusters/extensions/networkpolicies/baca NetworkPolicies
Microsoft.ContainerService/managedClusters/extensions/replicasets/baca Membaca replikasi
Microsoft.ContainerService/managedClusters/batasa/baca Membaca batasan
Microsoft.ContainerService/managedClusters/namespaces/baca Membaca namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/baca Membaca ingresses
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/baca NetworkPolicies
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/baca Membaca persistentvolumeclaims
Microsoft.ContainerService/managedClusters/baca Membaca Pod
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/baca Membaca poddisruptionbudgets
Microsoft.ContainerService/managedClusters/replicationcontrollers/baca Membaca replikasikontroler
Microsoft.ContainerService/managedClusters/replicationcontrollers/baca Membaca replikasikontroler
Microsoft.ContainerService/managedClusters/resourcequotas/tulis Membaca resourcequotas
Microsoft.ContainerService/managedClusters/serviceaccounts/baca Membaca serviceaccounts
Microsoft.ContainerService/managedClusters/layanan/baca Layanan baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penulis RBAC Azure Kubernetes Service

Memperbolehkan akses baca/tulis ke sebagian besar obyek dalam sebuah namespace. Peran ini tidak memungkinkan melihat atau memodifikasi peran atau pengikatan peran. Namun, peran ini memungkinkan akses Rahasia dan menjalankan Pod sebagai ServiceAccount mana pun di namespace, sehingga dapat digunakan untuk mendapatkan level akses API dari ServiceAccount apa pun di namespace. Menerapkan peran ini pada lingkup kluster akan memberikan akses ke semua namespace. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ContainerService/managedClusters/aplikasi/controllerrevisions/baca Membaca controllerrevisions
Microsoft.ContainerService/managedClusters/apps/daemonsets/*
Microsoft.ContainerService/managedClusters/aplikasi/penyebaran/*
Microsoft.ContainerService/managedClusters/apps/replicasets/*
Microsoft.ContainerService/managedClusters/apps/statefulsets/*
Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft.ContainerService/managedClusters/batch/cronjobs/*
Microsoft.ContainerService/managedClusters/batch/pekerjaan/*
Microsoft.ContainerService/managedClusters/configmaps/*
Microsoft.ContainerService/managedClusters/endpoints/*
Microsoft.ContainerService/managedClusters/events.k8s.io/acara/baca Membaca acara
Microsoft.ContainerService/managedClusters/endpoints/baca Membaca acara
Microsoft.ContainerService/managedClusters/ekstensi/daemonsets/*
Microsoft.ContainerService/managedClusters/ekstensi/penyebaran/*
Microsoft.ContainerService/managedClusters/ekstensi/ingresses/*
Microsoft.ContainerService/managedClusters/ekstensi/networkpolicies/*
Microsoft.ContainerService/managedClusters/extensions/replicasets/*
Microsoft.ContainerService/managedClusters/batasa/baca Membaca batasan
Microsoft.ContainerService/managedClusters/namespaces/baca Membaca namespaces
Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
Microsoft.ContainerService/managedClusters/pods/*
Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft.ContainerService/managedClusters/resourcequotas/tulis Membaca resourcequotas
Microsoft.ContainerService/managedClusters/secrets/*
Microsoft.ContainerService/managedClusters/serviceaccounts/*
Microsoft.ContainerService/managedClusters/layanan/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Database

Onboarding SQL Server yang Terhubung ke Azure

Memungkinkan untuk membaca dan menulis akses ke sumber daya Azure untuk SQL Server pada server arc-enabled. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.AzureArcData/sqlServerInstances/read Mengambil sumber daya Instans SQL Server
Microsoft.AzureArcData/sqlServerInstances/write Memperbarui sumber daya Instans SQL Server
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Microsoft.AzureArcData service role to access the resources of Microsoft.AzureArcData stored with RPSAAS.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508",
  "name": "e8113dce-c529-4d33-91fa-e9b972617508",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureArcData/sqlServerInstances/read",
        "Microsoft.AzureArcData/sqlServerInstances/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected SQL Server Onboarding",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Cosmos DB Account Reader

Dapat membaca data Akun Azure Cosmos DB. Lihat Kontributor Akun DocumentDB untuk mengelola akun Azure Cosmos DB. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.DocumentDB/*/baca Baca koleksi apa pun
Microsoft.DocumentDB/databaseAccounts/readonlykeys/tindakan Membaca akun database dengan mudah.
Microsoft.Insights/MetricDefinitions/baca Baca definisi metrik
Microsoft.Insights/Metrics/baca Membaca metrik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Cosmos DB

Memungkinkan Anda mengelola akun Azure Cosmos DB, tetapi tidak mengakses data di dalamnya. Mencegah akses ke kunci akun dan string koneksi. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan.
Bukan Tindakan
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/tulis Membuat atau memperbarui Definisi Peran SQL
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/hapus Menghapus Definisi Peran SQL
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/tulis Membuat atau memperbarui Penetapan Peran SQL
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/hapus Menghapus Penetapan Peran SQL
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperator

Dapat mengirimkan permintaan pemulihan untuk database Cosmos DB atau kontainer untuk akun Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.DocumentDB/databaseAccounts/backup/tindakan Kirim permintaan untuk mengonfigurasi pencadangan
Microsoft.DocumentDB/databaseAccounts/backup/tindakan Mengirimkan permintaan pemulihan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperator

Dapat melakukan tindakan pemulihan untuk akun database Cosmos DB dengan mode pencadangan kontinu

Tindakan Deskripsi
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/pemulihan/tindakan Mengirimkan permintaan pemulihan
Microsoft.DocumentDB/lokasi/restorableDatabaseAccounts/pulihkan/tindakan
Microsoft.DocumentDB/lokasi/restorableDatabaseAccounts/baca Membaca akun database yang dapat dipulihkan atau Mencantumkan semua akun database yang dapat dipulihkan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun DocumentDB

Dapat mengelola akun Azure Cosmos DB. Azure Cosmos DB sebelumnya dikenal sebagai DocumentDB. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.DocumentDb/databaseAccounts/* Membuat dan mengelola akun Azure Cosmos DB
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Redis Cache

Memungkinkan Anda mengelola Redis cache, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Cache/register/action Mendaftarkan penyedia sumber daya 'Microsoft.Cache' dengan langganan
Microsoft.Cache/redis/* Membuat dan mengelola singgahan Redis
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor DB SQL

Memungkinkan Anda mengelola database SQL, tetapi tidak mengaksesnya. Selain itu, Anda tidak dapat mengelola kebijakan terkait keamanan atau server SQL induk mereka. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Sql/locations/*/baca
Microsoft.Sql/servers/databases/* Membuat dan mengelola database SQL
Microsoft.Sql/servers/baca Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Bukan Tindakan
Microsoft.Sql/servers/databases/ledgerDigestUploads/write Mengaktifkan pengunggahan hash ledger
Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action Menonaktifkan pengunggahan hash ledger
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.SQL/servers/databases/auditingSettings/* Mengedit pengaturan audit
Microsoft.SQL/servers/databases/auditRecords/baca Mengambil catatan audit blob database
Microsoft.Sql/server/databases/currentSensitivityLabels/*
Microsoft.Sql/server/database/dataMaskingPolicies/* Mengedit kebijakan masking data
Microsoft.SQL/servers/extendedAuditingSettings/*
Microsoft.Sql/server/databases/recommendedSensitivityLabels/*
Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/*
Microsoft.Sql/server/databases/securityAlertPolicies/* Mengedit kebijakan pemberitahuan keamanan
Microsoft.Sql/server/database/securityMetrics/* Mengedit metrik keamanan
Microsoft.Sql/server/database/sensitivitasLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/server/database/vulnerabilityAssessmentScans/*
Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/*
Microsoft.Sql/server/vulnerabilityAssessments/*
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/servers/databases/ledgerDigestUploads/write",
        "Microsoft.Sql/servers/databases/ledgerDigestUploads/disable/action",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor SQL Managed Instance

Memungkinkan Anda mengelola SQL Managed Instances dan konfigurasi jaringan yang diperlukan, tetapi tidak dapat memberikan akses kepada orang lain.

Tindakan Deskripsi
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*
Microsoft.Sql/lokasi/*/baca
Microsoft.Sql/lokasi/instanceFailoverGroups/*
Microsoft.Sql/managedInstances/*
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Bukan Tindakan
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/hapus Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/tulis Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengelola Keamanan SQL

Memungkinkan Anda mengelola kebijakan terkait keamanan dari server dan database SQL, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/tindakan Bergabung dengan sumber daya seperti akun penyimpanan atau database SQL ke subnet. Tidak bisa diperingatkan.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Sql/locations/administratorAzureAsyncOperation/baca Mendapatkan hasil operasi administrator azure async instans terkelola.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.SQL/server/auditingSettings/* Membuat dan mengelola pengaturan audit server SQL
Microsoft.Sql/servers/extendedAuditingSettings/baca Mengambil detail kebijakan audit gumpalan server yang diperluas yang dikonfigurasi pada server tertentu
Microsoft.SQL/servers/databases/auditingSettings/* Membuat dan mengelola pengaturan audit database server SQL
Microsoft.SQL/servers/databases/auditRecords/baca Mengambil catatan audit blob database
Microsoft.Sql/server/databases/currentSensitivityLabels/*
Microsoft.Sql/server/database/dataMaskingPolicies/* Membuat dan mengelola kebijakan masking data database server SQL
Microsoft.Sql/server/databases/extendedAuditingSettings/baca Mengambil detail kebijakan audit gumpalan server yang diperluas yang dikonfigurasi pada server tertentu
Microsoft.Sql/server/databases/baca Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan.
Microsoft.Sql/server/databases/recommendedSensitivityLabels/*
Microsoft.Sql/server/database/skema/read Dapatkan skema database.
Microsoft.Sql/server/database/skema/tabel/kolom/baca Dapatkan kolom database.
Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/*
Microsoft.Sql/server/database/skema/tabel/kolom/baca Dapatkan tabel database.
Microsoft.Sql/server/databases/securityAlertPolicies/* Membuat dan mengelola kebijakan pemberitahuan keamanan database server SQL
Microsoft.Sql/server/database/securityMetrics/* Membuat dan mengelola metrik keamanan database server SQL
Microsoft.Sql/server/database/sensitivitasLabels/*
Microsoft.Sql/server/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/server/database/vulnerabilityAssessmentScans/*
Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/devOpsAuditingSettings/*
Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/baca Kembalikan daftar server atau dapatkan properti untuk server yang ditentukan.
Microsoft.Sql/servers/securityAlertPolicies/* Membuat dan mengelola kebijakan pemberitahuan keamanan database server SQL
Microsoft.Sql/server/vulnerabilityAssessments/*
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Sql/server/azureADOnlyAuthentications/*
Microsoft.Sql/managedInstances/baca Mengembalikan daftar instans terkelola atau dapatkan properti untuk instans terkelola yang ditentukan.
Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft.Security/sqlVulnerabilityAssessments/*
Microsoft.Sql/managedInstances/administrator/baca Mendapatkan daftar administrator instans terkelola.
Microsoft.Sql/servers/administrators/baca Mendapatkan objek administrator Azure Active Directory tertentu
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/administrators/read",
        "Microsoft.Sql/servers/administrators/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor SQL Server

Memungkinkan Anda mengelola server dan database SQL, tetapi tidak dapat mengaksesnya, dan bukan kebijakan terkait keamanannya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Sql/lokasi/*/baca
Microsoft.Sql/servers/* Membuat dan mengelola server SQL
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.Insights/metricDefinitions/baca Baca definisi metrik
Bukan Tindakan
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.SQL/server/auditingSettings/* Mengedit pengaturan audit server SQL
Microsoft.SQL/servers/databases/auditingSettings/* Mengedit pengaturan audit database server SQL
Microsoft.SQL/servers/databases/auditRecords/baca Mengambil catatan audit blob database
Microsoft.Sql/server/databases/currentSensitivityLabels/*
Microsoft.Sql/server/database/dataMaskingPolicies/* Mengedit kebijakan masking data database server SQL
Microsoft.SQL/servers/extendedAuditingSettings/*
Microsoft.Sql/server/databases/recommendedSensitivityLabels/*
Microsoft.Sql/server/database/skema/tabel/kolom/sensitivitasLabels/*
Microsoft.Sql/server/databases/securityAlertPolicies/* Mengedit kebijakan pemberitahuan keamanan database server SQL
Microsoft.Sql/server/database/securityMetrics/* Mengedit metrik keamanan database server SQL
Microsoft.Sql/server/database/sensitivitasLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/server/database/vulnerabilityAssessmentScans/*
Microsoft.Sql/server/database/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/devOpsAuditingSettings/*
Microsoft.SQL/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/* Mengedit kebijakan pemberitahuan keamanan database server SQL
Microsoft.Sql/server/vulnerabilityAssessments/*
Microsoft.Sql/server/azureADOnlyAuthentications/hapus Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi
Microsoft.Sql/server/azureADOnlyAuthentications/baca Menghapus server terkelola tertentu Azure Active Directory hanya objek autentikasi
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/devOpsAuditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Analitik

Pemilik Data Azure Event Hubs

Memungkinkan akses penuh ke sumber daya Azure Event Hubs. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventHub/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penerima Data Azure Event Hubs

Memungkinkan penerimaan akses ke sumber daya Azure Event Hubs. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*/eventhubs/consumergroups/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventHub/*/terima/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus Data Sender

Memungkinkan untuk mengirim akses ke sumber daya Azure Event Hubs. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventHub/*/eventhubs/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventHub/*/kirim/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data Factory

Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.DataFactory/dataFactories/* Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.
Microsoft.DataFactory/factories/* Buat dan kelola pabrik data, serta sumber daya turunan di dalamnya.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.EventGrid/eventSubscriptions/tulis Membuat atau memperbarui kejadianSubscription
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penghapus Seluruh Data

Menghapus data pribadi dari ruang kerja Analitik Log. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Insights/komponen/*/baca
Microsoft.Insights/komponen/pembersihan/tindakan Membersihkan data dari Application Insights
Microsoft.OperationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.OperationalInsights/ruang kerja/pembersihan/tindakan Menghapus data tertentu dari ruang kerja
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Kluster HDInsight

Memungkinkan Anda membaca dan mengubah konfigurasi kluster HDInsight. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.HDInsight/*/baca
Microsoft.HDInsight/kluster/getGatewaySettings/tindakan Dapatkan pengaturan gateway untuk Klaster HDInsight
Microsoft.HDInsight/kluster/getGatewaySettings/tindakan Dapatkan pengaturan gateway untuk Klaster HDInsight
Microsoft.HDInsight/kluster/configurations/*
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Layanan Domain HDInsight

Dapat Membaca, Membuat, Memodifikasi, dan Menghapus Layanan Domain terkait operasi yang diperlukan untuk Paket Keamanan HDInsight Enterprise Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.AAD/*/baca
Microsoft.AAD/domainLayanan/*/baca
Microsoft.AAD/domainLayanan/oucontainer/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Analitik Log

Kontributor Analitik Log dapat membaca semua data pemantauan dan mengedit pengaturan pemantauan. Pengaturan pemantauan pengeditan termasuk menambahkan ekstensi VM ke VM; membaca kunci akun penyimpanan untuk dapat mengonfigurasi koleksi log dari Azure Storage; menambahkan solusi; dan mengonfigurasi diagnostik Azure pada semua sumber daya Azure. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.ClassicCompute/virtualMachines/ekstensi/*
Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan Mencantumkan kunci akses untuk akun penyimpanan.
Microsoft.Compute/virtualMachines/ekstensi/*
Microsoft.HybridCompute/mesin/ekstensi/tulis Menginstal atau Memperbarui ekstensi Azure Arc
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/diagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/subscriptions/resourcegroups/penyebaran/*
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Analitik Log

Pembaca Analitik Log dapat melihat dan mencari semua data pemantauan serta melihat pengaturan pemantauan, termasuk melihat konfigurasi diagnostik Azure di semua sumber daya Azure. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan Cari menggunakan mesin baru.
Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan Menjalankan kueri pencarian
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.OperationalInsights/ruang kerja/sharedKeys/baca Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja.
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kurator Data Purview (Warisan)

Kurator data Microsoft.Purview adalah peran warisan yang dapat membuat, membaca, mengubah, dan menghapus objek data katalog dan membangun hubungan antar objek. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan kurator data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran

Tindakan Deskripsi
Microsoft.Purview/akun/baca Baca sumber daya akun untuk penyedia Microsoft Purview.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Purview/akun/data/baca Membaca objek data.
Microsoft.Purview/akun/data/tulis Membuat, memperbarui, dan menghapus objek data.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator is a legacy role that can create, read, modify and delete catalog data objects and establish relationships between objects. We have recently deprecated this role from Azure role-based access and introduced a new data curator inside Azure Purview data plane. See https://docs.microsoft.com/azure/purview/catalog-permissions#roles",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Purview (Warisan)

Pembaca data Microsoft.Purview adalah peran warisan yang dapat membaca objek data katalog. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan pembaca data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran

Tindakan Deskripsi
Microsoft.Purview/akun/baca Baca sumber daya akun untuk penyedia Microsoft Purview.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Purview/akun/data/baca Membaca objek data.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader is a legacy role that can read catalog data objects. We have recently deprecated this role from Azure role-based access and introduced a new data reader inside Azure Purview data plane. See https://docs.microsoft.com/azure/purview/catalog-permissions#roles",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Sumber Data Purview (Warisan)

Administrator sumber data Microsoft.Purview adalah peran warisan yang dapat mengelola sumber data dan pemindaian data. Kami baru-baru ini memberhentikan peran ini dari akses berbasis peran Azure dan memperkenalkan admin sumber data baru dalam data plane Azure Purview. Lihat Kontrol akses di Azure Purview - Peran

Tindakan Deskripsi
Microsoft.Purview/akun/baca Baca sumber daya akun untuk penyedia Microsoft Purview.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Purview/akun/data/baca Baca sumber data dan pemindaian.
Microsoft.Purview/akun/data/tulis Membuat, memperbarui, dan menghapus sumber data, dan mengelola pemindaian.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator is a legacy role that can manage data sources and data scans. We have recently deprecated this role from Azure role-based access and introduced a new data source admin inside Azure Purview data plane. See https://docs.microsoft.com/azure/purview/catalog-permissions#roles",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Schema Registry (Pratinjau)

Membaca, menulis, dan menghapus grup dan skema Schema Registry.

Tindakan Deskripsi
Microsoft.EventHub/namespaces/skemagroups/*
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventHub/namespaces/skema/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Schema Registry (Pratinjau)

Membaca dan membuat daftar grup dan skema Schema Registry.

Tindakan Deskripsi
Microsoft.EventHub/namespaces/skemagroups/baca Dapatkan daftar Deskripsi Sumber Daya SkemaGroup
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventHub/namespaces/skema/baca Ambil skema
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Blockchain

Akses Node Anggota Blockchain (Pratinjau)

Memungkinkan akses ke node Anggota Blockchain Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Blockchain/blockchainMembers/transactionNodes/baca Mendapatkan atau Mencantumkan Node Transaksi Anggota Blockchain yang ada.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/sambungkan/tindakan Terhubung ke Node Transaksi Anggota Blockchain.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AI + pembelajaran mesin

Ilmuwan Data AzureML

Dapat melakukan semua tindakan dalam ruang kerja Azure Machine Learning, kecuali untuk membuat atau menghapus sumber daya komputasi dan memodifikasi ruang kerja itu sendiri.

Tindakan Deskripsi
Microsoft.MachineLearningServices/workspaces/*/read
Microsoft.MachineLearningServices/workspaces/*/action
Microsoft.MachineLearningServices/workspaces/*/delete
Microsoft.MachineLearningServices/workspaces/*/write
NotActions
Microsoft.MachineLearningServices/workspaces/delete Menghapus Ruang Kerja Layanan Pembelajaran Mesin
Microsoft.MachineLearningServices/workspaces/write Membuat atau memperbarui Ruang Kerja Layanan Pembelajaran Mesin
Microsoft.MachineLearningServices/workspaces/computes/*/write
Microsoft.MachineLearningServices/workspaces/computes/*/delete
Microsoft.MachineLearningServices/workspaces/computes/listKeys/action Membuat daftar rahasia untuk sumber daya komputasi di Ruang Kerja Layanan Pembelajaran Mesin
Microsoft.MachineLearningServices/workspaces/listKeys/action Membuat daftar rahasia untuk Ruang Kerja Layanan Pembelajaran Mesin
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform all actions within an Azure Machine Learning workspace, except for creating or deleting compute resources and modifying the workspace itself.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "name": "f6c7c914-8db3-469d-8ca1-694a8f32e121",
  "permissions": [
    {
      "actions": [
        "Microsoft.MachineLearningServices/workspaces/*/read",
        "Microsoft.MachineLearningServices/workspaces/*/action",
        "Microsoft.MachineLearningServices/workspaces/*/delete",
        "Microsoft.MachineLearningServices/workspaces/*/write"
      ],
      "notActions": [
        "Microsoft.MachineLearningServices/workspaces/delete",
        "Microsoft.MachineLearningServices/workspaces/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/write",
        "Microsoft.MachineLearningServices/workspaces/computes/*/delete",
        "Microsoft.MachineLearningServices/workspaces/computes/listKeys/action",
        "Microsoft.MachineLearningServices/workspaces/listKeys/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AzureML Data Scientist",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Cognitive Services

Memungkinkan Anda membuat, membaca, memperbarui, menghapus, dan mengelola kunci Cognitive Services. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.CognitiveServices/*
Microsoft.Features/features/read Mendapatkan fitur dari langganan.
Microsoft.Features/penyedia/fitur/baca Mendapatkan fitur langganan di penyedia sumber daya yang diberikan.
Microsoft.Features/providers/features/register/action Mendaftarkan fitur untuk langganan di penyedia sumber daya tertentu.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/diagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.Insights/logDefinisi/baca Baca definisi log
Microsoft.Insights/metricdefinisi/baca Baca definisi metrik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/subscriptions/resourcegroups/penyebaran/*
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Features/providers/features/register/action",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Visi Kustom Cognitive Services

Akses penuh ke proyek, termasuk kemampuan untuk melihat, membuat, mengedit, atau menghapus proyek. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/CustomVision/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penyebaran Visi Kustom Cognitive Services

Publikasikan, batal terbitkan, atau ekspor model. Penyebaran dapat melihat proyek tetapi tidak dapat memperbarui. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/CustomVision/*/baca
Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/perulangan/terbitkan/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/perulangan/ekspor/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/uji cepat/*
Microsoft.CognitiveServices/akun/CustomVision/klasifikasikan/*
Microsoft.CognitiveServices/akun/CustomVision/deteksi/*
NotDataActions
Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca Mengekspor proyek.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemberi Label Custom Vision Cognitive Services

Lihat, edit gambar pelatihan dan buat, tambahkan, hapus, atau hapus tag gambar. Pelabel dapat melihat proyek tetapi tidak dapat memperbarui apa pun selain gambar dan tag pelatihan. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/CustomVision/*/baca
Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/kueri/tindakan Dapatkan gambar yang dikirim ke endpoint prediksi Anda.
Microsoft.CognitiveServices/akun/CustomVision/proyek/gambar/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/tag/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/gambar/disarankan/*
Microsoft.CognitiveServices/akun/CustomVision/proyek/tagsandregions/saran/tindakan API ini akan mendapatkan tag dan wilayah yang disarankan untuk array/batch gambar yang tidak disa dikembalikan bersama dengan konfidensi untuk tag. Mengembalikan array kosong jika tidak ada tag yang ditemukan.
NotDataActions
Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca Mengekspor proyek.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Custom Vision Cognitive Services

Tindakan baca-saja di ruang kerja. Pembaca tidak dapat membuat atau memperbarui aset ini. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/CustomVision/*/baca
Microsoft.CognitiveServices/akun/CustomVision/proyek/prediksi/kueri/tindakan Dapatkan gambar yang dikirim ke endpoint prediksi Anda.
NotDataActions
Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca Mengekspor proyek.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only actions in the project. Readers can't create or update the project.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pelatih Custom Vision Cognitive Services

Lihat, edit proyek, dan latih model, termasuk kemampuan untuk menerbitkan, membatalkan penerbitan, mengekspor model. Pelatih tidak dapat membuat atau menghapus proyek. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/CustomVision/*
NotDataActions
Microsoft.CognitiveServices/akun/CustomVision/proyek/tindakan Membuat proyek.
Microsoft.CognitiveServices/akun/CustomVision/proyek/hapus Menghapus proyek tertentu.
Microsoft.CognitiveServices/akun/CustomVision/proyek/impor/tindakan Mengimpor proyek.
Microsoft.CognitiveServices/akun/CustomVision/proyek/ekspor/baca Mengekspor proyek.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit projects and train the models, including the ability to publish, unpublish, export the models. Trainers can't create or delete the project.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "name": "0a5ae4ab-0d65-4eeb-be61-29fc9b54394b",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/delete",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/import/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Trainer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Cognitive Services (Pratinjau)

Memungkinkan Anda membaca data Cognitive Services.

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/*/baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengenal Wajah Cognitive Services

Memungkinkan Anda melakukan deteksi, verifikasi, identifikasi, kelompokkan, dan temukan operasi serupa di Face API. Peran ini tidak memungkinkan operasi buat atau hapus, yang membuatnya sangat cocok untuk titik akhir yang hanya perlu kemampuan yang lebih rendah, mengikuti praktik terbaik 'hak istimewa paling sedikit'.

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/Wajah/deteksi/tindakan Deteksi wajah manusia dalam gambar, kembalikan persegi panjang wajah, dan opsional dengan faceId, landmark, dan atribut.
Microsoft.CognitiveServices/akun/Wajah/verifikasi/tindakan Verifikasi apakah dua wajah milik orang yang sama atau apakah satu wajah milik seseorang.
Microsoft.CognitiveServices/akun/Wajah/identifikasi/tindakan Identifikasi 1-ke-banyak untuk menemukan kecocokan terdekat dari wajah orang kueri tertentu dari grup orang atau kelompok orang besar.
Microsoft.CognitiveServices/akun/Wajah/grup/tindakan Bagilah wajah kandidat menjadi kelompok-kelompok berdasarkan kesamaan wajah.
Microsoft.CognitiveServices/akun/Wajah/temukan kesaman/tindakan Mengingat faceId wajah kueri, untuk mencari wajah yang tampak serupa dari array faceId, daftar wajah, atau daftar wajah besar. faceId
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you perform detect, verify, identify, group, and find similar operations on Face API. This role does not allow create or delete operations, which makes it well suited for endpoints that only need inferencing capabilities, following 'least privilege' best practices.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "name": "9894cab4-e18a-44aa-828b-cb588cd6f2d7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/Face/detect/action",
        "Microsoft.CognitiveServices/accounts/Face/verify/action",
        "Microsoft.CognitiveServices/accounts/Face/identify/action",
        "Microsoft.CognitiveServices/accounts/Face/group/action",
        "Microsoft.CognitiveServices/accounts/Face/findsimilars/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Face Recognizer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Penasihat Metrik Cognitive Services

Akses penuh ke proyek, termasuk konfigurasi tingkat sistem. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/accounts/MetricsAdvisor/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the system level configuration.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a",
  "name": "cb43c632-a144-4ec5-977c-e80c4affc34a",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/MetricsAdvisor/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Metrics Advisor Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Editor Pembuat QnA Cognitive Services

Mari kita membuat, mengedit, mengimpor, dan mengekspor KB. Anda tidak dapat menerbitkan atau menghapus KB. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Microsoft.Authorization/roleAssignments/baca Mendapatkan informasi tentang penetapan peran.
Microsoft.Authorization/roleDefinisi/baca Mendapatkan informasi tentang definisi peran.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/buat/tulis Operasi asinkron untuk menciptakan basis pengetahuan baru.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/latih/baca Latih panggilan untuk menambahkan saran ke basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/QnAMaker/perubahan/tulis Mengganti data perubahan.
Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/refreshkeys/tindakan Menghasilkan kembali kunci endpoint.
Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/tulis Perbarui endpoint seettings untuk titik akhir.
Microsoft.CognitiveServices/akun/QnAMaker/operasi/baca Mendapatkan detail operasi jangka panjang tertentu.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/buat/tulis Operasi asinkron untuk menciptakan basis pengetahuan baru.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/tulis Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/latih/baca Latih panggilan untuk menambahkan saran ke basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/tulis Mengganti data perubahan.
Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/tindakan Menghasilkan kembali kunci endpoint.
Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/tulis Perbarui endpoint seettings untuk titik akhir.
Microsoft.CognitiveServices/akun/QnAMaker.v2/operasi/baca Mendapatkan detail operasi jangka panjang tertentu.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/buat/tulis Operasi asinkron untuk menciptakan basis pengetahuan baru.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/tulis Operasi asinkron untuk memodifikasi basis pengetahuan atau Mengganti konten basis pengetahuan.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/latih/tulis Latih panggilan untuk menambahkan saran ke basis pengetahuan.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/tulis Mengganti data perubahan.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/tindakan Menghasilkan kembali kunci endpoint.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/tulis Perbarui endpoint seettings untuk titik akhir.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/operasi/baca Mendapatkan detail operasi jangka panjang tertentu.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you create, edit, import and export a KB. You cannot publish or delete a KB.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "name": "f4cc2bf9-21be-47a1-bdf1-5c5804381025",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker/operations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/operations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/create/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/train/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/refreshkeys/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/write",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/operations/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Editor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca QnA Maker Cognitive Services

Memungkinkan Anda membaca dan menguji KB saja. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Microsoft.Authorization/roleAssignments/baca Mendapatkan informasi tentang penetapan peran.
Microsoft.Authorization/roleDefinisi/baca Mendapatkan informasi tentang definisi peran.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/QnAMaker/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/QnAMaker/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/akun/QnAMaker/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/QnAMaker.v2/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/QnAMaker.v2/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/akun/QnAMaker.v2/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/baca Mendapatkan Daftar Basis Pengetahuan atau detail knowledgebaser tertentu.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/unduh/baca Unduh knowledgebase.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/knowledgebases/generateanswer/tindakan GenerateAnswer panggilan untuk meminta basis pengetahuan.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/perubahan/baca Unduh perubahan dari runtime.
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointkeys/baca Mendapatkan tombol endpoint untuk titik akhir
Microsoft.CognitiveServices/akun/TextAnalytics/QnAMaker/endpointsettings/baca Mendapatkan pengaturan endpoint untuk endpoint
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Let's you read and test a KB only.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126",
  "name": "466ccd10-b268-4a11-b098-b4849f024126",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Authorization/roleDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/alterations/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/QnAMaker.v2/endpointsettings/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/download/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/knowledgebases/generateanswer/action",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/alterations/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointkeys/read",
        "Microsoft.CognitiveServices/accounts/TextAnalytics/QnAMaker/endpointsettings/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services QnA Maker Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengguna Cognitive Services

Memungkinkan Anda membaca dan mencantumkan kunci Cognitive Services. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.CognitiveServices/*/baca
Microsoft.CognitiveServices/akun/listkeys/tindakan Membuat daftar kunci
Microsoft.Insights/alertRules/baca Membaca pemberitahuan metrik klasik
Microsoft.Insights /DiagnosticSettings/baca Membaca pengaturan diagnostik sumber daya
Microsoft.Insights/logDefinisi/baca Baca definisi log
Microsoft.Insights/metricdefinisi/baca Baca definisi metrik
Microsoft.Insights/metrik/baca Membaca metrik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.CognitiveServices/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Internet of things

Administrator Pembaruan Perangkat

Memberi Anda akses penuh ke manajemen dan operasi konten Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/pembaruan/baca Melakukan operasi baca yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/pembaruan/tulis Melakukan operasi tulis yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/pembaruan/hapus Melakukan operasi hapus yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/manajemen/baca Melakukan operasi baca yang terkait dengan manajemen
Microsoft.DeviceUpdate/akun/instans/manajemen/tulis Melakukan operasi tulis yang terkait dengan manajemen
Microsoft.DeviceUpdate/akun/instans/manajemen/hapus Melakukan operasi hapus yang terkait dengan manajemen
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you full access to management and content operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a",
  "name": "02ca0879-e8e4-47a5-a61e-5c618b76e64a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/updates/read",
        "Microsoft.DeviceUpdate/accounts/instances/updates/write",
        "Microsoft.DeviceUpdate/accounts/instances/updates/delete",
        "Microsoft.DeviceUpdate/accounts/instances/management/read",
        "Microsoft.DeviceUpdate/accounts/instances/management/write",
        "Microsoft.DeviceUpdate/accounts/instances/management/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Konten Pembaruan Perangkat

Memberi Anda akses penuh ke operasi konten Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/pembaruan/baca Melakukan operasi baca yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/pembaruan/tulis Melakukan operasi tulis yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/pembaruan/hapus Melakukan operasi hapus yang terkait dengan pembaruan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you full access to content operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98",
  "name": "0378884a-3af5-44ab-8323-f5b22f9f3c98",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/updates/read",
        "Microsoft.DeviceUpdate/accounts/instances/updates/write",
        "Microsoft.DeviceUpdate/accounts/instances/updates/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Content Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Konten Pembaruan Perangkat

Memberi Anda akses baca ke operasi konten, tetapi tidak memperbolehkan membuat perubahan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/pembaruan/baca Melakukan operasi baca yang terkait dengan pembaruan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you read access to content operations, but does not allow making changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
  "name": "d1ee9a80-8b14-47f0-bdc2-f4a351625a7b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/updates/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Content Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Penyebaran Pembaruan Perangkat

Memberi Anda akses penuh ke operasi manajemen Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/manajemen/baca Melakukan operasi baca yang terkait dengan manajemen
Microsoft.DeviceUpdate/akun/instans/manajemen/tulis Melakukan operasi tulis yang terkait dengan manajemen
Microsoft.DeviceUpdate/akun/instans/manajemen/hapus Melakukan operasi hapus yang terkait dengan manajemen
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you full access to management operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432",
  "name": "e4237640-0e3d-4a46-8fda-70bc94856432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/management/read",
        "Microsoft.DeviceUpdate/accounts/instances/management/write",
        "Microsoft.DeviceUpdate/accounts/instances/management/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Deployments Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Penyebaran Pembaruan Perangkat

Memberi Anda akses baca ke operasi manajemen, tetapi tidak memungkinkan membuat perubahan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/manajemen/baca Melakukan operasi baca yang terkait dengan manajemen
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you read access to management operations, but does not allow making changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f",
  "name": "49e2f5d2-7741-4835-8efa-19e1fe35e47f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/management/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Deployments Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Pembaruan Perangkat

Memberi Anda akses baca ke operasi konten, tetapi tidak memperbolehkan membuat perubahan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DeviceUpdate/akun/instans/pembaruan/baca Melakukan operasi baca yang terkait dengan pembaruan
Microsoft.DeviceUpdate/akun/instans/manajemen/baca Melakukan operasi baca yang terkait dengan manajemen
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives you read access to management and content operations, but does not allow making changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
  "name": "e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/alertRules/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.DeviceUpdate/accounts/instances/updates/read",
        "Microsoft.DeviceUpdate/accounts/instances/management/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Device Update Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data IoT Hub

Memungkinkan akses penuh ke operasi pesawat data IoT Hub. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Devices/IotHubs/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to IoT Hub data plane operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f",
  "name": "4fc6c259-987e-4a07-842e-c321cc9d413f",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Devices/IotHubs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "IoT Hub Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data IoT Hub

Memungkinkan akses baca penuh ke properti pesawat data IoT Hub Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Devices/IotHubs/*/baca
Microsoft.Devices/IotHubs/fileUpload/pemberitahuan/tindakan Menerima, melengkapi, atau meninggalkan pemberitahuan unggahan file
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full read access to IoT Hub data-plane properties",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3",
  "name": "b447c946-2db7-41ec-983d-d8bf3b1c77e3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Devices/IotHubs/*/read",
        "Microsoft.Devices/IotHubs/fileUpload/notifications/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "IoT Hub Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Registri IoT Hub

Memungkinkan akses penuh ke registri perangkat IoT Hub. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Devices/IotHubs/perangkat/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to IoT Hub device registry.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
  "name": "4ea46cd5-c1b2-4a8e-910b-273211f9ce47",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Devices/IotHubs/devices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "IoT Hub Registry Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Kembar IoT Hub

Memungkinkan untuk membaca dan menulis akses ke semua perangkat IoT Hub dan modul kembar. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Devices/IotHubs/kembar/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read and write access to all IoT Hub device and module twins.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c",
  "name": "494bdba2-168f-4f31-a0a1-191d2f7c028c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Devices/IotHubs/twins/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "IoT Hub Twin Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Realitas campuran

Administrator Remote Rendering

Menyediakan kemampuan konversi, kelola sesi, rendering, dan diagnostik pengguna untuk Azure Remote Rendering Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.MixedReality/RemoteRenderingAccounts/convert/tindakan Mulai konversi aset
Microsoft.MixedReality/RemoteRenderingAccounts/convert/baca Dapatkan properti konversi aset
Microsoft.MixedReality/RemoteRenderingAccounts/convert/hapus Mulai konversi aset
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/baca Dapatkan properti sesi
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/tindakan Memulai sesi
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/hapus Menghentikan sesi
Microsoft.MixedReality/RemoteRenderingAccounts/render/baca Menyambungkan ke sesi
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostik/baca Sambungkan ke inspektur Remote Rendering
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Klien Remote Rendering

Memberi pengguna kemampuan mengelola sesi, perenderan, dan diagnostik untuk Azure Remote Rendering. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/baca Dapatkan properti sesi
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/tindakan Memulai sesi
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/hapus Menghentikan sesi
Microsoft.MixedReality/RemoteRenderingAccounts/render/baca Menyambungkan ke sesi
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostik/baca Sambungkan ke inspektur Remote Rendering
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "name": "d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Client",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun Spatial Anchors

Memungkinkan Anda mengelola jangkar spasial di akun Anda, tetapi tidak menghapusnya Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/buat/tindakan Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca Temukan jangkar spasial terdekat
Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca Dapatkan properti jangkar spasial
Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/baca Memperbarui properti jangkar spasial
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, but not delete them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Akun Spatial Anchors

Memungkinkan Anda mengelola jangkar spasial di akun Anda, termasuk menghapusnya Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/buat/tindakan Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/hapus Menghapus jangkar spasial
Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca Temukan jangkar spasial terdekat
Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca Dapatkan properti jangkar spasial
Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/baca Memperbarui properti jangkar spasial
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, including deleting them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
  "name": "70bbe301-9835-447d-afdd-19eb3167307c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Akun Spatial Anchors

Memungkinkan Anda menemukan dan membaca properti jangkar spasial di akun Anda Pelajari selengkapnya

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/temukan/baca Temukan jangkar spasial terdekat
Microsoft.MixedReality/SpatialAnchorsAccounts/properti/baca Dapatkan properti jangkar spasial
Microsoft.MixedReality/SpatialAnchorsAccounts/kueri/baca Azure Spatial Anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/baca Kirim data diagnostik untuk membantu meningkatkan kualitas layanan Azure Spatial Anchors
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you locate and read properties of spatial anchors in your account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Integrasi

Kontributor Layanan API Management

Dapat mengelola layanan dan API Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ApiManagement/layanan/* Membuat dan mengelola layanan API Management
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Operator Layanan API Management

Dapat mengelola layanan tetapi bukan API Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ApiManagement/layanan/*/baca Baca instans API Management Service
Microsoft.ApiManagement/layanan/cadangan/tindakan Backup API Management Service ke kontainer yang ditentukan dalam akun penyimpanan yang disediakan pengguna
Microsoft.ApiManagement/layanan/hapus Hapus instan Layanan API Management
Microsoft.ApiManagement/service/managedeployments/tindakan Ubah SKU/unit, tambahkan/hapus penyebaran regional API Management Service
Microsoft.ApiManagement/layanan/baca Membaca metadata untuk instans API Management Service
Microsoft.ApiMenammanman/layanan/pemulihan/tindakan Pulihkan API Management Service dari kontainer yang ditentukan dalam akun penyimpanan yang disediakan pengguna
Microsoft.ApiManagement/layanan/updatecertificate/tindakan Mengunggah sertifikat TLS/SSL untuk API Management Service
Microsoft.ApiManagement/layanan/updatehostname/tindakan Menyiapkan, memperbarui, atau menghapus nama domain kustom untuk API Management Service
Microsoft.ApiManagement/layanan/tulis Membuat atau Memperbarui instance Layanan API Management
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.ApiManagement/layanan/pengguna/kunci/baca Mendapatkan kunci yang terkait dengan pengguna
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Pembaca Layanan API Management

Akses baca-saja ke layanan dan API Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.ApiManagement/layanan/*/baca Baca instans API Management Service
Microsoft.ApiManagement/layanan/baca Membaca metadata untuk instans API Management Service
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.ApiManagement/layanan/pengguna/kunci/baca Mendapatkan kunci yang terkait dengan pengguna
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Data App Configuration

Memungkinkan akses penuh ke data App Configuration. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppConfiguration/configurationStores/*/baca
Microsoft.AppConfiguration/configurationStores/*/tulis
Microsoft.AppConfiguration/configurationStores/*/hapus
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data App Configuration

Memungkinkan akses baca ke data App Configuration. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.AppConfiguration/configurationStores/*/baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pendengar Azure Relay

Memungkinkan untuk mendengarkan akses ke sumber daya Azure Relay.

Tindakan Deskripsi
Microsoft.Relay/*/wcfRelays/read
Microsoft.Relay/*/hybridConnections/read
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Relay/*/listen/action
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for listen access to Azure Relay resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d",
  "name": "26e0b698-aa6d-4085-9386-aadae190014d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*/wcfRelays/read",
        "Microsoft.Relay/*/hybridConnections/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*/listen/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Listener",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Azure Relay

Memungkinkan akses penuh ke sumber daya Azure Relay.

Tindakan Deskripsi
Microsoft.Relay/*
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Relay/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Relay resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38",
  "name": "2787bf04-f1f5-4bfe-8383-c8a24483ee38",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengirim Azure Relay

Memungkinkan untuk mengirimkan akses ke sumber daya Azure Relay.

Tindakan Deskripsi
Microsoft.Relay/*/wcfRelays/read
Microsoft.Relay/*/hybridConnections/read
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Relay/*/send/action
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Relay resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d",
  "name": "26baccc8-eea7-41f1-98f4-1762cc7f685d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Relay/*/wcfRelays/read",
        "Microsoft.Relay/*/hybridConnections/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Relay/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Relay Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Data Azure Service Bus

Memungkinkan akses penuh ke sumber daya Azure Service Bus. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ServiceBus/*
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ServiceBus/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penerima Data Azure Service Bus

Memungkinkan untuk menerima akses ke sumber daya Azure Service Bus. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ServiceBus/*/antrean/baca
Microsoft.ServiceBus/*/topik/baca
Microsoft.ServiceBus/*/topik/langganan/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ServiceBus/*/terima/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus Data Sender

Memungkinkan untuk mengirim akses ke sumber daya Azure Service Bus. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ServiceBus/*/antrean/baca
Microsoft.ServiceBus/*/topik/baca
Microsoft.ServiceBus/*/topik/langganan/baca
Bukan Tindakan
Tidak ada
DataActions
Microsoft.ServiceBus/*/kirim/tindakan
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pemilik Pendaftaran Azure Stack Hub

Memungkinkan Anda mengelola pendaftaran Azure Stack Hub.

Tindakan Deskripsi
Microsoft.AzureStack/edgeSubscriptions/baca
Microsoft.AzureStack/registrasi/produk/*/tindakan
Microsoft.AzureStack/registrasi/produk/*/baca Mendapatkan properti produk Azure Stack Marketplace
Microsoft.AzureStack/registrasi/baca Mendapatkan properti pendaftaran Azure Stack
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Stack registrations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureStack/edgeSubscriptions/read",
        "Microsoft.AzureStack/registrations/products/*/action",
        "Microsoft.AzureStack/registrations/products/read",
        "Microsoft.AzureStack/registrations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Stack Registration Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor EventGrid

Memungkinkan Anda mengelola operasi EventGrid.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.EventGrid/* Membuat dan mengelola sumber daya Event Grid
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de",
  "name": "1e241071-0855-49ea-94dc-649edcd759de",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengirim Data EventGrid

Memungkinkan mengirim akses ke acara grid acara.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.EventGrid/topics/read Membaca topik
Microsoft.EventGrid/domains/read Membaca domain
Microsoft.EventGrid/partnerNamespaces/read Membaca namespace mitra
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.EventGrid/events/send/action Kirim kejadian ke topik
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to event grid events.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7",
  "name": "d5a91429-5739-47e2-a06b-3470a27159e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/topics/read",
        "Microsoft.EventGrid/domains/read",
        "Microsoft.EventGrid/partnerNamespaces/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventGrid/events/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor EventSubscription EventGrid

Memungkinkan Anda mengelola operasi langganan kejadian EventGrid. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.EventGrid/eventSubscriptions/* Membuat dan mengelola langganan acara regional
Microsoft.EventGrid/topicTypes/eventSubscriptions/baca Daftar langganan acara global menurut tipe topik
Microsoft.EventGrid/lokasi/eventSubscriptions/baca Daftar langganan acara regional
Microsoft.EventGrid/lokasi/topicTypes/eventSubscriptions/baca Daftar langganan acara regional menurut tipe topik
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca EventSubscription EventGrid

Memungkinkan Anda membaca langganan kejadian EventGrid. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.EventGrid/eventSubscriptions/baca Membaca sebuah eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/baca Daftar langganan acara global menurut tipe topik
Microsoft.EventGrid/lokasi/eventSubscriptions/baca Daftar langganan acara regional
Microsoft.EventGrid/lokasi/topicTypes/eventSubscriptions/baca Daftar langganan acara regional menurut tipe topik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Data FHIR

Peran memungkinkan pengguna atau prinsipal akses penuh ke Data FHIR Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.HealthcareApis/layanan/fhir/sumber daya/*
Microsoft.HealthcareApis/workspaces/fhirservices/resources/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal full access to FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengekspor Data FHIR

Peran memungkinkan pengguna atau prinsipal untuk membaca dan mengekspor Data FHIR Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.HealthcareApis/layanan/fhir/sumber daya/baca Baca sumber daya FHIR (termasuk pencarian dan riwayat versi).
Microsoft.HealthcareApis/layanan/fhir/sumber daya/ekspor/tindakan Operasi ekspor ($export).
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read Baca sumber daya FHIR (termasuk pencarian dan riwayat versi).
Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action Operasi ekspor ($export).
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and export FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
  "name": "3db33094-8700-4567-8da5-1501d4e7e843",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/export/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/export/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Exporter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data FHIR

Peran memungkinkan pengguna atau prinsipal untuk membaca Data FHIR Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.HealthcareApis/layanan/fhir/sumber daya/baca Baca sumber daya FHIR (termasuk pencarian dan riwayat versi).
Microsoft.HealthcareApis/workspaces/fhirservices/resources/read Baca sumber daya FHIR (termasuk pencarian dan riwayat versi).
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penulis Data FHIR

Peran memungkinkan pengguna atau prinsipal untuk membaca dan menulis Data FHIR Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.HealthcareApis/layanan/fhir/sumber daya/*
Microsoft.HealthcareApis/workspaces/fhirservices/resources/*
NotDataActions
Microsoft.HealthcareApis/layanan/fhir/sumber daya/hardDelete/tindakan Penghapusan Keras (termasuk riwayat versi).
Microsoft.HealthcareApis/workspaces/fhirservices/resources/hardDelete/action Penghapusan Keras (termasuk riwayat versi).
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and write FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913",
  "name": "3f88fce4-5892-4214-ae73-ba5294559913",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/*"
      ],
      "notDataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/hardDelete/action",
        "Microsoft.HealthcareApis/workspaces/fhirservices/resources/hardDelete/action"
      ]
    }
  ],
  "roleName": "FHIR Data Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Lingkungan Layanan Integrasi

Memungkinkan Anda mengelola lingkungan layanan integrasi, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Logic/integrationServiceEnvironments/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage integration service environments, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "name": "a41e2c5b-bd99-4a07-88f4-9bf657a760b8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengembang Lingkungan Layanan Integrasi

Memungkinkan pengembang untuk membuat dan memperbarui alur kerja, akun integrasi, dan koneksi API dalam lingkungan layanan integrasi. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Logic/integrationServiceEnvironments/baca Membaca lingkungan layanan integrasi.
Microsoft.Logic/integrasiServiceEnvironments/*/gabung/tindakan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows developers to create and update workflows, integration accounts and API connections in integration service environments.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "name": "c7aa55d3-1abb-444a-a5ca-5e51e485d6ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*",
        "Microsoft.Logic/integrationServiceEnvironments/read",
        "Microsoft.Logic/integrationServiceEnvironments/*/join/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Integration Service Environment Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun Sistem Cerdas

Memungkinkan Anda mengelola akun Intelligent Systems, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.IntelligentSystems/akun/* Membuat dan mengelola akun sistem cerdas
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Intelligent Systems accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
  "name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.IntelligentSystems/accounts/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Intelligent Systems Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Aplikasi Logika

Memungkinkan Anda mengelola aplikasi logika, tetapi tidak mengubah akses ke aplikasi tersebut. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ClassicStorage/storageAccounts/listKeys/tindakan Mencantumkan kunci akses untuk akun penyimpanan.
Microsoft.ClassicStorage/storageAccounts/baca Kembalikan akun penyimpanan dengan akun yang diberikan.
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.Insights/logdefinitions/* Izin ini diperlukan bagi pengguna yang membutuhkan akses ke Log Aktivitas melalui portal. Mencantumkan kategori log di Log Aktivitas.
Microsoft.Insights/metricDefinitions/* Membaca definisi metrik (daftar tipe metrik yang tersedia untuk sumber daya).
Microsoft.Logic/* Mengelola sumber daya Logic Apps.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Web/connectionGateways/* Membuat dan mengelola Gateway Koneksi.
Microsoft.Web/koneksi/* Membuat dan mengelola Koneksi.
Microsoft.Web/customApis/* Membuat dan mengelola API Kustom.
Microsoft.Web/serverFarms/gabung/tindakan Bergabung dengan App Service Plan
Microsoft.Web/serverFarms/baca Dapatkan properti di App Service Plan
Microsoft.Web/situs/fungsi/listSecrets/tindakan Daftar Rahasia fungsi.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage logic app, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logdefinitions/*",
        "Microsoft.Insights/metricDefinitions/*",
        "Microsoft.Logic/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/functions/listSecrets/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Aplikasi Logika

Memungkinkan Anda membaca, mengaktifkan, dan menonaktifkan aplikasi logika, tetapi tidak mengedit atau memperbaruinya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/baca Membaca aturan peringatan Insights
Microsoft.Insights/metricAlerts/*/baca
Microsoft.Insights /DiagnosticSettings/baca Mendapatkan pengaturan diagnostik untuk Logic Apps
Microsoft.Insights/metricDefinitions/*/read Mendapatkan metrik yang tersedia untuk Logic Apps.
Microsoft.Logic/*/baca Membaca sumber daya Aplikasi Logika.
Microsoft.Logic/alur kerja/nonaktifkan/tindakan Menonaktifkan alur kerja.
Microsoft.Logic/alur kerja/aktifkan/tindakan Mengaktifkan alur kerja.
Microsoft.Logic/alur kerja/validasi/tindakan Memvalidasi alur kerja.
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Web/connectionGateways/*/baca Baca Gateway Koneksi.
Microsoft.Web/koneksi/*/baca Baca Koneksi.
Microsoft.Web/customApis/*/baca Baca API Kustom.
Microsoft.Web/serverFarms/baca Dapatkan properti di App Service Plan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read, enable and disable logic app.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metricAlerts/*/read",
        "Microsoft.Insights/diagnosticSettings/*/read",
        "Microsoft.Insights/metricDefinitions/*/read",
        "Microsoft.Logic/*/read",
        "Microsoft.Logic/workflows/disable/action",
        "Microsoft.Logic/workflows/enable/action",
        "Microsoft.Logic/workflows/validate/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*/read",
        "Microsoft.Web/connections/*/read",
        "Microsoft.Web/customApis/*/read",
        "Microsoft.Web/serverFarms/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Identitas

Kontributor Identitas Terkelola

Membuat, Membaca, Memperbarui, dan Menghapus Identitas Yang Ditetapkan Pengguna Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.ManagedIdentity/userAssignedIdentities/baca Mendapatkan identitas pengguna yang ditetapkan yang sudah ada
Microsoft.ManagedIdentity/userAssignedIdentities/tulis Membuat identitas pengguna baru yang ditetapkan atau memperbarui tag yang terkait dengan identitas pengguna yang ditetapkan yang sudah ada
Microsoft.ManagedIdentity/userAssignedIdentities/hapus Menghapus identitas pengguna yang ditetapkan pengguna yang sudah ada
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/write",
        "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Identitas Terkelola

Baca dan Tetapkan Identitas Pengguna yang Ditetapkan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.ManagedIdentity/userAssignedIdentities/baca
Microsoft.ManagedIdentity/userAssignedIdentities/tindakan
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and Assign User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
  "name": "f1a07417-d97a-45cb-824c-7a7467783830",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Keamanan

Kontributor Attestation

Dapat membaca tulis atau menghapus instance penyedia pengesahan Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Attestation/attestationProviders/pengesahan/baca
Microsoft.Attestation/attestationProviders/pengesahan/tulis
Microsoft.Attestation/attestationProviders/pengesahan/hapus
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read write or delete the attestation provider instance",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e",
  "name": "bbf86eb8-f7b4-4cce-96e4-18cddf81d86e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Attestation/attestationProviders/attestation/read",
        "Microsoft.Attestation/attestationProviders/attestation/write",
        "Microsoft.Attestation/attestationProviders/attestation/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Attestation Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Pengesahan

Dapat membaca properti penyedia pengesahan Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Attestation/attestationProviders/pengesahan/baca
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read the attestation provider properties",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3",
  "name": "fd1bd22b-8476-40bc-a0bc-69b95687b9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Attestation/attestationProviders/attestation/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Attestation Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Azure Sentinel Automation

Kontributor Azure Sentinel Automation Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Logic/workflows/pemicu/baca Membaca pemicunya.
Microsoft.Logic/alur kerja/pemicu/listCallbackUrl/tindakan URL panggilan balik yang dihasilkan untuk pemicu.
Microsoft.Logic/alur kerja/berjalan/baca Membaca alur kerja berjalan.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Automation Contributor",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a",
  "name": "f4c81013-99ee-4d62-a7ee-b3f1f648599a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Logic/workflows/triggers/read",
        "Microsoft.Logic/workflows/triggers/listCallbackUrl/action",
        "Microsoft.Logic/workflows/runs/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Automation Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Azure Sentinel

Kontributor Azure Sentinel

Tindakan Deskripsi
Microsoft.SecurityInsights/*
Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan Cari menggunakan mesin baru.
Microsoft.OperationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.OperationalInsights/ruang kerja/savedSearches/*
Microsoft.OperationsMenemanase/solusi/baca Dapatkan solusi keluar dari OMS
Microsoft.OperationalInsights/ruang kerja/kueri/baca Menjalankan kueri di atas data di ruang kerja
Microsoft.OperationalInsights/ruang kerja/kueri/*/baca
Microsoft.OperationalInsights/ruang kerja/dataSources/baca Dapatkan sumber data di bawah ruang kerja.
Microsoft.OperationalInsights/querypacks/*/read
Microsoft.Insights/buku kerja/*
Microsoft.Insights/buku kerja saya/baca Membaca Buku Kerja pribadi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Contributor",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
  "name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.OperationalInsights/querypacks/*/read",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Insights/myworkbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Azure Sentinel.

Pembaca Sentinel Azure Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.SecurityInsights/*/baca
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/tindakan Periksa otorisasi dan lisensi pengguna
Microsoft.SecurityInsights/threatIntelligence/indikator/kueri/tindakan Indikator Kecerdasan Query Threat
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/tindakan Indikator Kecerdasan Query Threat
Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan Cari menggunakan mesin baru.
Microsoft.OperationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.OperationalInsights/ruang kerja/LinkedServices/baca Dapatkan layanan tertaut di bawah ruang kerja tertentu.
Microsoft.OperationalInsights/ruang kerja/savedSearches/baca Mendapatkan kueri pencarian yang disimpan
Microsoft.OperationsMenemanase/solusi/baca Dapatkan solusi keluar dari OMS
Microsoft.OperationalInsights/ruang kerja/kueri/baca Menjalankan kueri di atas data di ruang kerja
Microsoft.OperationalInsights/ruang kerja/kueri/*/baca
Microsoft.OperationalInsights/querypacks/*/read
Microsoft.OperationalInsights/ruang kerja/dataSources/baca Dapatkan sumber data di bawah ruang kerja.
Microsoft.Insights/buku kerja/baca Membaca buku kerja
Microsoft.Insights/buku kerja saya/baca Membaca Buku Kerja pribadi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.SecurityInsights/threatIntelligence/indicators/query/action",
        "Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/LinkedServices/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/querypacks/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Insights/myworkbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penanggap Azure Sentinel

Azure Sentinel Responder Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.SecurityInsights/*/baca
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/tindakan Periksa otorisasi dan lisensi pengguna
Microsoft.SecurityInsights/automationRules/*
Microsoft.SecurityInsights/kasus/*
Microsoft.SecurityInsights/insiden/*
Microsoft.SecurityInsights/threatIntelligence/indikator/appendTags/tindakan Tambahkan tag ke Indikator Kecerdasan Ancaman
Microsoft.SecurityInsights/threatIntelligence/indikator/kueri/tindakan Indikator Kecerdasan Query Threat
Microsoft.SecurityInsights/threatIntelligence/bulkTag/tindakan Data Massal Kecerdasan Ancaman
Microsoft.SecurityInsights/threatIntelligence/indikator/appendTags/tindakan Tambahkan tag ke Indikator Kecerdasan Ancaman
Microsoft.SecurityInsights/threatIntelligence/indikator/replaceTags/tindakan Ganti Tag Indikator Kecerdasan Ancaman
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/tindakan Indikator Kecerdasan Query Threat
Microsoft.OperationalInsights/ruang kerja/analitik/kueri/tindakan Cari menggunakan mesin baru.
Microsoft.OperationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.OperationalInsights/ruang kerja/dataSources/baca Dapatkan sumber data di bawah ruang kerja.
Microsoft.OperationalInsights/ruang kerja/savedSearches/baca Mendapatkan kueri pencarian yang disimpan
Microsoft.OperationsMenemanase/solusi/baca Dapatkan solusi keluar dari OMS
Microsoft.OperationalInsights/ruang kerja/kueri/baca Menjalankan kueri di atas data di ruang kerja
Microsoft.OperationalInsights/ruang kerja/kueri/*/baca
Microsoft.OperationalInsights/ruang kerja/dataSources/baca Dapatkan sumber data di bawah ruang kerja.
Microsoft.OperationalInsights/querypacks/*/read
Microsoft.Insights/buku kerja/baca Membaca buku kerja
Microsoft.Insights/buku kerja saya/baca Membaca Buku Kerja pribadi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.SecurityInsights/kasus/*/Hapus
Microsoft.SecurityInsights/incidents/*/Hapus
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Responder",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.SecurityInsights/automationRules/*",
        "Microsoft.SecurityInsights/cases/*",
        "Microsoft.SecurityInsights/incidents/*",
        "Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action",
        "Microsoft.SecurityInsights/threatIntelligence/indicators/query/action",
        "Microsoft.SecurityInsights/threatIntelligence/bulkTag/action",
        "Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/action",
        "Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/action",
        "Microsoft.SecurityInsights/threatIntelligence/queryIndicators/action",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.OperationalInsights/querypacks/*/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Insights/myworkbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.SecurityInsights/cases/*/Delete",
        "Microsoft.SecurityInsights/incidents/*/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Responder",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Key Vault

Lakukan semua operasi bidang data pada brankas kunci dan semua objek di dalamnya, termasuk sertifikat, kunci, dan rahasia. Tidak dapat mengelola sumber daya brankas kunci atau mengelola penetapan peran. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.KeyVault/checkNameAvailability/baca Periksa bahwa nama key vault valid dan sedang tidak digunakan
Microsoft.KeyVault/deletedVaults/baca Lihat properti key vault yang dihapus sementara
Microsoft.KeyVault/lokasi/*/baca
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/operasi/baca Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Cannot manage key vault resources or manage role assignments. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483",
  "name": "00482a5a-887f-4fb3-b363-3b7fe8e74483",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.KeyVault/checkNameAvailability/read",
        "Microsoft.KeyVault/deletedVaults/read",
        "Microsoft.KeyVault/locations/*/read",
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Petugas Sertifikat Key Vault

Lakukan tindakan apa pun pada sertifikat brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.KeyVault/checkNameAvailability/baca Periksa bahwa nama key vault valid dan sedang tidak digunakan
Microsoft.KeyVault/deletedVaults/baca Lihat properti key vault yang dihapus sementara
Microsoft.KeyVault/lokasi/*/baca
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/operasi/baca Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/certificatecas/*
Microsoft.KeyVault/vaults/sertifikat/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Perform any action on the certificates of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985",
  "name": "a4417e6f-fecd-4de8-b567-7b0420556985",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.KeyVault/checkNameAvailability/read",
        "Microsoft.KeyVault/deletedVaults/read",
        "Microsoft.KeyVault/locations/*/read",
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/certificatecas/*",
        "Microsoft.KeyVault/vaults/certificates/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Certificates Officer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Key Vault

Kelola kubah utama, tetapi tidak memungkinkan Anda untuk menetapkan peran di Azure RBAC, dan tidak memungkinkan Anda mengakses rahasia, kunci, atau sertifikat. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.KeyVault/*
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.KeyVault/lokasi/deletedVaults/hapus menyeluruh/tindakan Hapus menyeluruh brankas kunci yang dihapus sementara
Microsoft.KeyVault/hsmPools/*
Microsoft.KeyVault/managedHsms/*
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage key vaults, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
  "name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.KeyVault/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.KeyVault/locations/deletedVaults/purge/action",
        "Microsoft.KeyVault/hsmPools/*",
        "Microsoft.KeyVault/managedHsms/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Petugas Kripto Key Vault

Lakukan tindakan apa pun pada kunci brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.KeyVault/checkNameAvailability/baca Periksa bahwa nama key vault valid dan sedang tidak digunakan
Microsoft.KeyVault/deletedVaults/baca Lihat properti key vault yang dihapus sementara
Microsoft.KeyVault/lokasi/*/baca
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/operasi/baca Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/kunci/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Perform any action on the keys of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603",
  "name": "14b46e9e-c2b7-41b4-b07b-48a6ebf60603",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.KeyVault/checkNameAvailability/read",
        "Microsoft.KeyVault/deletedVaults/read",
        "Microsoft.KeyVault/locations/*/read",
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/keys/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Crypto Officer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengguna Enkripsi Layanan Kripto Key Vault

Baca metadata kunci dan lakukan operasi bungkus/buka bungkus. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.EventGrid/eventSubscriptions/tulis Membuat atau memperbarui kejadianSubscription
Microsoft.EventGrid/eventSubscriptions/baca Membaca sebuah eventSubscription
Microsoft.EventGrid/eventSubscriptions/hapus Membaca sebuah eventSubscription
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/kunci/baca Daftar kunci dalam kubah yang ditentukan, atau properti baca dan materi publik kunci. Untuk kunci asimetris, operasi ini memaparkan kunci publik dan mencakup kemampuan untuk menjalankan algoritma kunci publik seperti mengenkripsi dan memverifikasi tanda tangan. Kunci pribadi dan kunci simetris tidak pernah terekspos.
Microsoft.KeyVault/vaults/keys/bungkus/tindakan Membuka bungkus kunci simetris dengan kunci Key Vault. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca.
Microsoft.KeyVault/vaults/kunci/buka bungkus/tindakan Membuka bungkus kunci simetris dengan kunci Key Vault.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read metadata of keys and perform wrap/unwrap operations. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6",
  "name": "e147488a-f6f5-4113-8e2d-b22465e65bf6",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventGrid/eventSubscriptions/write",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/eventSubscriptions/delete"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/keys/read",
        "Microsoft.KeyVault/vaults/keys/wrap/action",
        "Microsoft.KeyVault/vaults/keys/unwrap/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Crypto Service Encryption User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengguna Kripto Key Vault

Lakukan operasi kriptografi menggunakan kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/kunci/baca Daftar kunci dalam kubah yang ditentukan, atau properti baca dan materi publik kunci. Untuk kunci asimetris, operasi ini memaparkan kunci publik dan mencakup kemampuan untuk menjalankan algoritma kunci publik seperti mengenkripsi dan memverifikasi tanda tangan. Kunci pribadi dan kunci simetris tidak pernah terekspos.
Microsoft.KeyVault/vaults/kunci/pembaruan/tindakan Memperbarui atribut yang ditentukan dan terkait dengan kunci tertentu.
Microsoft.KeyVault/vaults/kunci/cadangan/tindakan Membuat berkas cadangan kunci. File dapat digunakan untuk memulihkan kunci di Key Vault dengan langganan yang sama. Pembatasan mungkin berlaku.
Microsoft.KeyVault/vaults/kunci/enkripsi/tindakan Mengenkripsi plaintext dengan kunci. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca.
Microsoft.KeyVault/vaults/kunci/deinkripsi/tindakan Mendekripsikan ciphertext dengan kunci.
Microsoft.KeyVault/vaults/keys/bungkus/tindakan Membuka bungkus kunci simetris dengan kunci Key Vault. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca.
Microsoft.KeyVault/vaults/kunci/buka bungkus/tindakan Membuka bungkus kunci simetris dengan kunci Key Vault.
Microsoft.KeyVault/vaults/kunci/tanda/tindakan Menandai pesan yang dicerna (hash) dengan kunci.
Microsoft.KeyVault/vaults/keys/verifikasi/tindakan Memverifikasi tanda tangan pesan yang dicerna (hash) dengan kunci. Perhatikan bahwa jika kunci Vault Kunci adalah asimetris, operasi ini dapat dilakukan oleh prinsipal dengan akses baca.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Perform cryptographic operations using keys. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424",
  "name": "12338af0-0e69-4776-bea7-57ae8d297424",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/keys/read",
        "Microsoft.KeyVault/vaults/keys/update/action",
        "Microsoft.KeyVault/vaults/keys/backup/action",
        "Microsoft.KeyVault/vaults/keys/encrypt/action",
        "Microsoft.KeyVault/vaults/keys/decrypt/action",
        "Microsoft.KeyVault/vaults/keys/wrap/action",
        "Microsoft.KeyVault/vaults/keys/unwrap/action",
        "Microsoft.KeyVault/vaults/keys/sign/action",
        "Microsoft.KeyVault/vaults/keys/verify/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Crypto User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Key Vault

Baca metadata brankas kunci serta sertifikat, kunci, dan rahasianya. Tidak dapat membaca nilai sensitif seperti konten rahasia atau materi kunci. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.KeyVault/checkNameAvailability/baca Periksa bahwa nama key vault valid dan sedang tidak digunakan
Microsoft.KeyVault/deletedVaults/baca Lihat properti key vault yang dihapus sementara
Microsoft.KeyVault/lokasi/*/baca
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/operasi/baca Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/vaults/rahasia/readMetadata/tindakan Cantumkan atau tampilkan properti rahasia, tetapi bukan nilainya.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read metadata of key vaults and its certificates, keys, and secrets. Cannot read sensitive values such as secret contents or key material. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2",
  "name": "21090545-7ca7-4776-b22c-e363652d74d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.KeyVault/checkNameAvailability/read",
        "Microsoft.KeyVault/deletedVaults/read",
        "Microsoft.KeyVault/locations/*/read",
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/vaults/secrets/readMetadata/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Petugas Rahasia Key Vault

Lakukan tindakan apa pun pada rahasia brankas kunci, kecuali izin kelola. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.KeyVault/checkNameAvailability/baca Periksa bahwa nama key vault valid dan sedang tidak digunakan
Microsoft.KeyVault/deletedVaults/baca Lihat properti key vault yang dihapus sementara
Microsoft.KeyVault/lokasi/*/baca
Microsoft.KeyVault/vaults/*/baca
Microsoft.KeyVault/operasi/baca Mencantumkan operasi yang tersedia di penyedia sumber daya Microsoft.KeyVault
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/rahasia/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Perform any action on the secrets of a key vault, except manage permissions. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7",
  "name": "b86a8fe4-44ce-4948-aee5-eccb2c155cd7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.KeyVault/checkNameAvailability/read",
        "Microsoft.KeyVault/deletedVaults/read",
        "Microsoft.KeyVault/locations/*/read",
        "Microsoft.KeyVault/vaults/*/read",
        "Microsoft.KeyVault/operations/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/secrets/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Secrets Officer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengguna Rahasia Key Vault

Baca konten rahasia. Hanya berfungsi untuk brankas kunci yang menggunakan model izin 'kontrol akses berbasis peran Azure'. Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.KeyVault/vaults/rahasia/getSecret/tindakan Mendapatkan nilai rahasia.
Microsoft.KeyVault/vaults/rahasia/readMetadata/tindakan Cantumkan atau tampilkan properti rahasia, tetapi bukan nilainya.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read secret contents. Only works for key vaults that use the 'Azure role-based access control' permission model.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6",
  "name": "4633458b-17de-408a-b874-0445c86b69e6",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.KeyVault/vaults/secrets/getSecret/action",
        "Microsoft.KeyVault/vaults/secrets/readMetadata/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Secrets User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor HSM Terkelola

Memungkinkan Anda mengelola kumpulan HSM terkelola, tetapi tidak dapat mengaksesnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.KeyVault/managedHSMs/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage managed HSM pools, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d",
  "name": "18500a29-7fe2-46b2-a342-b16a415e101d",
  "permissions": [
    {
      "actions": [
        "Microsoft.KeyVault/managedHSMs/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed HSM contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin Keamanan

Melihat dan memperbarui izin untuk Security Center. Izin yang sama dengan peran Pembaca Keamanan dan juga dapat memperbarui kebijakan keamanan dan menghilangkan peringatan dan rekomendasi. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Authorization/policyAssignments/* Membuat dan mengelola penetapan kebijakan
Microsoft.Authorization/policyDefinitions/* Membuat dan mengelola definisi kebijakan
Microsoft.Authorization/policyExemptions/* Membuat dan mengelola pembebasan kebijakan
Microsoft.Authorization/policySetDefinisi/* Membuat dan mengelola rangkaian kebijakan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.operationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Security/* Membuat dan mengelola komponen dan kebijakan keamanan
Microsoft.IoTSecurity/*
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Microsoft.IoTSecurity/defenderSettings/write Membuat atau memutakhirkan Pengaturan Pertahanan IoT
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Admin Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Authorization/policyAssignments/*",
        "Microsoft.Authorization/policyDefinitions/*",
        "Microsoft.Authorization/policyExemptions/*",
        "Microsoft.Authorization/policySetDefinitions/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.IoTSecurity/*",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.IoTSecurity/defenderSettings/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Penilaian Keamanan

Memungkinkan Anda mendorong penilaian ke Security Center

Tindakan Deskripsi
Microsoft.Security/penilaian/tulis Membuat atau memperbarui penilaian keamanan pada langganan Anda
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you push assessments to Security Center",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Security/assessments/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Assessment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pengelola Keamanan (Legasi)

Ini adalah peran legasi. Silakan gunakan Admin Keamanan sebagai gantinya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.ClassicCompute/*/baca Baca informasi konfigurasi mesin virtual klasik
Microsoft.ClassicCompute/virtualMachines/*/tulis Konfigurasi tulis untuk mesin virtual klasik
Microsoft.ClassicNetwork/*/baca Baca informasi konfigurasi tentang jaringan klasik
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Security/* Membuat dan mengelola komponen dan kebijakan keamanan
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "This is a legacy role. Please use Security Administrator instead",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/*/read",
        "Microsoft.ClassicCompute/virtualMachines/*/write",
        "Microsoft.ClassicNetwork/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Manager (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Keamanan

Lihat izin Security Center. Pengguna dapat melihat rekomendasi, pemberitahuan, kebijakan keamanan, status keamanan, tetapi tidak dapat mengubahnya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/baca Membaca pemberitahuan metrik klasik
Microsoft.operationalInsights/ruang kerja/*/baca Menampilkan data analitik log
Microsoft.Resources/penyebaran/*/baca
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Security/*/baca Membaca komponen dan kebijakan keamanan
Microsoft.IoTSecurity/*/read
Microsoft.Support/*/baca
Microsoft.Security/iotDefenderSettings/packageDownloads/tindakan Mendapatkan informasi paket IoT Defender yang dapat diunduh
Microsoft.Security/iotDefenderSettings/downloadManagerActivation/tindakan Unduh file aktivasi manajer dengan data kuota langganan
Microsoft.Security/iotSensors/downloadResetPassword/tindakan Unduhan reset file kata sandi untuk Sensor IoT
Microsoft.IoTSecurity/defenderSettings/packageDownloads/action Mendapatkan informasi paket Pertahanan IoT yang dapat diunduh
Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action Unduh file aktivasi manajer
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*/read",
        "Microsoft.IoTSecurity/*/read",
        "Microsoft.Support/*/read",
        "Microsoft.Security/iotDefenderSettings/packageDownloads/action",
        "Microsoft.Security/iotDefenderSettings/downloadManagerActivation/action",
        "Microsoft.Security/iotSensors/downloadResetPassword/action",
        "Microsoft.IoTSecurity/defenderSettings/packageDownloads/action",
        "Microsoft.IoTSecurity/defenderSettings/downloadManagerActivation/action",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DevOps

Pengguna DevTest Labs

Memungkinkan Anda menyambungkan, memulai, memulai ulang, dan mematikan virtual machines Anda di Azure DevTest Labs. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Compute/availabilitySets/baca Dapatkan properti dari kumpulan ketersediaan
Microsoft.Compute/virtualMachines/*/baca Baca properti mesin virtual (ukuran VM, status runtime, ekstensi VM, dll.)
Microsoft.Compute/virtualMachines/deallocate/tindakan Mematikan mesin virtual dan melepas sumber daya komputasi
Microsoft.Compute/virtualMachines/baca Dapatkan properti mesin virtual
Microsoft.Compute/virtualMachines/restart/tindakan Memulai ulang mesin virtual
Microsoft.Compute/virtualMachines/start/tindakan Memulai mesin virtual
Microsoft.DevTestLab/*/baca Membaca properti laboratorium
Microsoft.DevTestLab/labs/claimAnyVm/tindakan Klaim mesin virtual acak yang dapat diklaim di laboratorium.
Microsoft.DevTestLab/labs/createEnvironment/tindakan Buat mesin virtual di laboratorium.
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/tindakan Pastikan pengguna saat ini memiliki profil yang valid di laboratorium.
Microsoft.DevTestLab/labs/formulas/hapus Menghapus rumus.
Microsoft.DevTestLab/labs/formulas/baca Baca rumus.
Microsoft.DevTestLab/labs/formulas/tulis Menambahkan atau mengubah rumus.
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/tindakan Mengevaluasi kebijakan lab.
Microsoft.DevTestLab/labs/virtualMachines/klaim/tindakan Mengambil kepemilikan mesin virtual yang ada
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/tindakan Mencantumkan jadwal mulai/berhenti yang berlaku, jika ada.
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/tindakan Mendapatkan string yang mewakili konten file RDP untuk mesin virtual
Microsoft.Network/loadBalancers/backendAddressPools/gabung/tindakan Bergabung dengan kumpulan alamat backend penyeimbang muatan. Tidak bisa diperingatkan.
Microsoft.Network/loadBalancers/inboundNatRules/gabung/tindakan Bergabung dengan kumpulan NAT masuk penyeimbang muatan. Tidak bisa diperingatkan.
Microsoft.Network/networkInterfaces/*/read Baca properti antarmuka jaringan (misalnya, semua penyeimbang muatan yang merupakan bagian dari antarmuka jaringan)
Microsoft.Network/networkInterfaces/gabung/tindakan Melampirkan antarmuka jaringan ke komputer virtual. Tidak bisa diperingatkan.
Microsoft.Network/networkInterfaces/baca Mendapatkan definisi antarmuka jaringan.
Microsoft.Network/networkInterfaces/tulis Membuat antarmuka jaringan atau memperbarui antarmuka jaringan yang ada.
Microsoft.Network/publicIPAddresses/*/baca Membaca properti alamat IP publik
Microsoft.Network/publicIPAddresses/gabung/tindakan Tambahkan alamat ip publik. Tidak bisa diperingatkan.
Microsoft.Network/publicIPAddresses/baca Mendapatkan definisi alamat ip publik.
Microsoft.Network/virtualNetworks/subnets/gabung/tindakan Bergabung dengan jaringan virtual. Tidak bisa diperingatkan.
Microsoft.Resources/penyebaran/operasi/baca Mendapatkan atau mencantumkan operasi penyebaran.
Microsoft.Resources/penyebaran/baca Mendapatkan atau mencantumkan penyebaran.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/listKeys/tindakan Mengembalikan kunci akses untuk akun penyimpanan tertentu.
Bukan Tindakan
Microsoft.Compute/virtualMachines/vmSizes/baca Daftar ukuran yang tersedia yang dapat digunakan untuk memperbarui mesin virtual
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
  "name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.Compute/virtualMachines/deallocate/action",
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Compute/virtualMachines/restart/action",
        "Microsoft.Compute/virtualMachines/start/action",
        "Microsoft.DevTestLab/*/read",
        "Microsoft.DevTestLab/labs/claimAnyVm/action",
        "Microsoft.DevTestLab/labs/createEnvironment/action",
        "Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
        "Microsoft.DevTestLab/labs/formulas/delete",
        "Microsoft.DevTestLab/labs/formulas/read",
        "Microsoft.DevTestLab/labs/formulas/write",
        "Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
        "Microsoft.DevTestLab/labs/virtualMachines/claim/action",
        "Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
        "Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/networkInterfaces/*/read",
        "Microsoft.Network/networkInterfaces/join/action",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/publicIPAddresses/*/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listKeys/action"
      ],
      "notActions": [
        "Microsoft.Compute/virtualMachines/vmSizes/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DevTest Labs User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembuat Lab

Memungkinkan Anda membuat lab baru di bawah Akun Azure Lab. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.LabServices/labAccounts/*/baca
Microsoft.LabServices/labAccounts/createLab/tindakan Membuat jendela akun lab.
Microsoft.LabServices/labAccounts/getPricingAndAvailability/tindakan Dapatkan harga dan ketersediaan kombinasi ukuran, geografi, dan sistem operasi untuk akun lab.
Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/tindakan Dapatkan pembatasan dan penggunaan inti untuk langganan ini
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create new labs under your Azure Lab Accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.LabServices/labAccounts/*/read",
        "Microsoft.LabServices/labAccounts/createLab/action",
        "Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
        "Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Creator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Monitor

Kontributor Komponen Application Insights

Dapat mengelola komponen Application Insights Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola aturan pemberitahuan klasik
Microsoft.Insights/generateLiveToken/baca Metrik Langsung mendapatkan token
Microsoft.Insights/metricAlerts/* Membuat atau mengelola aturan pemberitahuan
Microsoft.Insights/komponen/* Membuat dan mengelola komponen Insight
Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/topologi/baca Baca Topologi
Microsoft.Insights/transaksi/baca Baca Transaksi
Microsoft.Insights/webtests/* Membuat dan mengelola uji web Insights
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage Application Insights components",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
  "name": "ae349356-3a1b-4a5e-921d-050484c6347e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/generateLiveToken/read",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/topology/read",
        "Microsoft.Insights/transactions/read",
        "Microsoft.Insights/webtests/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Component Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Debugger Snapshot Application Insights

Memberikan izin kepada pengguna untuk melihat dan mengunduh snapshot debug yang dikumpulkan dengan Application Insights Snapshot Debugger. Perhatikan bahwa izin ini tidak disertakan dalam peran Pemilik atau Kontributor. Saat memberi pengguna peran Snapshot Debugger Application Insights, Anda harus memberikan peran langsung kepada pengguna. Peran tidak dikenali ketika ditambahkan ke peran kustom. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/komponen/*/baca
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives user permission to use Application Insights Snapshot Debugger features",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Snapshot Debugger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Pemantauan

Dapat membaca semua data pemantauan dan memperbarui pengaturan pemantauan. Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.AlertsMeneman/pemberitahuan/*
Microsoft.AlertsMenemanase/alertsSummary/*
Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Insights/komponen/* Membuat dan mengelola komponen Insight
Microsoft.Insights/dataCollectionRules/*
Microsoft.Insights/dataCollectionRuleAssociations/*
Microsoft.Insights/DiagnosticSettings/* Membuat, memperbarui, atau membaca pengaturan diagnostik untuk Server Analisis
Microsoft.Insights/eventtypes/* Mencantumkan peristiwa Log Aktivitas (peristiwa manajemen) dalam langganan. Izin ini berlaku untuk akses terprogram dan portal ke Log Aktivitas.
Microsoft.Insights/LogDefinitions/* Izin ini diperlukan bagi pengguna yang membutuhkan akses ke Log Aktivitas melalui portal. Mencantumkan kategori log di Log Aktivitas.
Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/* Membaca definisi metrik (daftar tipe metrik yang tersedia untuk sumber daya).
Microsoft.Insights/Metrik/* Membaca metrik untuk sumber daya.
Microsoft.Insights/Daftar/Tindakan Mendaftarkan penyedia Microsoft Insights
Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/webtests/* Membuat dan mengelola uji web Insights
Microsoft.Insights/buku kerja/*
Microsoft.Insights/privateLinkScopes/*
Microsoft.Insights/privateLinkScopeOperationStatuses/*
Microsoft.OperationalInsights/ruang kerja/tulis Membuat ruang kerja atau tautan baru ke ruang kerja yang ada dengan menyediakan id pelanggan dari ruang kerja yang ada.
Microsoft.OperationalInsights/ruang kerja/intelligencepacks/* Baca/tulis/hapus paket solusi analitik log.
Microsoft.OperationalInsights/ruang kerja/savedSearches/* Baca/tulis/hapus pencarian yang disimpan analitik log.
Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan Menjalankan kueri pencarian
Microsoft.OperationalInsights/ruang kerja/sharedKeys/tindakan Mengambil kunci bersama untuk ruang kerja. Kunci ini digunakan untuk menghubungkan agen Microsoft Operational Insights ke ruang kerja.
Microsoft.OperationalInsights/ruang kerja/storageinsightconfigs/* Baca/tulis/hapus konfigurasi wawasan penyimpanan analitik log.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.WorkloadMonitor/monitors/* Dapatkan informasi tentang monitor kesehatan VM tamu.
Microsoft.AlertsMenemanagement/smartDetectorAlertRules/*
Microsoft.AlertsMeneman/actionRules/*
Microsoft.AlertsManagement/smartGroups/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data and update monitoring settings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.AlertsManagement/alerts/*",
        "Microsoft.AlertsManagement/alertsSummary/*",
        "Microsoft.Insights/actiongroups/*",
        "Microsoft.Insights/activityLogAlerts/*",
        "Microsoft.Insights/AlertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/dataCollectionRules/*",
        "Microsoft.Insights/dataCollectionRuleAssociations/*",
        "Microsoft.Insights/DiagnosticSettings/*",
        "Microsoft.Insights/eventtypes/*",
        "Microsoft.Insights/LogDefinitions/*",
        "Microsoft.Insights/metricalerts/*",
        "Microsoft.Insights/MetricDefinitions/*",
        "Microsoft.Insights/Metrics/*",
        "Microsoft.Insights/Register/Action",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Insights/privateLinkScopes/*",
        "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
        "Microsoft.OperationalInsights/workspaces/write",
        "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
        "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
        "Microsoft.Support/*",
        "Microsoft.WorkloadMonitor/monitors/*",
        "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
        "Microsoft.AlertsManagement/actionRules/*",
        "Microsoft.AlertsManagement/smartGroups/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Memantau peran Penerbit Metrik

Mengaktifkan metrik penerbitan terhadap sumber daya Azure Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Insights/Daftar/Tindakan Mendaftarkan penyedia Microsoft Insights
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Insights/Metrik/Tulis Menulis metrik
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Enables publishing metrics against Azure resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
  "name": "3913510d-42f4-4e42-8a64-420c390055eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/Register/Action",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Insights/Metrics/Write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Metrics Publisher",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Pemantauan

Dapat membaca semua data pemantauan (metrik, log, dll.). Untuk informasi selengkapnya, lihat Mulai menggunakan peran, izin, dan keamanan dengan Azure Monitor. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.OperationalInsights/ruang kerja/pencarian/tindakan Menjalankan kueri pencarian
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Buku Kerja

Dapat menyimpan buku kerja bersama. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Insights/buku kerja/tulis Buat atau perbarui buku kerja
Microsoft.Insights/buku kerja/hapus Menghapus buku kerja
Microsoft.Insights/buku kerja/baca Membaca buku kerja
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can save shared workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/workbooks/write",
        "Microsoft.Insights/workbooks/delete",
        "Microsoft.Insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Buku Kerja

Dapat membaca buku kerja. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Insights/buku kerja/baca Membaca buku kerja
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "permissions": [
    {
      "actions": [
        "microsoft.insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Manajemen + tata kelola

Operator Pekerjaan Automation

Membuat dan Mengelola Tugas menggunakan Runbook Automation. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca Membaca Sumber Daya Hybrid Runbook Worker
Microsoft.Automation/automationAccounts/pekerjaan/baca Mendapatkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan Melanjutkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan Mendapatkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca Mendapatkan aliran pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan Menangguhkan tugas Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/tulis Membuat tugas Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/output/ba Mendapatkan output pekerjaan
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and Manage Jobs using Automation Runbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Job Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Automation

Operator Automation dapat memulai, menghentikan, menangguhkan, dan melanjutkan pekerjaan Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/baca Membaca Sumber Daya Hybrid Runbook Worker
Microsoft.Automation/automationAccounts/pekerjaan/baca Mendapatkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/lanjutkan/tindakan Melanjutkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/stop/tindakan Mendapatkan pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/aliran/baca Mendapatkan aliran pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/tangguhkan/tindakan Menangguhkan tugas Azure Automation
Microsoft.Automation/automationAccounts/pekerjaan/tulis Membuat tugas Azure Automation
Microsoft.Automation/automationAccounts/jobSchedules/baca Mendapatkan jadwal pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/jobSchedules/tulis Membuat jadwal pekerjaan Azure Automation
Microsoft.Automation/automationAccounts/linkedWorkspace/baca Membuat ruang kerja ditautkan ke akun otomatisasi
Microsoft.Automation/automationAccounts/baca Mendapatkan akun Azure Automation
Microsoft.Automation/automationAccounts/runbooks/baca Mendapatkan runbook Azure Automation
Microsoft.Automation/automationAccounts/jadwal/baca Mendapatkan aset jadwal Azure Automation
Microsoft.Automation/automationAccounts/jadwal/tulis Membuat atau memperbarui aset jadwal Azure Automation
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Automation/automationAccounts/pekerjaan/output/ba Mendapatkan output pekerjaan
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Automation Operators are able to start, stop, suspend, and resume jobs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
  "name": "d3881f73-407a-4167-8283-e981cbba0404",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobSchedules/read",
        "Microsoft.Automation/automationAccounts/jobSchedules/write",
        "Microsoft.Automation/automationAccounts/linkedWorkspace/read",
        "Microsoft.Automation/automationAccounts/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Automation/automationAccounts/schedules/read",
        "Microsoft.Automation/automationAccounts/schedules/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Runbook Automation

Properti baca Runbook - agar dapat membuat Tugas runbook. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Automation/automationAccounts/runbooks/baca Mendapatkan runbook Azure Automation
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read Runbook properties - to be able to create Jobs of the runbook.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Runbook Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Pengguna Klaster Kubernetes Yang Diaktifkan Azure Arc

Tindakan buat daftar kredensial pengguna kluster.

Tindakan Deskripsi
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/tindakan Daftar kredensial Pengguna cluster
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credentials action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00493d72-78f6-4148-b6c5-d3ce8e4799dd",
  "name": "00493d72-78f6-4148-b6c5-d3ce8e4799dd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Kubernetes/connectedClusters/listClusterUserCredentials/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Arc Enabled Kubernetes Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin Kubernetes Azure Arc

Memungkinkan Anda mengelola semua sumber daya dalam kluster/namespace layanan, kecuali memperbarui atau menghapus kuota dan namespace. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/baca Membaca controllerrevisions
Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*
Microsoft.Kubernetes/connectedClusters/apps/penyebaran/*
Microsoft.Kubernetes/connectedClusters/apps/replicasets/*
Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*
Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/tulis Menulis localsubjectaccessreviews
Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*
Microsoft.Kubernetes/connectedClusters/batch/pekerjaan/*
Microsoft.Kubernetes/connectedClusters/configmaps/*
Microsoft.Kubernetes/connectedClusters/endpoints/*
Microsoft.Kubernetes/connectedClusters/events.k8s.io/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/ekstensi/daemonsets/*
Microsoft.Kubernetes/connectedClusters/ekstensi/penyebaran/*
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/*
Microsoft.Kubernetes/connectedClusters/ekstensi/networkpolicies/*
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/*
Microsoft.Kubernetes/connectedClusters/limitranges/baca Membaca batasan
Microsoft.Kubernetes/connectedClusters/namespaces/baca Membaca namespaces
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*
Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*
Microsoft.Kubernetes/connectedClusters/pods/*
Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/*
Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/*
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*
Microsoft.Kubernetes/connectedClusters/resourcequotas/baca Membaca resourcequotas
Microsoft.Kubernetes/connectedClusters/rahasia/*
Microsoft.Kubernetes/connectedClusters/serviceaccounts/*
Microsoft.Kubernetes/connectedClusters/layanan/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/dffb1e0c-446f-4dde-a09f-99eb5cc68b96",
  "name": "dffb1e0c-446f-4dde-a09f-99eb5cc68b96",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read",
        "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*",
        "Microsoft.Kubernetes/connectedClusters/apps/deployments/*",
        "Microsoft.Kubernetes/connectedClusters/apps/replicasets/*",
        "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*",
        "Microsoft.Kubernetes/connectedClusters/authorization.k8s.io/localsubjectaccessreviews/write",
        "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*",
        "Microsoft.Kubernetes/connectedClusters/batch/jobs/*",
        "Microsoft.Kubernetes/connectedClusters/configmaps/*",
        "Microsoft.Kubernetes/connectedClusters/endpoints/*",
        "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read",
        "Microsoft.Kubernetes/connectedClusters/events/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/deployments/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*",
        "Microsoft.Kubernetes/connectedClusters/limitranges/read",
        "Microsoft.Kubernetes/connectedClusters/namespaces/read",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*",
        "Microsoft.Kubernetes/connectedClusters/pods/*",
        "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/rolebindings/*",
        "Microsoft.Kubernetes/connectedClusters/rbac.authorization.k8s.io/roles/*",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*",
        "Microsoft.Kubernetes/connectedClusters/resourcequotas/read",
        "Microsoft.Kubernetes/connectedClusters/secrets/*",
        "Microsoft.Kubernetes/connectedClusters/serviceaccounts/*",
        "Microsoft.Kubernetes/connectedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Arc Kubernetes Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Admin Klaster Azure Arc Kubernetes

Memungkinkan Anda mengelola semua sumber daya dalam kluster. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Kubernetes/connectedClusters/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8393591c-06b9-48a2-a542-1bd6b377f6a2",
  "name": "8393591c-06b9-48a2-a542-1bd6b377f6a2",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Kubernetes/connectedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Arc Kubernetes Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penampil Kubernetes Azure Arc

Memungkinkan Anda melihat semua sumber daya di kluster/namespace, kecuali rahasia. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/baca Membaca controllerrevisions
Microsoft.Kubernetes/connectedClusters/apps/daemonsets/baca Membaca daemonset
Microsoft.Kubernetes/connectedClusters/apps/penyebaran/baca Membaca penyebaran
Microsoft.Kubernetes/connectedClusters/apps/replicasets/baca Membaca replikasi
Microsoft.Kubernetes/connectedClusters/apps/statefulsets/baca Membaca statefulset
Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/baca Membaca horizontalpodautoscalers
Microsoft.Kubernetes/connectedClusters/batch/cronjobs/baca Membaca cronjobs
Microsoft.Kubernetes/connectedClusters/batch/jobs/baca Membaca tugas
Microsoft.Kubernetes/connectedClusters/configmaps/baca Membaca peta konfigurasi
Microsoft.Kubernetes/connectedClusters/endpoints/baca Membaca titik akhir
Microsoft.Kubernetes/connectedClusters/events.k8s.io/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/ekstensi/daemonsets/baca Membaca daemonset
Microsoft.Kubernetes/connectedClusters/ekstensi/penyebaran/baca Membaca penyebaran
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/baca Membaca ingresses
Microsoft.Kubernetes/connectedClusters/ekstensi/networkpolicies/baca NetworkPolicies
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/baca Membaca replikasi
Microsoft.Kubernetes/connectedClusters/limitranges/baca Membaca batasan
Microsoft.Kubernetes/connectedClusters/namespaces/baca Membaca namespaces
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/baca Membaca ingresses
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/baca NetworkPolicies
Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/baca Membaca persistentvolumeclaims
Microsoft.Kubernetes/connectedClusters/pods/baca Membaca Pod
Microsoft.Kubernetes/connectedClusters/kebijakan/poddisruptionbudgets/baca Membaca poddisruptionbudgets
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/baca Membaca replikasikontroler
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/baca Membaca replikasikontroler
Microsoft.Kubernetes/connectedClusters/resourcequotas/baca Membaca resourcequotas
Microsoft.Kubernetes/connectedClusters/serviceaccounts/baca Membaca serviceaccounts
Microsoft.Kubernetes/connectedClusters/layanan/baca Layanan baca
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view all resources in cluster/namespace, except secrets.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/63f0a09d-1495-4db4-a681-037d84835eb4",
  "name": "63f0a09d-1495-4db4-a681-037d84835eb4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read",
        "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/read",
        "Microsoft.Kubernetes/connectedClusters/apps/deployments/read",
        "Microsoft.Kubernetes/connectedClusters/apps/replicasets/read",
        "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/read",
        "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/read",
        "Microsoft.Kubernetes/connectedClusters/batch/jobs/read",
        "Microsoft.Kubernetes/connectedClusters/configmaps/read",
        "Microsoft.Kubernetes/connectedClusters/endpoints/read",
        "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read",
        "Microsoft.Kubernetes/connectedClusters/events/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/deployments/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/read",
        "Microsoft.Kubernetes/connectedClusters/limitranges/read",
        "Microsoft.Kubernetes/connectedClusters/namespaces/read",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/read",
        "Microsoft.Kubernetes/connectedClusters/pods/read",
        "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/read",
        "Microsoft.Kubernetes/connectedClusters/resourcequotas/read",
        "Microsoft.Kubernetes/connectedClusters/serviceaccounts/read",
        "Microsoft.Kubernetes/connectedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Arc Kubernetes Viewer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penulis Kubernetes Azure Arc

Memungkinkan Anda memperbarui semuanya di kluster/namespace, kecuali peran (kluster) dan ikatan peran (kluster). Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/baca Membaca controllerrevisions
Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*
Microsoft.Kubernetes/connectedClusters/apps/penyebaran/*
Microsoft.Kubernetes/connectedClusters/apps/replicasets/*
Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*
Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*
Microsoft.Kubernetes/connectedClusters/batch/pekerjaan/*
Microsoft.Kubernetes/connectedClusters/configmaps/*
Microsoft.Kubernetes/connectedClusters/endpoints/*
Microsoft.Kubernetes/connectedClusters/events.k8s.io/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/acara/baca Membaca acara
Microsoft.Kubernetes/connectedClusters/ekstensi/daemonsets/*
Microsoft.Kubernetes/connectedClusters/ekstensi/penyebaran/*
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/*
Microsoft.Kubernetes/connectedClusters/ekstensi/networkpolicies/*
Microsoft.Kubernetes/connectedClusters/ekstensi/ingresses/*
Microsoft.Kubernetes/connectedClusters/limitranges/baca Membaca batasan
Microsoft.Kubernetes/connectedClusters/namespaces/baca Membaca namespaces
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*
Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*
Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*
Microsoft.Kubernetes/connectedClusters/pods/*
Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*
Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*
Microsoft.Kubernetes/connectedClusters/resourcequotas/baca Membaca resourcequotas
Microsoft.Kubernetes/connectedClusters/rahasia/*
Microsoft.Kubernetes/connectedClusters/serviceaccounts/*
Microsoft.Kubernetes/connectedClusters/layanan/*
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you update everything in cluster/namespace, except (cluster)roles and (cluster)role bindings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5b999177-9696-4545-85c7-50de3797e5a1",
  "name": "5b999177-9696-4545-85c7-50de3797e5a1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Kubernetes/connectedClusters/apps/controllerrevisions/read",
        "Microsoft.Kubernetes/connectedClusters/apps/daemonsets/*",
        "Microsoft.Kubernetes/connectedClusters/apps/deployments/*",
        "Microsoft.Kubernetes/connectedClusters/apps/replicasets/*",
        "Microsoft.Kubernetes/connectedClusters/apps/statefulsets/*",
        "Microsoft.Kubernetes/connectedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.Kubernetes/connectedClusters/batch/cronjobs/*",
        "Microsoft.Kubernetes/connectedClusters/batch/jobs/*",
        "Microsoft.Kubernetes/connectedClusters/configmaps/*",
        "Microsoft.Kubernetes/connectedClusters/endpoints/*",
        "Microsoft.Kubernetes/connectedClusters/events.k8s.io/events/read",
        "Microsoft.Kubernetes/connectedClusters/events/read",
        "Microsoft.Kubernetes/connectedClusters/extensions/daemonsets/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/deployments/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/ingresses/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/networkpolicies/*",
        "Microsoft.Kubernetes/connectedClusters/extensions/replicasets/*",
        "Microsoft.Kubernetes/connectedClusters/limitranges/read",
        "Microsoft.Kubernetes/connectedClusters/namespaces/read",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.Kubernetes/connectedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.Kubernetes/connectedClusters/persistentvolumeclaims/*",
        "Microsoft.Kubernetes/connectedClusters/pods/*",
        "Microsoft.Kubernetes/connectedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*",
        "Microsoft.Kubernetes/connectedClusters/replicationcontrollers/*",
        "Microsoft.Kubernetes/connectedClusters/resourcequotas/read",
        "Microsoft.Kubernetes/connectedClusters/secrets/*",
        "Microsoft.Kubernetes/connectedClusters/serviceaccounts/*",
        "Microsoft.Kubernetes/connectedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Arc Kubernetes Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Onboarding Mesin yang Tersambung Azure

Dapat melakukan onboarding Komputer yang Tersambung Azure. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.HybridCompute/mesin/baca Baca mesin Azure Arc mana pun
Microsoft.HybridCompute/mesin/tulis Menulis mesin Azure Arc
Microsoft.HybridCompute/privateLinkScopes/baca Baca privateLinkScope Azure Arc apa pun
Microsoft.GuestConfiguration/guestConfigurationAssignments/baca Dapatkan tugas konfigurasi tamu.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.HybridCompute/privateLinkScopes/read",
        "Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Onboarding",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Sumber Daya Komputer yang Tersambungt Azure

Dapat membaca, menulis, menghapus, dan melakukan onboarding ulang Komputer yang Tersambung Azure.

Tindakan Deskripsi
Microsoft.HybridCompute/mesin/baca Baca mesin Azure Arc mana pun
Microsoft.HybridCompute/mesin/tulis Menulis mesin Azure Arc
Microsoft.HybridCompute/mesin/hapus Menghapus mesin Azure Arc
Microsoft.HybridCompute/machines/UpgradeExtensions/action Meningkatkan Ekstensi pada komputer Azure Arc
Microsoft.HybridCompute/mesin/ekstensi/baca Membaca ekstensi Azure Arc apa pun
Microsoft.HybridCompute/mesin/ekstensi/tulis Menginstal atau Memperbarui ekstensi Azure Arc
Microsoft.HybridCompute/mesin/ekstensi/hapus Menghapus ekstensi Azure Arc
Microsoft.HybridCompute/privateLinkScopes/*
Microsoft.HybridCompute/*/baca
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read, write, delete and re-onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
  "name": "cd570a14-e51a-42ad-bac8-bafd67325302",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.HybridCompute/machines/delete",
        "Microsoft.HybridCompute/machines/UpgradeExtensions/action",
        "Microsoft.HybridCompute/machines/extensions/read",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.HybridCompute/machines/extensions/delete",
        "Microsoft.HybridCompute/privateLinkScopes/*",
        "Microsoft.HybridCompute/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Resource Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Penagihan

Memungkinkan akses baca ke data penagihan Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Billing/*/baca Baca informasi Penagihan
Microsoft.Commerce/*/baca
Microsoft.Consumption/*/baca
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.CostManagement/*/baca
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to billing data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Billing/*/read",
        "Microsoft.Commerce/*/read",
        "Microsoft.Consumption/*/read",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Billing Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Cetak Biru

Dapat mengelola definisi cetak biru, tetapi tidak dapat menetapkannya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Blueprint/cetak biru/* Membuat dan mengelola definisi cetak biru atau artefak cetak biru.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage blueprint definitions, but not assign them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
  "name": "41077137-e803-4205-871c-5a86e6a753b4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprints/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Cetak Biru

Dapat menetapkan cetak biru yang dipublikasikan sebelumnya, tetapi tidak dapat membuat definisi cetak biru baru. Penugasan cetak biru hanya berfungsi jika penugasan dilakukan dengan identitas terkelola yang ditetapkan pengguna. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Blueprint/blueprintAssignments/* Membuat dan mengelola penetapan cetak biru.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprintAssignments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Manajemen Biaya

Dapat melihat biaya dan mengelola konfigurasi biaya (misalnya anggaran, ekspor) Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Consumption/*
Microsoft.CostManagement/*
Microsoft.Billing/billingPeriods/baca
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Advisor/konfigurasi/baca Dapatkan konfigurasi
Microsoft.Advisor/rekomendasi/baca Membaca rekomendasi
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.Billing/billingProperty/baca
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
  "name": "434105ed-43f6-45c7-a02f-909b2ba83430",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*",
        "Microsoft.CostManagement/*",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Billing/billingProperty/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Cost Management

Dapat melihat data biaya dan konfigurasi (misalnya anggaran, ekspor) Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Consumption/*/baca
Microsoft.CostManagement/*/baca
Microsoft.Billing/billingPeriods/baca
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Advisor/konfigurasi/baca Dapatkan konfigurasi
Microsoft.Advisor/rekomendasi/baca Membaca rekomendasi
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.Billing/billingProperty/baca
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view cost data and configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
  "name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Billing/billingProperty/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrator Pengaturan Hierarki

Memungkinkan pengguna mengedit dan menghapus Pengaturan Hierarki

Tindakan Deskripsi
Microsoft.Management/managementGroups/pengaturan/tulis Membuat atau memperbarui pengaturan hierarki grup manajemen.
Microsoft.Management/managementGroups/pengaturan/hapus Menghapus pengaturan hierarki grup manajemen.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows users to edit and delete Hierarchy Settings",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
  "name": "350f8d15-c687-4448-8ae1-157740a3936d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/settings/write",
        "Microsoft.Management/managementGroups/settings/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Hierarchy Settings Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Klaster Kubernetes - Azure Arc Onboarding

Definisi peran untuk mengotorisasi setiap pengguna/layanan untuk membuat sumber daya ConnectedClusters Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/tulis Membuat atau memperbarui penyebaran.
Microsoft.Resources/langganan/hasiloperasi/baca Dapatkan Hasil Operasi Langganan.
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Kubernetes/connectedClusters/Tulis Menulis ConnectedClusters
Microsoft.Kubernetes/connectedClusters/baca Baca ConnectedClusters
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role definition to authorize any user/service to create connectedClusters resource",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41",
  "name": "34e09817-6cbe-4d01-b1a2-e0eac5743d41",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Kubernetes/connectedClusters/Write",
        "Microsoft.Kubernetes/connectedClusters/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Kubernetes Cluster - Azure Arc Onboarding",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Ekstensi Kubernetes

Dapat membuat, memperbarui, mendapatkan, daftar dan menghapus Ekstensi Kubernetes, dan mendapatkan operasi async ekstensi

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.KubernetesConfiguration/extensions/write Membuat atau memperbarui ekstensi sumber daya.
Microsoft.KubernetesConfiguration/extensions/read Mendapatkan sumber daya instans ekstensi.
Microsoft.KubernetesConfiguration/extensions/delete Menghapus sumber daya instans ekstensi.
Microsoft.KubernetesConfiguration/extensions/operations/read Membaca Status Operasi Async.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create, update, get, list and delete Kubernetes Extensions, and get extension async operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/85cb6faf-e071-4c9b-8136-154b5a04f717",
  "name": "85cb6faf-e071-4c9b-8136-154b5a04f717",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.KubernetesConfiguration/extensions/write",
        "Microsoft.KubernetesConfiguration/extensions/read",
        "Microsoft.KubernetesConfiguration/extensions/delete",
        "Microsoft.KubernetesConfiguration/extensions/operations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Kubernetes Extension Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Kontributor Aplikasi Terkelola

Mengizinkan pembuatan sumber daya aplikasi terkelola.

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.Solutions/aplikasi/*
Microsoft.Solutions/daftar/tindakan Daftar ke Solusi.
Microsoft.Resources/subscriptions/resourceGroups/*
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for creating managed application resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
  "name": "641177b8-a67a-45b9-a033-47bc880bb21e",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/*",
        "Microsoft.Solutions/register/action",
        "Microsoft.Resources/subscriptions/resourceGroups/*",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Operator Aplikasi Terkelola

Memungkinkan Anda membaca dan melakukan tindakan pada sumber daya Aplikasi Terkelola

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.Solutions/aplikasi/baca Mengambil daftar aplikasi.
Microsoft.Solutions/*/tindakan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and perform actions on Managed Application resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/read",
        "Microsoft.Solutions/*/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Aplikasi Terkelola

Memungkinkan Anda membaca sumber daya di aplikasi terkelola dan meminta akses JIT.

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Solutions/jitRequests/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read resources in a managed app and request JIT access.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Solutions/jitRequests/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Applications Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Peran Penghapusan penetapan Pendaftaran Layanan Terkelola

Peran Penghapusan Penetapan Pendaftaran Layanan Terkelola memungkinkan pengguna penyewa yang mengelola untuk menghapus penetapan pendaftaran yang ditetapkan kepada penyewa mereka. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.ManagedServices/registrationAssignments/baca Mengambil daftar penetapan pendaftaran Layanan Terkelola.
Microsoft.ManagedServices/registrationAssignments/hapus Hapus penetapan pendaftaran Layanan Terkelola.
Microsoft.ManagedServices/operationStatuses/baca Membaca status operasi untuk IP khusus.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
  "name": "91c1777a-f3dc-4fae-b103-61d183457e46",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedServices/registrationAssignments/read",
        "Microsoft.ManagedServices/registrationAssignments/delete",
        "Microsoft.ManagedServices/operationStatuses/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Services Registration assignment Delete Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Grup Manajemen

Peran Kontributor Grup Manajemen Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Management/managementGroups/hapus Hapus grup manajemen.
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.Management/managementGroups/langganan/hapus Membatalkan kait langganan dari grup manajemen.
Microsoft.Management/managementGroups/langganan/tulis Mengaitkan langganan yang sudah ada dengan grup manajemen.
Microsoft.Management/managementGroups/tulis Membuat atau memperbarui grup manajemen.
Microsoft.Management/managementGroups/langganan/baca Mencantumkan langganan di bawah grup manajemen yang diberikan.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Contributor Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/delete",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Management/managementGroups/subscriptions/delete",
        "Microsoft.Management/managementGroups/subscriptions/write",
        "Microsoft.Management/managementGroups/write",
        "Microsoft.Management/managementGroups/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Grup Manajemen

Peran Pembaca Grup Manajemen

Tindakan Deskripsi
Microsoft.Management/managementGroups/baca Grup manajemen daftar untuk pengguna yang diautentikasi.
Microsoft.Management/managementGroups/langganan/baca Mencantumkan langganan di bawah grup manajemen yang diberikan.
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
  "name": "ac63b705-f282-497d-ac71-919bf39d939d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Management/managementGroups/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Akun New Relic APM

Memungkinkan Anda mengelola akun dan aplikasi New Relic Application Performance Management, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
NewRelic.APM/akun/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
  "name": "5d28c62d-5b37-4476-8438-e587778df237",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "NewRelic.APM/accounts/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "New Relic APM Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Penulis Data Policy Insights (Pratinjau)

Memungkinkan akses baca ke kebijakan sumber daya dan akses tulis ke kejadian kebijakan komponen sumber daya. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/policyassignments/baca Dapatkan informasi tentang penetapan kebijakan.
Microsoft.Authorization/policydefinitions/baca Dapatkan informasi tentang definisi kebijakan.
Microsoft.Authorization/policyexemptions/baca Dapatkan informasi tentang pengecualian kebijakan.
Microsoft.Authorization/policysetdefinisi/baca Mendapatkan informasi tentang definisi kumpulan kebijakan.
Bukan Tindakan
Tidak ada
DataActions
Microsoft.PolicyInsights/checkDataPolicyCompliance/tindakan Periksa status kepatuhan komponen tertentu terhadap kebijakan data.
Microsoft.PolicyInsights/policyEvents/logDataEvents/tindakan Catat kejadian kebijakan komponen sumber daya.
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to resource policies and write access to resource component policy events.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/policyassignments/read",
        "Microsoft.Authorization/policydefinitions/read",
        "Microsoft.Authorization/policyexemptions/read",
        "Microsoft.Authorization/policysetdefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
        "Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Policy Insights Data Writer (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Permintaan Kuota

Baca dan buat permintaan kuota, dapatkan status permintaan kuota, dan buat tiket dukungan. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca Dapatkan batas layanan atau kuota sumber daya dan lokasi yang ditentukan saat ini
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/tulis Buat batas layanan atau kuota untuk sumber daya dan lokasi yang ditentukan
Microsoft.Kapasitas/resourceProviders/locations/serviceLimits/baca Dapatkan permintaan batas layanan untuk sumber daya dan lokasi yang ditentukan
Microsoft.Kapasitas/daftar/tindakan Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas.
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and create quota requests, get quota request status, and create support tickets.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125",
  "name": "0e5f05e5-9ab9-446b-b98d-1e2157c94125",
  "permissions": [
    {
      "actions": [
        "Microsoft.Capacity/resourceProviders/locations/serviceLimits/read",
        "Microsoft.Capacity/resourceProviders/locations/serviceLimits/write",
        "Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests/read",
        "Microsoft.Capacity/register/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Quota Request Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembeli Reservasi

Memungkinkan Anda membeli reservasi Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Resources/langganan/baca Mendapatkan daftar langganan.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Kapasitas/daftar/tindakan Mendaftarkan penyedia sumber daya Kapasitas dan memungkinkan pembuatan sumber daya Kapasitas.
Microsoft.Compute/daftar/tindakan Mendaftarkan Langganan dengan penyedia sumber Microsoft.Compute
Microsoft.SQL/daftar/tindakan Mendaftarkan langganan untuk penyedia sumber daya Microsoft SQL Database dan memungkinkan pembuatan Database Microsoft SQL.
Microsoft.Consumption/daftar/tindakan Daftar Konsumsi RP
Microsoft.Kapasitas/katalog/baca Baca katalog Reservasi
Microsoft.Authorization/roleAssignments/baca Mendapatkan informasi tentang penetapan peran.
Microsoft.Consumption/reservationRecommendations/baca Mencantumkan rekomendasi tunggal atau bersama untuk instans yang dipesan untuk langganan.
Microsoft.Support/supporttickets/tulis Memungkinkan membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you purchase reservations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689",
  "name": "f7b75c60-3036-4b75-91c3-6b41c27c1689",
  "permissions": [
    {
      "actions": [
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Capacity/register/action",
        "Microsoft.Compute/register/action",
        "Microsoft.SQL/register/action",
        "Microsoft.Consumption/register/action",
        "Microsoft.Capacity/catalogs/read",
        "Microsoft.Authorization/roleAssignments/read",
        "Microsoft.Consumption/reservationRecommendations/read",
        "Microsoft.Support/supporttickets/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reservation Purchaser",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Policy Sumber Daya

Pengguna dengan hak untuk membuat/mengubah kebijakan sumber daya, membuat tiket dukungan, dan membaca sumber daya/hierarki. Pelajari lebih lanjut

Tindakan Deskripsi
*/read Membaca sumber daya dari semua jenis, kecuali rahasia.
Microsoft.Authorization/policyassignments/* Membuat dan mengelola penetapan kebijakan
Microsoft.Authorization/policydefinitions/* Membuat dan mengelola definisi kebijakan
Microsoft.Authorization/policyexemptions/* Membuat dan mengelola pembebasan kebijakan
Microsoft.Authorization/policysetdefinitions/* Membuat dan mengelola rangkaian kebijakan
Microsoft.PolicyInsights/*
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
  "name": "36243c78-bf99-498c-9df9-86d9f8d28608",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/policyassignments/*",
        "Microsoft.Authorization/policydefinitions/*",
        "Microsoft.Authorization/policyexemptions/*",
        "Microsoft.Authorization/policysetdefinitions/*",
        "Microsoft.PolicyInsights/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Resource Policy Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Site Recovery

Memungkinkan Anda mengelola layanan Pemulihan Situs kecuali pembuatan kubah dan penugasan peran Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.RecoveryServices/locations/allocatedStamp/baca GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan AllocateStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/Vaults/sertifikat/tulis Operasi Perbarui Sertifikat Sumber Daya memperbarui sertifikat kredensial sumber daya/vault.
Microsoft.RecoveryServices/Vaults/extendedInformation/* Membuat dan mengelola info yang diperluas terkait dengan kubah
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/baca
Microsoft.RecoveryServices/Vaults/registeredIdentities/* Membuat dan mengelola identitas terdaftar
Microsoft.RecoveryServices/vaults/replicationAlertSettings/* Membuat atau Memperbarui pengaturan pemberitahuan replikasi
Microsoft.RecoveryServices/vaults/replicationEvents/baca Baca Acara apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/* Membuat dan mengelola susunan replikasi
Microsoft.RecoveryServices/vaults/replicationJobs/* Membuat dan mengelola pekerjaan replikasi
Microsoft.RecoveryServices/vaults/replicationPolicies/* Membuat dan mengelola kebijakan replikasi
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* Membuat dan mengelola rencana pemulihan
Microsoft.RecoveryServices/vaults/replicationVaultSettings/*
Microsoft.RecoveryServices/Vaults/storageConfig/* Membuat dan mengelola konfigurasi penyimpanan vault Layanan Pemulihan
Microsoft.RecoveryServices/Vaults/tokenInfo/baca
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/vaultTokens/baca Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* Baca pemberitahuan untuk kubah layanan Pemulihan
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.RecoveryServices/vaults/replicationOperationStatus/baca Baca Status Operasi Replikasi Kubah
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Site Recovery service except vault creation and role assignment",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/locations/allocateStamp/action",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/*",
        "Microsoft.RecoveryServices/vaults/replicationJobs/*",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/*",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
        "Microsoft.RecoveryServices/vaults/replicationVaultSettings/*",
        "Microsoft.RecoveryServices/Vaults/storageConfig/*",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operator Site Recovery

Memungkinkan Anda failover dan failback tetapi tidak melakukan operasi manajemen Pemulihan Situs lainnya Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Network/virtualNetworks/baca Dapatkan definisi jaringan virtual
Microsoft.RecoveryServices/locations/allocatedStamp/baca GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/lokasi/allocateStamp/tindakan AllocateStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/Vaults/extendedInformation/baca Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault?
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/baca
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca Baca Pengaturan Pemberitahuan apa pun
Microsoft.RecoveryServices/vaults/replicationEvents/baca Baca Acara apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/tindakan Memeriksa Konsistensi Susunan
Microsoft.RecoveryServices/vaults/replicationFabrics/baca Baca Susunan Apa Pun
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/tindakan Pisahkan Gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/tindakan Perbarui Sertifikat Susunan
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca Baca Jaringan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca Baca Pemetaan Jaringan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca Baca Kontainer Perlindungan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca Baca Item yang Dapat Diproteksi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/tindakan Terapkan Titik Pemulihan
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/tindakan Pelaksanaan Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/tindakan Failover terencana
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca Baca Item Terproteksi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca Baca Titik Pemulihan Replikasi apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/tindakan Perbaiki replikasi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/tindakan Proteksi Ulang Item terproteksi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/tindakan Alihkan Kontainer Perlindungan
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/tindakan Menguji Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/tindakan Uji Pembersihan Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/tindakan Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/tindakan Perbarui Layanan Mobilitas
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca Baca Pemetaan Kontainer Proteksi apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca Baca Penyedia Layanan Pemulihan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/tindakan Segarkan Penyedia
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca Baca Klasifikasi Penyimpanan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca Baca Pemetaan Klasifikasi Penyimpanan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca Baca vCenters apa pun
Microsoft.RecoveryServices/vaults/replicationJobs/* Membuat dan mengelola pekerjaan replikasi
Microsoft.RecoveryServices/vaults/replicationPolicies/baca Baca Kebijakan apa pun
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/tindakan Rencana Pemulihan Pelaksanaan Failover
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/tindakan Rencana Pemulihan Failover yang Direncanakan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca Baca Rencana Pemulihan apa pun
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/tindakan Lindungi Ulang Rencana Pemulihan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/tindakan Uji Rencana Pemulihan Failover
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/tindakan Uji Rencana Pemulihan Pembersihan Failover
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/t Rencana Pemulihan Failover
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read Membaca apa pun
Microsoft.RecoveryServices/Vaults/monitoringAlerts/* Baca pemberitahuan untuk kubah layanan Pemulihan
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca
Microsoft.RecoveryServices/Vaults/storageConfig/baca
Microsoft.RecoveryServices/Vaults/tokenInfo/baca
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/vaultTokens/baca Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah.
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Storage/storageAccounts/baca Mengembalikan daftar akun penyimpanan atau mendapatkan properti untuk akun penyimpanan tertentu.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you failover and failback but not perform other Site Recovery management operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
  "name": "494ae006-db33-4328-bf46-533a6560a3ca",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/locations/allocateStamp/action",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
        "Microsoft.RecoveryServices/vaults/replicationJobs/*",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/read",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.RecoveryServices/Vaults/storageConfig/read",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Site Recovery

Memungkinkan Anda melihat status Pemulihan Situs tetapi tidak melakukan operasi manajemen lainnya Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.RecoveryServices/locations/allocatedStamp/baca GetAllocatedStamp adalah operasi internal yang digunakan oleh layanan
Microsoft.RecoveryServices/Vaults/extendedInformation/baca Operasi Get Extended Info mendapatkan Info Tambahan objek yang mewakili sumber daya Azure jenis ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/baca Mendapatkan peringatan untuk vault Layanan pemulihan.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/baca
Microsoft.RecoveryServices/Vaults/baca Operasi Get Vault mendapatkan objek yang mewakili sumber daya Azure tipe 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/baca
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/baca Operasi Dapatkan Hasil Operasi dapat digunakan untuk mendapatkan hasil dan status operasi untuk operasi yang dikirimkan secara asinkron
Microsoft.RecoveryServices/Vaults/registeredIdentities/baca Operasi Dapatkan Kontainer dapat digunakan untuk mendapatkan kontainer yang terdaftar untuk sumber daya.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/baca Baca Pengaturan Pemberitahuan apa pun
Microsoft.RecoveryServices/vaults/replicationEvents/baca Baca Acara apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/baca Baca Susunan Apa Pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/baca Baca Jaringan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/baca Baca Pemetaan Jaringan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca Baca Kontainer Perlindungan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/baca Baca Item yang Dapat Diproteksi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/baca Baca Item Terproteksi
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/baca Baca Titik Pemulihan Replikasi apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/baca Baca Pemetaan Kontainer Proteksi apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/baca Baca Penyedia Layanan Pemulihan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/baca Baca Klasifikasi Penyimpanan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/baca Baca Pemetaan Klasifikasi Penyimpanan apa pun
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/baca Baca vCenters apa pun
Microsoft.RecoveryServices/vaults/replicationJobs/baca Baca Pekerjaan apa pun
Microsoft.RecoveryServices/vaults/replicationPolicies/baca Baca Kebijakan apa pun
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/baca Baca Rencana Pemulihan apa pun
Microsoft.RecoveryServices/vaults/replicationVaultSettings/read Membaca apa pun
Microsoft.RecoveryServices/Vaults/storageConfig/baca
Microsoft.RecoveryServices/Vaults/tokenInfo/baca
Microsoft.RecoveryServices/Vaults/penggunaan/baca Mengembalikan detail penggunaan untuk Vault Layanan Pemulihan.
Microsoft.RecoveryServices/Vaults/vaultTokens/baca Operasi Token Vault dapat digunakan untuk mendapatkan Token Vault untuk operasi backend tingkat kubah.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view Site Recovery status but not perform other management operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149",
  "name": "dbaa88c4-0c30-4179-9fb3-46319faa6149",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
        "Microsoft.RecoveryServices/vaults/replicationJobs/read",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/read",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
        "Microsoft.RecoveryServices/vaults/replicationVaultSettings/read",
        "Microsoft.RecoveryServices/Vaults/storageConfig/read",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Permintaan Dukungan

Memungkinkan Anda membuat dan mengelola permintaan Dukungan Pelajari selengkapnya

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create and manage Support requests",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
  "name": "cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Support Request Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Tag

Memungkinkan Anda mengelola tag pada entitas, tanpa memberikan akses ke entitas itu sendiri. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan sumber daya untuk grup sumber daya.
Microsoft.Resources/langganan/sumber daya/baca Mendapatkan sumber daya langganan.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Microsoft.Resources/tags/*
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage tags on entities, without providing access to the entities themselves.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
  "name": "4a9ae827-6dc8-4573-8ac7-8239d42aa03f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read",
        "Microsoft.Resources/subscriptions/resources/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/tags/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Tag Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Lainnya

Pemilik Data Azure Digital Twins

Peran akses penuh untuk data-plane Digital Twins Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DigitalTwins/eventroutes/* Membaca, menghapus, membuat, atau memperbarui Rute Acara apa pun
Microsoft.DigitalTwins/digitaltwins/* Membaca, membuat, memperbarui, atau menghapus Digital Twin apa pun
Microsoft.DigitalTwins/digitaltwins/perintah/* Panggil Perintah apa pun pada Digital Twin
Microsoft.DigitalTwins/digitaltwins/hubungan/* Membaca, membuat, memperbarui, atau menghapus Hubungan Digital Twin apa pun
Microsoft.DigitalTwins/model/* Membaca, membuat, memperbarui, atau menghapus Model apa pun
Microsoft.DigitalTwins/kueri/* Kueri Digital Twins Graph apa pun
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access role for Digital Twins data-plane",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe",
  "name": "bcd981a7-7f74-457b-83e1-cceb9e632ffe",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.DigitalTwins/eventroutes/*",
        "Microsoft.DigitalTwins/digitaltwins/*",
        "Microsoft.DigitalTwins/digitaltwins/commands/*",
        "Microsoft.DigitalTwins/digitaltwins/relationships/*",
        "Microsoft.DigitalTwins/models/*",
        "Microsoft.DigitalTwins/query/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Digital Twins Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Data Azure Digital Twins

Peran akses penuh untuk data-plane Digital Twins Pelajari lebih lanjut

Tindakan Deskripsi
Tidak ada
Bukan Tindakan
Tidak ada
DataActions
Microsoft.DigitalTwins/digitaltwins/baca Baca Digital Twin apa pun
Microsoft.DigitalTwins/digitaltwins/hubungan/baca Baca Hubungan Digital Twin apa pun
Microsoft.DigitalTwins/eventroutes/baca Baca Rute Acara apa pun
Microsoft.DigitalTwins/model/baca Baca Model apa pun
Microsoft.DigitalTwins/kueri/tindakan Kueri Digital Twins Graph apa pun
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only role for Digital Twins data-plane properties",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3",
  "name": "d57506d4-4c8d-48b1-8587-93c323f6a5a3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.DigitalTwins/digitaltwins/read",
        "Microsoft.DigitalTwins/digitaltwins/relationships/read",
        "Microsoft.DigitalTwins/eventroutes/read",
        "Microsoft.DigitalTwins/models/read",
        "Microsoft.DigitalTwins/query/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Digital Twins Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor BizTalk

Memungkinkan Anda mengelola layanan BizTalk, tetapi tidak dapat mengaksesnya.

Tindakan Deskripsi
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.BizTalkServices/BizTalk/* Membuat dan mengelola layanan BizTalk
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.ResourceHealth/availabilityStatuses/baca Mendapatkan status ketersediaan untuk semua sumber daya dalam lingkup yang ditentukan
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage BizTalk services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342",
  "name": "5e3c6656-6cfa-4708-81fe-0de47ac73342",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BizTalkServices/BizTalk/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "BizTalk Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Kontributor Grup Aplikasi Desktop Virtualization

Kontributor Grup Aplikasi Virtualisasi Desktop. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.DesktopVirtualization/applicationgroups/*
Microsoft.DesktopVirtualization/hostpools/baca Baca hostpool
Microsoft.DesktopVirtualization/hostpools/sessionhosts/baca Baca hostpools/sessionhosts
Microsoft.Resources/langganan/resourceGroups/baca Mendapatkan atau mencantumkan grup sumber daya.
Microsoft.Resources/penyebaran/* Membuat dan mengelola penyebaran
Microsoft.Authorization/*/baca Membaca peran dan penetapan peran
Microsoft.Insights/alertRules/* Membuat dan mengelola pemberitahuan metrik klasik
Microsoft.Support/* Membuat dan memperbarui tiket dukungan
Bukan Tindakan
Tidak ada
DataActions
Tidak ada
NotDataActions
Tidak ada
{
  "assignableScopes": [
    "/"
  ],
  "description": "Contributor of the Desktop Virtualization Application Group.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8",
  "name": "86240b0e-9422-4c43-887b-b61143f32ba8",
  "permissions": [
    {
      "actions": [
        "Microsoft.DesktopVirtualization/applicationgroups/*",
        "Microsoft.DesktopVirtualization/hostpools/read",
        "Microsoft.DesktopVirtualization/hostpools/sessionhosts/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Desktop Virtualization Application Group Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Pembaca Grup Aplikasi Desktop Virtualization

Pembaca Grup Aplikasi Virtualisasi Desktop. Pelajari lebih lanjut

Tindakan Deskripsi
Microsoft.DesktopVirtualization/applicationgroups/*/baca
Microsoft.DesktopVirtualization/applicationgroups/baca Baca applicationgroups
Microsoft.DesktopVirtualization/hostpools/baca Baca hostpool