Azure 組み込みロールAzure built-in roles

Azure ロールベースのアクセス制御 (Azure RBAC) には、ユーザー、グループ、サービス プリンシパル、マネージド ID に割り当てることのできる Azure 組み込みロールがいくつかあります。Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. ロールの割り当ては、Azure リソースへのアクセスを制御する方法です。Role assignments are the way you control access to Azure resources. 組み込みロールが組織の特定のニーズを満たさない場合は、独自の Azure カスタム ロールを作成することができます。If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

この記事では、常に進化している Azure 組み込みロールが一覧表示されています。This article lists the Azure built-in roles, which are always evolving. 最新のロールを取得するには、Get-AzRoleDefinition または az role definition list を使用してください。To get the latest roles, use Get-AzRoleDefinition or az role definition list. Azure Active Directory (Azure AD) の管理者ロールについては、「Azure Active Directory での管理者ロールのアクセス許可」を参照してください。If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

次の表に、各組み込みロールの簡単な説明と一意の ID を示します。The following table provides a brief description and the unique ID of each built-in role. ロール名をクリックすると、各ロールの ActionsNotActionsDataActionsNotDataActions の一覧が表示されます。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. これらのアクションの意味と、管理とデータ プレーンへの適用方法については、「Azure ロールの定義について」を参照してください。For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

AllAll

組み込みのロールBuilt-in role 説明Description idID
全般General
ContributorContributor すべてのリソースを管理するためのフル アクセスを付与しますが、Azure RBAC でのロールの割り当ては許可されません。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
所有者Owner Azure RBAC でロールを割り当てる権限を含め、すべてのリソースを管理するためのフル アクセスを付与します。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
ReaderReader すべてのリソースを表示しますが、変更を加えることはできません。View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
User Access AdministratorUser Access Administrator Azure リソースに対するユーザー アクセスを管理します。Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
ComputeCompute
Classic Virtual Machine ContributorClassic Virtual Machine Contributor 従来の仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
Virtual Machine Administrator LoginVirtual Machine Administrator Login ポータルで仮想マシンを表示し、管理者としてログインしますView Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Virtual Machine ContributorVirtual Machine Contributor 仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Virtual Machine User LoginVirtual Machine User Login ポータルで仮想マシンを表示し、通常のユーザーとしてログインします。View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
ネットワークNetworking
CDN Endpoint ContributorCDN Endpoint Contributor CDN エンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN Endpoint ReaderCDN Endpoint Reader CDN エンドポイントを表示できますが、変更はできません。Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
CDN Profile ContributorCDN Profile Contributor CDN プロファイルとそのエンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN Profile ReaderCDN Profile Reader CDN プロファイルとそのエンドポイントを表示できますが、変更はできません。Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Classic Network ContributorClassic Network Contributor 従来のネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
DNS Zone ContributorDNS Zone Contributor Azure DNS の DNS ゾーンとレコード セットを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Network ContributorNetwork Contributor ネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
プライベート DNS ゾーンの共同作成者Private DNS Zone Contributor プライベート DNS ゾーンのリソースを管理できますが、リンク先の仮想ネットワークを管理することはできません。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Traffic Manager ContributorTraffic Manager Contributor Traffic Manager プロファイルを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Avere 共同作成者Avere Contributor Avere vFXT クラスターを作成および管理できます。Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere オペレーターAvere Operator クラスターを管理するために Avere vFXT クラスターによって使用されますUsed by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Backup ContributorBackup Contributor バックアップ サービスを管理できますが、資格情報コンテナーの作成や他のユーザーに対するアクセス権の付与を行うことはできませんLets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Backup OperatorBackup Operator バックアップ サービスを管理できます (バックアップの削除、資格情報コンテナーの作成、他のユーザーに対するアクセス権の付与を除く)Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Backup ReaderBackup Reader バックアップ サービスを表示できますが、変更を行うことはできませんCan view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Classic Storage Account ContributorClassic Storage Account Contributor 従来のストレージ アカウントを管理できますが、アクセスすることはできません。Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
従来のストレージ アカウント キー オペレーターのサービス ロールClassic Storage Account Key Operator Service Role 従来のストレージ アカウント キー オペレーターは、従来のストレージ アカウントでのキーの一覧表示と再生成を行うことができますClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Data Box ContributorData Box Contributor Data Box サービスですべてを管理できます (他のユーザーに対するアクセス権の付与を除く)。Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Data Box 閲覧者Data Box Reader Data Box サービスを管理できます (注文の作成または注文の詳細の編集、および他のユーザーに対するアクセス権の付与を除く)。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Data Lake Analytics DeveloperData Lake Analytics Developer 独自のジョブを送信、監視、管理できますが、Data Lake Analytics アカウントを作成または削除することはできません。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Reader and Data AccessReader and Data Access すべてを表示することができますが、ストレージ アカウントや含まれるリソースの削除や作成はできません。Lets you view everything but will not let you delete or create a storage account or contained resource. ストレージ アカウント キーへのアクセスを使用して、ストレージ アカウントに含まれるすべてのデータへの読み取り/書き込みアクセスも許可されます。It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Storage Account ContributorStorage Account Contributor ストレージ アカウントの管理を許可します。Permits management of storage accounts. アカウント キーへのアクセスを提供します。これを使用して、共有キー認証を使用してデータにアクセスすることができます。Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
ストレージ アカウント キー オペレーターのサービス ロールStorage Account Key Operator Service Role ストレージ アカウント アクセス キーを一覧表示および再生成できます。Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
ストレージ BLOB データ共同作成者Storage Blob Data Contributor Azure Storage コンテナーと BLOB の読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
ストレージ BLOB データ所有者Storage Blob Data Owner Azure Storage Blob コンテナーとデータに対するフル アクセス (POSIX アクセスの制御の割り当てを含む) を提供します。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
ストレージ BLOB データ閲覧者Storage Blob Data Reader Azure Storage コンテナーと BLOB の読み取りと一覧表示を行います。Read and list Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Storage Blob デリゲータStorage Blob Delegator Azure AD 資格情報で署名されたコンテナーまたは BLOB 用の共有アクセス署名を作成するために使用できるユーザー委任キーを取得します。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 詳細については、「ユーザー委任 SAS を作成する」を参照してください。For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
記憶域ファイル データの SMB 共有の共同作成者Storage File Data SMB Share Contributor Azure ファイル共有のファイルまたはディレクトリに対する読み取り、書き込み、削除のアクセス権を許可します。Allows for read, write, and delete access on files/directories in Azure file shares. このロールに相当する機能は Windows ファイル サーバーに組み込まれていません。This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
記憶域ファイル データの SMB 共有の管理者特権共同作成者Storage File Data SMB Share Elevated Contributor Azure ファイル共有のファイルまたはディレクトリに対する ACL の読み取り、書き込み、削除、変更を許可します。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の変更に相当します。This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
ストレージ ファイル データの SMB 共有の閲覧者Storage File Data SMB Share Reader Azure ファイル共有のファイルまたはディレクトリに対する読み取りアクセスを許可します。Allows for read access on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の読み取りに相当します。This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
ストレージ キュー データ共同作成者共同作成者Storage Queue Data Contributor Azure Storage キューおよびキュー メッセージの読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
ストレージ キュー データのメッセージ プロセッサStorage Queue Data Message Processor Azure Storage キューからのメッセージのピーク、取得、削除を行います。Peek, retrieve, and delete a message from an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
ストレージ キュー データ メッセージ送信者Storage Queue Data Message Sender Azure Storage キューにメッセージを追加します。Add messages to an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
ストレージ キュー データ閲覧者Storage Queue Data Reader Azure Storage キューおよびキュー メッセージの読み取りと一覧表示を行います。Read and list Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Azure Maps データ閲覧者Azure Maps Data Reader Azure Maps アカウントからマップ関連データを読み取るためのアクセス権を付与します。Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Search Service ContributorSearch Service Contributor Search サービスを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Web Plan ContributorWeb Plan Contributor Web サイトの Web プランを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Website ContributorWebsite Contributor Web サイト (Web プランではない) を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContainersContainers
AcrDeleteAcrDelete acr の削除acr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner ACR イメージ署名者acr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull acr のプルacr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush acr のプッシュacr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader ACR 検査データ閲覧者acr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter ACR 検査データ作成者acr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Azure Kubernetes Service クラスター管理者ロールAzure Kubernetes Service Cluster Admin Role クラスター管理者の資格情報アクションを一覧表示します。List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Azure Kubernetes Service クラスター ユーザー ロールAzure Kubernetes Service Cluster User Role クラスター ユーザーの資格情報アクションを一覧表示します。List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Azure Kubernetes Service 共同作成者ロールAzure Kubernetes Service Contributor Role Azure Kubernetes Service クラスターへの読み取りおよび書き込みアクセスを許可します。Grants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes Service RBAC 管理者Azure Kubernetes Service RBAC Admin リソース クォータと名前空間の更新または削除を除き、クラスターおよび名前空間のすべてのリソースを管理できます。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Azure Kubernetes Service RBAC クラスター管理者Azure Kubernetes Service RBAC Cluster Admin クラスター内のすべてのリソースを管理できます。Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Azure Kubernetes Service RBAC 閲覧者Azure Kubernetes Service RBAC Reader クラスターおよび名前空間内のすべてのリソース (シークレットを除く) を表示できます。Lets you view all resources in cluster/namespace, except secrets. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Azure Kubernetes Service RBAC ライターAzure Kubernetes Service RBAC Writer リソース クォータ、名前空間、ポッド セキュリティ ポリシー、証明書署名要求、(クラスター) ロール、(クラスター) ロール バインドを除く、クラスターおよび名前空間のすべてを更新できます。Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
データベースDatabases
Cosmos DB アカウントの閲覧者ロールCosmos DB Account Reader Role Cosmos DB アカウントのデータを読み取ることができます。Can read Azure Cosmos DB account data. Azure Cosmos DB アカウントの管理については、「DocumentDB Account Contributor」をご覧ください。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB オペレーターCosmos DB Operator Azure Cosmos DB アカウントを管理することができます。ただし、アカウント内のデータにはアクセスできません。Lets you manage Azure Cosmos DB accounts, but not access data in them. アカウント キーと接続文字列へのアクセスは禁止されます。Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Cosmos DB データベースまたはアカウントのコンテナーの復元要求を送信できますCan submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
DocumentDB Account ContributorDocumentDB Account Contributor Azure Cosmos DB アカウントを管理できます。Can manage Azure Cosmos DB accounts. Azure Cosmos DB は以前は DocumentDB と呼ばれていました。Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Redis Cache ContributorRedis Cache Contributor Redis Caches を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
SQL DB ContributorSQL DB Contributor SQL データベースを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage SQL databases, but not access to them. また、セキュリティ関連のポリシーまたは親 SQL Server を管理することはできません。Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
SQL マネージド インスタンス共同作成者SQL Managed Instance Contributor SQL マネージド インスタンスと必要なネットワーク構成を管理することができますが、他のユーザーにアクセス権を付与することはできません。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL Security ManagerSQL Security Manager SQL サーバーとデータベースのセキュリティ関連のポリシーを管理できます。ただし、それらへのアクセスは管理できません。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
SQL Server ContributorSQL Server Contributor SQL サーバーとデータベースを管理できます。ただし、それらへのアクセスや、それらのセキュリティ関連ポリシーは管理できません。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyticsAnalytics
Azure Event Hubs データ所有者Azure Event Hubs Data Owner Azure Event Hubs リソースへのフル アクセスを許可します。Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure Event Hubs データ受信者Azure Event Hubs Data Receiver Azure Event Hubs リソースへの受信アクセスを許可します。Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure Event Hubs データ送信者Azure Event Hubs Data Sender Azure Event Hubs リソースへの送信アクセスを許可します。Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Data Factory ContributorData Factory Contributor データ ファクトリまたデータ ファクトリ内の子リソースを作成し管理します。Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Data PurgerData Purger 分析データを削除することができます。Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
HDInsight クラスター オペレーターHDInsight Cluster Operator HDInsight クラスター構成の読み取りと変更を実行できます。Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
HDInsight ドメイン サービス共同作成者HDInsight Domain Services Contributor HDInsight Enterprise セキュリティ パッケージに必要なドメイン サービス関連の操作の読み取り、作成、変更、削除を行うことができます。Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Log Analytics ContributorLog Analytics Contributor Log Analytics 共同作成者は、すべての監視データを読み取り、監視設定を編集できます。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 監視設定の編集には、VM 拡張機能の VM への追加、Azure Storage からログの収集を設定できるようにするためのストレージ アカウント キーの読み取り、Automation アカウントの作成と構成、ソリューションの追加、すべての Azure リソースでの Azure Diagnostics の構成が含まれます。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics ReaderLog Analytics Reader Log Analytics Reader は、すべての監視データの表示と検索、およびすべての Azure リソース上の Azure Diagnostics 構成の表示など、監視設定の表示を行うことができます。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
Schema Registry Contributor (プレビュー)Schema Registry Contributor (Preview) Schema Registry グループおよびスキーマの読み取り、書き込み、および削除を行います。Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
Schema Registry Reader (プレビュー)Schema Registry Reader (Preview) Schema Registry グループおよびスキーマの読み取りと一覧表示を行います。Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
ブロックチェーンBlockchain
ブロックチェーン メンバー ノードへのアクセス (プレビュー)Blockchain Member Node Access (Preview) ブロックチェーン メンバー ノードにアクセスできるようにしますAllows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
AI + 機械学習AI + machine learning
Cognitive Services 共同作成者Cognitive Services Contributor Cognitive Services のキーの作成、読み取り、更新、削除、管理を行うことができます。Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Cognitive Services データ閲覧者 (プレビュー)Cognitive Services Data Reader (Preview) Cognitive Services データを読み取ります。Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Cognitive Services ユーザーCognitive Services User Cognitive Services のキーの読み取りおよび一覧表示を行うことができます。Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
複合現実Mixed reality
Remote Rendering 管理者Remote Rendering Administrator ユーザーに、Azure Remote Rendering での変換、セッション管理、レンダリング、および診断の機能を提供します。Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Remote Rendering クライアントRemote Rendering Client ユーザーに、Azure Remote Rendering でのセッション管理、レンダリング、および診断の機能を提供します。Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Spatial Anchors アカウント共同作成者Spatial Anchors Account Contributor アカウントで Spatial Anchors を管理します (削除は含まない)Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Spatial Anchors アカウント所有者Spatial Anchors Account Owner アカウントで Spatial Anchors を管理します (削除も含む)Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Spatial Anchors アカウント閲覧者Spatial Anchors Account Reader アカウントで Spatial Anchors のプロパティを検索して読み取りますLets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
統合Integration
API Management Service ContributorAPI Management Service Contributor サービスと API を管理できますCan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
API Management Service Operator RoleAPI Management Service Operator Role サービスを管理できますが、API は対象外ですCan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
API Management Service Reader RoleAPI Management Service Reader Role サービスと API への読み取り専用アクセスですRead-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
App Configuration データ所有者App Configuration Data Owner App Configuration データへのフル アクセスを許可します。Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
App Configuration データ閲覧者App Configuration Data Reader App Configuration データへの読み取りアクセスを許可します。Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Azure Service Bus データ所有者Azure Service Bus Data Owner Azure Service Bus リソースへのフル アクセスを許可します。Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure Service Bus データ受信者Azure Service Bus Data Receiver Azure Service Bus リソースへの受信アクセスを許可します。Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure Service Bus データ送信者Azure Service Bus Data Sender Azure Service Bus リソースへの送信アクセスを許可します。Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Azure Stack Registration OwnerAzure Stack Registration Owner Azure Stack の登録を管理できます。Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
EventGrid EventSubscription 共同作成者EventGrid EventSubscription Contributor EventGrid のイベント サブスクリプション操作を管理できます。Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription 閲覧者EventGrid EventSubscription Reader EventGrid のイベント サブスクリプションを読み取ることができます。Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
FHIR データ共同作成者FHIR Data Contributor ユーザーまたはプリンシパルに FHIR データへのフル アクセスを許可するロールRole allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
FHIR データ エクスポーターFHIR Data Exporter ユーザーまたはプリンシパルに FHIR データの読み取りとエクスポートを許可するロールRole allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
FHIR データ リーダーFHIR Data Reader ユーザーまたはプリンシパルに FHIR データの読み取りを許可するロールRole allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
FHIR データ ライターFHIR Data Writer ユーザーまたはプリンシパルに FHIR データの読み取りと書き込みを許可するロールRole allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
統合サービス環境の共同作成者Integration Service Environment Contributor 統合サービス環境を管理できますが、それらにアクセスすることはできません。Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
統合サービス環境の開発者Integration Service Environment Developer 開発者が統合サービス環境でワークフロー、統合アカウント、および API 接続を作成および更新することを許可します。Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Intelligent Systems Account ContributorIntelligent Systems Account Contributor Intelligent Systems のアカウントを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Logic App ContributorLogic App Contributor ロジック アプリを管理できますが、アクセス権を変更することはできません。Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Logic App OperatorLogic App Operator ロジック アプリの読み取り、有効化、無効化ができますが、編集または更新はできません。Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IDIdentity
Managed Identity ContributorManaged Identity Contributor ユーザー割り当て ID の作成、読み取り、更新、削除を行いますCreate, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Managed Identity OperatorManaged Identity Operator ユーザー割り当て ID の読み取りと割り当てを行いますRead and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SecuritySecurity
Azure Sentinel 共同作成者Azure Sentinel Contributor Azure Sentinel 共同作成者Azure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel 閲覧者Azure Sentinel Reader Azure Sentinel 閲覧者Azure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel レスポンダーAzure Sentinel Responder Azure Sentinel レスポンダーAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Key Vault Administrator (プレビュー)Key Vault Administrator (preview) キー コンテナーとその内部にあるすべてのオブジェクト (証明書、キー、シークレットを含む) に対して、すべてのデータ プレーン操作を実行します。Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. キー コンテナー リソースの管理やロール割り当ての管理はできません。Cannot manage key vault resources or manage role assignments. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Key Vault Certificates Officer (プレビュー)Key Vault Certificates Officer (preview) キーコンテナーの証明書に対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the certificates of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Key Vault ContributorKey Vault Contributor キー コンテナーを管理しますが、Azure RBAC でのロール割り当ては許可されず、シークレット、キー、証明書へのアクセスも許可されません。Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Key Vault Crypto Officer (プレビュー)Key Vault Crypto Officer (preview) キーコンテナーのキーに対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the keys of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Key Vault Crypto Service Encryption (プレビュー)Key Vault Crypto Service Encryption (preview) キーのメタデータを読み取り、wrap および unwrap 操作を実行します。Read metadata of keys and perform wrap/unwrap operations. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Key Vault Crypto User (プレビュー)Key Vault Crypto User (preview) キーを使用した暗号化操作を実行します。Perform cryptographic operations using keys. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Key Vault Reader (プレビュー)Key Vault Reader (preview) キー コンテナーとその証明書、キー、シークレットのメタデータを読み取ります。Read metadata of key vaults and its certificates, keys, and secrets. シークレット コンテンツやキー マテリアルなどの機密値を読み取ることはできません。Cannot read sensitive values such as secret contents or key material. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Key Vault Secrets Officer (プレビュー)Key Vault Secrets Officer (preview) キーコンテナーのシークレットに対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the secrets of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Key Vault Secrets User (プレビュー)Key Vault Secrets User (preview) シークレット コンテンツを読み取ります。Read secret contents. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
Security AdminSecurity Admin Security Center の表示および更新のアクセス許可。View and update permissions for Security Center. セキュリティ閲覧者と同じアクセス許可があり、セキュリティ ポリシーの更新、アラートと推奨事項の無視も可能になります。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Security Assessment ContributorSecurity Assessment Contributor 評価を Security Center にプッシュできますLets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
セキュリティ マネージャー (レガシ)Security Manager (Legacy) これは、レガシ ロールです。This is a legacy role. 代わりに Security Admin を使用してください。Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Security ReaderSecurity Reader Security Center の表示アクセス許可。View permissions for Security Center. 推奨事項、警告、セキュリティ ポリシー、セキュリティの状態を閲覧できますが、変更することはできません。Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
DevTest Labs UserDevTest Labs User Azure DevTest Labs で仮想マシンの接続、起動、再起動、シャットダウンができます。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Lab CreatorLab Creator Azure ラボ アカウントに新しいラボを作成できます。Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
監視Monitor
Application Insights Component ContributorApplication Insights Component Contributor Application Insights コンポーネントを管理できますCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights Snapshot DebuggerApplication Insights Snapshot Debugger Application Insights スナップショット デバッガーで収集されたデバック スナップショットの表示とダウンロードを実行できるアクセス許可をユーザーに与えます。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. これらのアクセス許可は、所有者ロールまたは共同作成者ロールには含まれないことに注意してください。Note that these permissions are not included in the Owner or Contributor roles. ユーザーに Application Insights スナップショット デバッガー ロールを与える場合は、そのロールをユーザーに直接付与する必要があります。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. このロールは、カスタム ロールに追加されるときに認識されません。The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Monitoring ContributorMonitoring Contributor すべての監視データを読み取り、監視設定を編集できます。Can read all monitoring data and edit monitoring settings. 「Azure Monitor での役割、アクセス許可、およびセキュリティの概要」も参照してください。See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
監視メトリック パブリッシャーMonitoring Metrics Publisher Azure リソースに対するメトリックの公開を有効にしますEnables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Monitoring ReaderMonitoring Reader すべての監視データ (メトリック、ログなど) を読み取ることができます。Can read all monitoring data (metrics, logs, etc.). 「Azure Monitor での役割、アクセス許可、およびセキュリティの概要」も参照してください。See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
Workbook ContributorWorkbook Contributor 共有ブックを保存できます。Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
Workbook ReaderWorkbook Reader ブックの読み取りが可能です。Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
管理 + ガバナンスManagement + governance
Automation Job OperatorAutomation Job Operator Automation Runbook を使用してジョブを作成および管理します。Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Automation OperatorAutomation Operator Automation オペレーターはジョブを開始、停止、中断、再開することができますAutomation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Automation Runbook OperatorAutomation Runbook Operator Runbook のジョブを作成する方法については、Runbook のプロパティを参照してください。Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Azure Connected Machine のオンボードAzure Connected Machine Onboarding Azure Connected Machine をオンボードできます。Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Azure Connected Machine のリソース管理者Azure Connected Machine Resource Administrator Azure Connected Machine の読み取り、書き込み、削除、再オンボードを実行できます。Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
Billing ReaderBilling Reader 課金データへの読み取りアクセスを許可しますAllows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
ブループリント共同作成者Blueprint Contributor ブループリントの定義を管理できますが、それらを割り当てることはできません。Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
ブループリント オペレーターBlueprint Operator 既存の発行済みのブループリントを割り当てることはできますが、ブループリントの新規作成はできません。Can assign existing published blueprints, but cannot create new blueprints. これは、ユーザーが割り当てたマネージド ID を使用して割り当てが行われた場合にのみ機能することに注意してください。Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Cost Management 共同作成者Cost Management Contributor コストを表示し、コストの構成 (予算、エクスポートなど) を管理することができます。Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Cost Management 閲覧者Cost Management Reader コストのデータと構成 (予算、エクスポートなど) を表示することができます。Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Hierarchy Settings AdministratorHierarchy Settings Administrator ユーザーに、階層設定の編集と削除を許可しますAllows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Kubernetes クラスター - Azure Arc のオンボードKubernetes Cluster - Azure Arc Onboarding connectedClusters リソースを作成するため、あらゆるユーザーまたはサービスを承認するロール定義Role definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
Managed Application Contributor RoleManaged Application Contributor Role マネージド アプリケーション リソースの作成を許可します。Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Managed Application Operator RoleManaged Application Operator Role マネージド アプリケーション リソースに対する読み取りとアクションの実行が可能です。Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Managed Applications 閲覧者Managed Applications Reader マネージド アプリおよび要求 JIT アクセスでリソースを読み取ることができます。Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
マネージド サービスの登録割り当て削除ロールManaged Services Registration assignment Delete Role マネージド サービスの登録割り当て削除ロールを使用すると、テナント管理ユーザーは、テナントに割り当てられている登録割り当てを削除できます。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
管理グループ共同作成者Management Group Contributor 管理グループ共同作成者ロールManagement Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
管理グループ閲覧者Management Group Reader 管理グループ閲覧者ロールManagement Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
New Relic APM Account ContributorNew Relic APM Account Contributor New Relic Application Performance Management のアカウントとアプリケーションを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Policy Insights データ ライター (プレビュー)Policy Insights Data Writer (Preview) リソース ポリシーに対する読み取りアクセスとリソース コンポーネント ポリシー イベントへの書き込みアクセスを許可します。Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
リソース ポリシーの共同作成者Resource Policy Contributor リソース ポリシーの作成または変更、サポート チケットの作成、リソースまたは階層の読み取りを行う権限を持つユーザー。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Site Recovery ContributorSite Recovery Contributor 資格情報コンテナーの作成とロールの割り当てを除く、Site Recovery サービスを管理できますLets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery OperatorSite Recovery Operator フェールオーバーとフェールバックを実行できますが、その他の Site Recovery 管理操作は実行しませんLets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery ReaderSite Recovery Reader Site Recovery の状態を表示できますが、その他の管理操作は実行できませんLets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Support Request ContributorSupport Request Contributor Support request を作成して管理できますLets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
タグ共同作成者Tag Contributor エンティティ自体へのアクセスを提供することなく、エンティティのタグを管理できます。Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
その他Other
BizTalk ContributorBizTalk Contributor BizTalk Services を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
デスクトップ仮想化ユーザーDesktop Virtualization User ユーザーにアプリケーション グループ内のアプリケーションを使用することを許可します。Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Scheduler Job Collections ContributorScheduler Job Collections Contributor スケジューラ ジョブ コレクションを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94

全般General

ContributorContributor

すべてのリソースを管理するためのフル アクセスを付与しますが、Azure RBAC でのロールの割り当ては許可されません。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. 詳細情報Learn more

アクションActions 説明Description
* あらゆる種類のリソースの作成と管理Create and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete ロール、ポリシーの割り当て、ポリシーの定義、ポリシー セットの定義を削除します。Delete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write ロール、ロールの割り当て、ポリシーの割り当て、ポリシーの定義、ポリシー セットの定義を作成します。Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action テナント スコープで、ユーザー アクセス管理者のアクセス権を呼び出し元に付与します。Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 任意のブループリント割り当てを作成または更新しますCreate or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 任意のブループリント割り当てを削除しますDelete any blueprint assignments
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

所有者Owner

Azure RBAC でロールを割り当てる権限を含め、すべてのリソースを管理するためのフル アクセスを付与します。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 詳細情報Learn more

アクションActions 説明Description
* あらゆる種類のリソースの作成と管理Create and manage resources of all types
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ReaderReader

すべてのリソースを表示しますが、変更を加えることはできません。View all resources, but does not allow you to make any changes. 詳細情報Learn more

アクションActions 説明Description
*/read*/read 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

User Access AdministratorUser Access Administrator

Azure リソースに対するユーザー アクセスを管理します。Lets you manage user access to Azure resources. 詳細情報Learn more

アクションActions 説明Description
*/read*/read 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* 承認の管理Manage authorization
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ComputeCompute

Classic Virtual Machine ContributorClassic Virtual Machine Contributor

従来の仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 従来のコンピューティング ドメイン名の作成と管理Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 仮想マシンの作成と管理Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 予約済み IP をリンクします。Link a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 予約済み IP を取得します。Gets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 仮想ネットワークに参加します。Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 仮想ネットワークを取得します。Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read ストレージ アカウント ディスクを返します。Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read ストレージ アカウント イメージを返します。Returns the storage account image. (非推奨になりました。(Deprecated. 'Microsoft.ClassicStorage/storageAccounts/vmImages' を使用してください。)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 特定のアカウントのストレージ アカウントを返します。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Virtual Machine Administrator LoginVirtual Machine Administrator Login

ポータルで仮想マシンを表示し、管理者としてログインします。詳細View Virtual Machines in the portal and login as administrator Learn more

アクションActions 説明Description
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read パブリック IP アドレス定義を取得します。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read ロード バランサー定義を取得します。Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read ネットワーク インターフェイスの定義を取得します。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 仮想マシンに通常のユーザーとしてログインします。Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action Windows 管理者または Linux のルート ユーザーの権限で仮想マシンにログインします。Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Virtual Machine ContributorVirtual Machine Contributor

仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* コンピューティング可用性セットの作成と管理Create and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* コンピューティングの場所の作成と管理Create and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* 仮想マシンの作成、更新、削除、起動、再起動、電源オフを含む、すべての仮想マシン操作を実行します。Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. 仮想マシンで定義済みのスクリプトを実行します。Execute predefined scripts on virtual machines.
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 仮想マシン スケールセットの作成と管理Create and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write 新しいディスクを作成するか、既存のディスクを更新します。Creates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read ディスクのプロパティを取得します。Get the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete ディスクを削除します。Deletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action アプリケーション ゲートウェイのバックエンド アドレス プールを接続します。Joins an application gateway backend address pool. 警告不可能です。Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action ロード バランサーのバックエンド アドレス プールを接続します。Joins a load balancer backend address pool. 警告不可能です。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action ロード バランサーの受信 NAT プールを接続します。Joins a load balancer inbound NAT pool. 警告不可能です。Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action ロード バランサーのインバウンド NAT 規則を接続します。Joins a load balancer inbound nat rule. 警告不可能です。Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action ロード バランサーのプローブの使用を許可します。Allows using probes of a load balancer. たとえば、このアクセス許可では、VM スケール セットの healthProbe プロパティでプローブを参照できます。For example, with this permission healthProbe property of VM scale set can reference the probe. 警告不可能です。Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read ロード バランサー定義を取得します。Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* ネットワークの場所の作成と管理Create and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* ネットワーク インターフェイスの作成と管理Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read ネットワーク セキュリティ グループの定義を取得します。Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action パブリック IP アドレスに接続します。Joins a public ip address. 警告不可能です。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read パブリック IP アドレス定義を取得します。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write バックアップの保護インテントを作成しますCreate a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write バックアップ保護項目を作成します。Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read すべての保護ポリシーを返します。Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 保護ポリシーを作成します。Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write "コンテナーの作成" 操作では、"コンテナー" 型の Azure リソースを作成します。Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Virtual Machine User LoginVirtual Machine User Login

ポータルで仮想マシンを表示し、通常のユーザーとしてログインします。View Virtual Machines in the portal and login as a regular user. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read パブリック IP アドレス定義を取得します。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read ロード バランサー定義を取得します。Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read ネットワーク インターフェイスの定義を取得します。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 仮想マシンに通常のユーザーとしてログインします。Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ネットワークNetworking

CDN Endpoint ContributorCDN Endpoint Contributor

CDN エンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN endpoints, but can't grant access to other users.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN Endpoint ReaderCDN Endpoint Reader

CDN エンドポイントを表示できますが、変更はできません。Can view CDN endpoints, but can't make changes.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN Profile ContributorCDN Profile Contributor

CDN プロファイルとそのエンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN profiles and their endpoints, but can't grant access to other users. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN Profile ReaderCDN Profile Reader

CDN プロファイルとそのエンドポイントを表示できますが、変更はできません。Can view CDN profiles and their endpoints, but can't make changes.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Classic Network ContributorClassic Network Contributor

従来のネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage classic networks, but not access to them. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* 従来のネットワークの作成と管理Create and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DNS Zone ContributorDNS Zone Contributor

Azure DNS の DNS ゾーンとレコード セットを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* DNS ゾーンとレコードの作成と管理Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Network ContributorNetwork Contributor

ネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage networks, but not access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* ネットワークの作成と管理Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

プライベート DNS ゾーンの共同作成者Private DNS Zone Contributor

プライベート DNS ゾーンのリソースを管理できますが、リンク先の仮想ネットワークを管理することはできません。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable.
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Traffic Manager ContributorTraffic Manager Contributor

Traffic Manager プロファイルを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージStorage

Avere 共同作成者Avere Contributor

Avere vFXT クラスターを作成および管理できます。Can create and manage an Avere vFXT cluster. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 仮想ネットワーク サブネットの定義を取得します。Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* ストレージ アカウントの作成と管理Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read リソース グループのリソースを取得します。Gets the resources for the resource group.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete BLOB を削除した結果を返します。Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB または BLOB の一覧を返します。Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write BLOB の書き込みの結果を返します。Returns the result of writing a blob
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Avere オペレーターAvere Operator

クラスターを管理するために Avere vFXT クラスターによって使用されます。詳細Used by the Avere vFXT cluster to manage the cluster Learn more

アクションActions 説明Description
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 仮想マシンのプロパティを取得します。Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read ネットワーク インターフェイスの定義を取得します。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write ネットワーク インターフェイスを作成するか、既存のネットワーク インターフェイスを更新します。Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 仮想ネットワーク サブネットの定義を取得します。Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete コンテナーを削除した結果を返します。Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read コンテナーの一覧を返しますReturns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write BLOB コンテナーのプット結果を返しますReturns the result of put blob container
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete BLOB を削除した結果を返します。Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB または BLOB の一覧を返します。Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write BLOB の書き込みの結果を返します。Returns the result of writing a blob
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup ContributorBackup Contributor

バックアップ サービスを管理できますが、資格情報コンテナーの作成や他のユーザーに対するアクセス権の付与を行うことはできません。詳細Lets you manage backup service, but can't create vaults and give access to others Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* バックアップ管理操作の結果の管理Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Recovery Services コンテナーのバックアップ ファブリック内でのバックアップ コンテナーの作成および管理Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action コンテナーの一覧を更新します。Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* バックアップ ジョブの作成および管理Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action ジョブをエクスポートします。Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* バックアップ管理操作の結果の作成および管理Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* バックアップ ポリシーの作成および管理Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* バックアップできるアイテムの作成および管理Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* バックアップ アイテムの作成および管理Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* バックアップ アイテムを保持するコンテナーの作成および管理Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Recovery Services コンテナー内のバックアップに関連する証明書の作成および管理Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* コンテナーに関連する拡張情報の作成および管理Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 登録済み ID の管理Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Recovery Services コンテナーの使用状況の作成および管理Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 保護された項目に対する操作を検証しますValidate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write "コンテナーの作成" 操作では、"コンテナー" 型の Azure リソースを作成します。Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read すべての保護可能なコンテナーを取得します。Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 機能を検証します。Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write アラートを解決する。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup OperatorBackup Operator

バックアップ サービスを管理できます (バックアップの削除、資格情報コンテナーの作成、他のユーザーに対するアクセス権の付与を除きます)。詳細Lets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 仮想ネットワークの定義を取得します。Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 操作の状態を返します。Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 保護コンテナーに対して実行された操作の結果を取得します。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 保護された項目のバックアップを実行します。Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 保護された項目に対して実行された操作の結果を取得します。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 保護された項目に対して実行された操作の状態を返します。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 保護された項目のインスタント項目回復をプロビジョニングします。Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 保護された項目の復旧ポイントを取得します。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 保護された項目の復旧ポイントを復元します。Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 保護された項目のインスタント項目回復を取り消します。Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write バックアップ保護項目を作成します。Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read すべての登録済みコンテナーを返します。Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action コンテナーの一覧を更新します。Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* バックアップ ジョブの作成および管理Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action ジョブをエクスポートします。Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* バックアップ管理操作の結果の作成および管理Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read ポリシー操作の結果を取得します。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read すべての保護ポリシーを返します。Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* バックアップできるアイテムの作成および管理Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read すべての保護された項目の一覧を返します。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read サブスクリプションに属するすべてのコンテナーを返します。Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write "リソース証明書を更新" 操作では、リソース/コンテナー資格情報証明書を更新します。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read "操作結果を取得" 操作を使用すると、非同期で送信された操作の状態と結果を取得できます。The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read " コンテナーを取得" 操作を使用すると、リソースの登録済みコンテナーを取得できます。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write "サービス コンテナーを登録" 操作を使用すると、コンテナーを Recovery Services に登録できます。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 保護された項目に対する操作を検証しますValidate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read ポリシー操作の状態を取得します。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 登録済みコンテナーを作成します。Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action コンテナー内のワークロードを照会します。Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write バックアップの保護インテントを作成しますCreate a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read バックアップ保護の意図を取得しますGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read すべての保護可能なコンテナーを取得します。Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read コンテナー内のすべての項目を取得します。Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 機能を検証します。Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write アラートを解決する。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup ReaderBackup Reader

バックアップ サービスを表示できますが、変更を行うことはできません。詳細Can view backup services, but can't make changes Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp は、サービスによって使用される内部操作です。GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 操作の状態を返します。Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 保護コンテナーに対して実行された操作の結果を取得します。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 保護された項目に対して実行された操作の結果を取得します。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 保護された項目に対して実行された操作の状態を返します。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 保護された項目の復旧ポイントを取得します。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read すべての登録済みコンテナーを返します。Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read ジョブ操作の結果を返します。Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read すべてのジョブ オブジェクトを返します。Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action ジョブをエクスポートします。Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Recovery Services コンテナーに対するバックアップ操作の結果を返します。Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read ポリシー操作の結果を取得します。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read すべての保護ポリシーを返します。Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read すべての保護された項目の一覧を返します。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read サブスクリプションに属するすべてのコンテナーを返します。Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read "操作結果を取得" 操作を使用すると、非同期で送信された操作の状態と結果を取得できます。The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read " コンテナーを取得" 操作を使用すると、リソースの登録済みコンテナーを取得できます。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Recovery Services コンテナーのストレージ構成を返します。Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Recovery Services コンテナーの構成を返します。Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read ポリシー操作の状態を取得します。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read バックアップ保護の意図を取得しますGet a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read コンテナー内のすべての項目を取得します。Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write アラートを解決する。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 機能を検証します。Validate Features
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Classic Storage Account ContributorClassic Storage Account Contributor

従来のストレージ アカウントを管理できますが、アクセスすることはできません。Lets you manage classic storage accounts, but not access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* ストレージ アカウントの作成と管理Create and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

従来のストレージ アカウント キー オペレーターのサービス ロールClassic Storage Account Key Operator Service Role

従来のストレージ アカウント キー オペレーターは、従来のストレージ アカウントでのキーの一覧表示と再生成を行うことができます。詳細Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

アクションActions 説明Description
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action ストレージ アカウントの既存のアクセス キーを再生成します。Regenerates the existing access keys for the storage account.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box ContributorData Box Contributor

Data Box サービスですべてを管理できます (他のユーザーに対するアクセス権の付与を除く)。Lets you manage everything under Data Box Service except giving access to others. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box 閲覧者Data Box Reader

Data Box サービスを管理できます (注文の作成または注文の詳細の編集、および他のユーザーに対するアクセス権の付与を除く)。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 注文に関連する暗号化されていない資格情報を一覧表示します。Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action このメソッドは、使用可能な SKU の一覧を返します。This method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action このメソッドでは、すべての種類の検証が行われます。This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action このメソッドでは、リージョンの構成が返されます。This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action 配送先住所を検証し、存在する場合には別の住所を指定します。Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Lake Analytics DeveloperData Lake Analytics Developer

独自のジョブを送信、監視、管理できますが、Data Lake Analytics アカウントを作成または削除することはできません。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete DataLakeAnalytics アカウントを削除します。Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action 他のユーザーによって送信されたジョブを取り消すアクセス許可を付与します。Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write DataLakeAnalytics アカウントを作成または更新します。Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write DataLakeAnalytics アカウントのリンクされた DataLakeStore アカウントを作成または更新します。Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete DataLakeAnalytics アカウントから DataLakeStore アカウントのリンクを解除します。Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write DataLakeAnalytics アカウントのリンクされたストレージ アカウントを作成または更新します。Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete DataLakeAnalytics アカウントからストレージ アカウントをリンク解除します。Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write ファイアウォール規則を作成または更新します。Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete ファイアウォール規則を削除します。Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write コンピューティング ポリシーを作成または更新します。Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete コンピューティング ポリシーを削除します。Delete a compute policy.
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Reader and Data AccessReader and Data Access

すべてを表示することができますが、ストレージ アカウントや含まれるリソースの削除や作成はできません。Lets you view everything but will not let you delete or create a storage account or contained resource. ストレージ アカウント キーへのアクセスを使用して、ストレージ アカウントに含まれるすべてのデータへの読み取り/書き込みアクセスも許可されます。It will also allow read/write access to all data contained in a storage account via access to storage account keys.

アクションActions 説明Description
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 指定されたストレージ アカウントのアカウント SAS トークンを返します。Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Account ContributorStorage Account Contributor

ストレージ アカウントの管理を許可します。Permits management of storage accounts. アカウント キーへのアクセスを提供します。これを使用して、共有キー認証を使用してデータにアクセスすることができます。Provides access to the account key, which can be used to access data via Shared Key authorization. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* ストレージ アカウントの作成と管理Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ アカウント キー オペレーターのサービス ロールStorage Account Key Operator Service Role

ストレージ アカウント アクセス キーを一覧表示および再生成できます。Permits listing and regenerating storage account access keys. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 指定されたストレージ アカウントのアクセス キーを再生成します。Regenerates the access keys for the specified storage account.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ BLOB データ共同作成者Storage Blob Data Contributor

Azure Storage コンテナーと BLOB の読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete コンテナーを削除します。Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read コンテナーまたはコンテナーの一覧を返します。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write コンテナーのメタデータまたはプロパティを変更します。Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete BLOB を削除するDelete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB または BLOB の一覧を返します。Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action パス間で BLOB を移動しますMoves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write BLOB に書き込みます。Write to a blob.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ BLOB データ所有者Storage Blob Data Owner

Azure Storage Blob コンテナーとデータに対するフル アクセス (POSIX アクセスの制御の割り当てを含む) を提供します。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* コンテナーのフル アクセス許可。Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* BLOB のフル アクセス許可。Full permissions on blobs.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ BLOB データ閲覧者Storage Blob Data Reader

Azure Storage コンテナーと BLOB の読み取りと一覧表示を行います。Read and list Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read コンテナーまたはコンテナーの一覧を返します。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB または BLOB の一覧を返します。Return a blob or a list of blobs.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob デリゲータStorage Blob Delegator

Azure AD 資格情報で署名されたコンテナーまたは BLOB 用の共有アクセス署名を作成するために使用できるユーザー委任キーを取得します。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 詳細については、「ユーザー委任 SAS を作成する」を参照してください。For more information, see Create a user delegation SAS. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

記憶域ファイル データの SMB 共有の共同作成者Storage File Data SMB Share Contributor

Azure ファイル共有のファイルまたはディレクトリに対する読み取り、書き込み、削除のアクセス権を許可します。Allows for read, write, and delete access on files/directories in Azure file shares. このロールに相当する機能は Windows ファイル サーバーに組み込まれていません。This role has no built-in equivalent on Windows file servers. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write ファイルの書き込みまたはフォルダーの作成の結果を返します。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete ファイル/フォルダーの削除の結果を返します。Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

記憶域ファイル データの SMB 共有の管理者特権共同作成者Storage File Data SMB Share Elevated Contributor

Azure ファイル共有のファイルまたはディレクトリに対する ACL の読み取り、書き込み、削除、変更を許可します。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の変更に相当します。This role is equivalent to a file share ACL of change on Windows file servers. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write ファイルの書き込みまたはフォルダーの作成の結果を返します。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete ファイル/フォルダーの削除の結果を返します。Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action ファイル/フォルダーに対するアクセス許可の変更の結果を返します。Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

記憶域ファイル データの SMB 共有の閲覧者Storage File Data SMB Share Reader

Azure ファイル共有のファイルまたはディレクトリに対する読み取りアクセスを許可します。Allows for read access on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の読み取りに相当します。This role is equivalent to a file share ACL of read on Windows file servers. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ キュー データ共同作成者Storage Queue Data Contributor

Azure Storage キューおよびキュー メッセージの読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete キューを削除します。Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read キューまたはキューの一覧を返します。Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write キューのメタデータまたはプロパティを変更します。Modify queue metadata or properties.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 1 つまたは複数のメッセージをキューから削除します。Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 1 つまたは複数のメッセージをキューからピークまたは取得します。Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write メッセージをキューに追加します。Add a message to a queue.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ キュー データのメッセージ プロセッサStorage Queue Data Message Processor

Azure Storage キューからのメッセージのピーク、取得、削除を行います。Peek, retrieve, and delete a message from an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read メッセージをピークします。Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action メッセージを取得および削除します。Retrieve and delete a message.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ キュー データ メッセージ送信者Storage Queue Data Message Sender

Azure Storage キューにメッセージを追加します。Add messages to an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action メッセージをキューに追加します。Add a message to a queue.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ストレージ キュー データ閲覧者Storage Queue Data Reader

Azure Storage キューおよびキュー メッセージの読み取りと一覧表示を行います。Read and list Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read キューまたはキューの一覧を返します。Returns a queue or a list of queues.
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 1 つまたは複数のメッセージをキューからピークまたは取得します。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Azure Maps データ閲覧者Azure Maps Data Reader

Azure Maps アカウントからマップ関連データを読み取るためのアクセス権を付与します。Grants access to read map related data from an Azure maps account.

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Search Service ContributorSearch Service Contributor

Search サービスを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Search services, but not access to them. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* 検索サービスの作成と管理Create and manage search services
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Web Plan ContributorWeb Plan Contributor

Web サイトの Web プランを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage the web plans for websites, but not access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* サーバー ファームの作成と管理Create and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action App Service Environment に参加しますJoins an App Service Environment
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Website ContributorWebsite Contributor

Web サイト (Web プランではない) を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage websites (not web plans), but not access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* Insights コンポーネントの作成と管理Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* Web サイト証明書の作成と管理Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read ホスト名に割り当てられたサイトの名前を取得します。Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action App Service プランに参加します。Joins an App Service Plan
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read App Service プランのプロパティを取得します。Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* Web サイトの作成と管理 (サイト作成では、関連付けられた App Service プランに対する書き込みアクセス許可も必要です)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContainersContainers

AcrDeleteAcrDelete

acr の削除 詳細acr delete Learn more

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete コンテナー レジストリの成果物を削除します。Delete artifact in a container registry.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

acr イメージ署名者 詳細acr image signer Learn more

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write コンテナー レジストリのコンテンツの信頼メタデータをプッシュ/プルします。Push/Pull content trust metadata for a container registry.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

acr のプル 詳細acr pull Learn more

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read コンテナー レジストリからイメージをプルまたは取得します。Pull or Get images from a container registry.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

acr のプッシュ 詳細acr push Learn more

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read コンテナー レジストリからイメージをプルまたは取得します。Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write コンテナー レジストリにイメージをプッシュするか書き込みます。Push or Write images to a container registry.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

ACR 検査データ閲覧者acr quarantine data reader

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read コンテナー レジストリから検疫済みのイメージをプルまたは取得しますPull or Get quarantined images from container registry
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

ACR 検査データ作成者acr quarantine data writer

アクションActions 説明Description
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read コンテナー レジストリから検疫済みのイメージをプルまたは取得しますPull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write 検疫済みイメージの検疫状態を書き込むか変更しますWrite/Modify quarantine state of quarantined images
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service クラスター管理者ロールAzure Kubernetes Service Cluster Admin Role

クラスター管理者の資格情報アクションを一覧表示します。List cluster admin credential action. 詳細情報Learn more

アクションActions 説明Description
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 管理対象クラスターの clusterAdmin 資格情報を一覧表示します。List the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action 資格情報の一覧の取得を使用し、ロール名を指定してマネージド クラスターのアクセス プロファイルを取得します。Get a managed cluster access profile by role name using list credential
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read マネージド クラスターを取得します。Get a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service クラスター ユーザー ロールAzure Kubernetes Service Cluster User Role

クラスター ユーザーの資格情報アクションを一覧表示します。List cluster user credential action. 詳細情報Learn more

アクションActions 説明Description
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read マネージド クラスターを取得します。Get a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 共同作成者ロールAzure Kubernetes Service Contributor Role

Azure Kubernetes Service クラスターへの読み取りおよび書き込みアクセスを許可します 詳細Grants access to read and write Azure Kubernetes Service clusters Learn more

ActionsActions 説明Description
Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read マネージド クラスターを取得します。Get a managed cluster
Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write 新しいマネージド クラスターを作成するか、既存のものを更新します。Creates a new managed cluster or updates an existing one
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 管理者Azure Kubernetes Service RBAC Admin

リソース クォータと名前空間の更新または削除を除き、クラスターおよび名前空間のすべてのリソースを管理できます。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write デプロイを作成または更新します。Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write resourcequotas を書き込みますWrites resourcequotas
Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete resourcequotas を削除しますDeletes resourcequotas
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write namespaces を書き込みますWrites namespaces
Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete 名前空間を削除しますDeletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC クラスター管理者Azure Kubernetes Service RBAC Cluster Admin

クラスター内のすべてのリソースを管理できます。Lets you manage all resources in the cluster. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write デプロイを作成または更新します。Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC 閲覧者Azure Kubernetes Service RBAC Reader

クラスターおよび名前空間内のすべてのリソース (シークレットを除く) を表示できます。Lets you view all resources in cluster/namespace, except secrets. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write デプロイを作成または更新します。Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write
Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view all resources in cluster/namespace, except secrets.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*/read"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
        "Microsoft.ContainerService/managedClusters/secrets/*"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service RBAC ライターAzure Kubernetes Service RBAC Writer

リソース クォータ、名前空間、ポッド セキュリティ ポリシー、証明書署名要求、(クラスター) ロール、(クラスター) ロール バインドを除く、クラスターおよび名前空間のすべてを更新できます。Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write デプロイを作成または更新します。Creates or updates an deployment.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read
Microsoft.ContainerService/managedClusters/*/writeMicrosoft.ContainerService/managedClusters/*/write
NotDataActionsNotDataActions
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read
Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write
Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write namespaces を書き込みますWrites namespaces
Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write resourcequotas を書き込みますWrites resourcequotas
Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/writeMicrosoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write certificatesigningrequests を書き込みますWrites certificatesigningrequests
Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/writeMicrosoft.ContainerService/managedClusters/policy/podsecuritypolicies/write podsecuritypolicies を書き込みますWrites podsecuritypolicies
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*/read",
        "Microsoft.ContainerService/managedClusters/*/write"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
        "Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write",
        "Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/write"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

データベースDatabases

Cosmos DB アカウントの閲覧者ロールCosmos DB Account Reader Role

Cosmos DB アカウントのデータを読み取ることができます。Can read Azure Cosmos DB account data. Azure Cosmos DB アカウントの管理については、「DocumentDB Account Contributor」をご覧ください。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read 任意のコレクションの読み取りRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action データベース アカウントの読み取り専用キーを読み取ります。Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read メトリック定義を読み取ります。Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read メトリックを読み取ります。Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cosmos DB オペレーターCosmos DB Operator

Azure Cosmos DB アカウントを管理することができます。ただし、アカウント内のデータにはアクセスできません。Lets you manage Azure Cosmos DB accounts, but not access data in them. アカウント キーと接続文字列へのアクセスは禁止されます。Prevents access to account keys and connection strings. 詳細情報Learn more

アクションActions 説明Description
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Cosmos DB データベースまたはアカウントのコンテナーの復元要求を送信できます。詳細Can submit restore request for a Cosmos DB database or a container for an account Learn more

アクションActions 説明Description
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action バックアップを構成するための要求を送信しますSubmit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 復元要求を送信しますSubmit a restore request
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DocumentDB Account ContributorDocumentDB Account Contributor

Azure Cosmos DB アカウントを管理できます。Can manage Azure Cosmos DB accounts. Azure Cosmos DB は以前は DocumentDB と呼ばれていました。Azure Cosmos DB is formerly known as DocumentDB. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Azure Cosmos DB アカウントの作成と管理Create and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Redis Cache ContributorRedis Cache Contributor

Redis Caches を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Redis caches, but not access to them.

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Cache/register/actionMicrosoft.Cache/register/action "Microsoft.Cache" リソース プロバイダーをサブスクリプションに登録します。Registers the 'Microsoft.Cache' resource provider with a subscription
Microsoft.Cache/redis/*Microsoft.Cache/redis/* Redis キャッシュの作成と管理Create and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL DB ContributorSQL DB Contributor

SQL データベースを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage SQL databases, but not access to them. また、セキュリティ関連のポリシーまたは親 SQL Server を管理することはできません。Also, you can't manage their security-related policies or their parent SQL servers. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* SQL データベースの作成と管理Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read サーバーの一覧を返すか、指定されたサーバーのプロパティを取得します。Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read メトリックを読み取ります。Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read メトリック定義を読み取ります。Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 監査ポリシーの編集Edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 監査設定の編集Edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 接続ポリシーの編集Edit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* データ マスク ポリシーの編集Edit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* セキュリティ警告ポリシーの編集Edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* セキュリティ基準の編集Edit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL マネージド インスタンス共同作成者SQL Managed Instance Contributor

SQL マネージド インスタンスと必要なネットワーク構成を管理することができますが、他のユーザーにアクセス権を付与することはできません。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

アクションActions 説明Description
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read メトリックを読み取ります。Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read メトリック定義を読み取ります。Read metric definitions
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Security ManagerSQL Security Manager

SQL サーバーとデータベースのセキュリティ関連のポリシーを管理できます。ただし、それらへのアクセスは管理できません。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* SQL サーバー監査ポリシーの作成と管理Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* SQL サーバー監査設定の作成と管理Create and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 指定されたサーバーで構成されている拡張サーバー BLOB 監査ポリシーの詳細を取得します。Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* SQL サーバー データベース監査ポリシーの作成と管理Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* SQL サーバー データベース監査設定の作成と管理Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* SQL サーバー データベース接続ポリシーの作成と管理Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* SQL サーバー データベース データ マスク ポリシーの作成と管理Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 指定されたデータベースで構成されている拡張 BLOB 監査ポリシーの詳細を取得します。Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read データベースの一覧を返すか、指定されたデータベースのプロパティを取得します。Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read データベースのスキーマを取得します。Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read データベースの列を取得します。Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read データベースのテーブルを取得します。Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* SQL サーバー データベース セキュリティの警告のポリシーの作成と管理Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* SQL サーバー データベース セキュリティ基準の作成と管理Create and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read サーバーの一覧を返すか、指定されたサーバーのプロパティを取得します。Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* SQL サーバー セキュリティの警告のポリシーの作成と管理Create and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read 特定の Azure Active Directory 管理者オブジェクトを取得しますGets a specific Azure Active Directory administrator object
Microsoft.Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/administrators/read",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Server ContributorSQL Server Contributor

SQL サーバーとデータベースを管理できます。ただし、それらへのアクセスや、それらのセキュリティ関連ポリシーは管理できません。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* SQL サーバーの作成と管理Create and manage SQL servers
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read メトリックを読み取ります。Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read メトリック定義を読み取ります。Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* SQL サーバー監査ポリシーの編集Edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* SQL サーバー監査設定の編集Edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* SQL サーバー データベース監査ポリシーの編集Edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* SQL サーバー データベース監査設定の編集Edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* SQL サーバー データベース接続ポリシーの編集Edit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* SQL サーバー データベース データ マスク ポリシーの編集Edit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* SQL サーバー データベースのセキュリティ警告ポリシーの編集Edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* SQL サーバー データベースのセキュリティ基準の編集Edit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* SQL サーバーのセキュリティ警告ポリシーの編集Edit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete 特定のサーバーの Azure Active Directory のみの認証オブジェクトを削除しますDeletes a specific server Azure Active Directory only authentication object
Microsoft.Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write 特定のサーバーの Azure Active Directory 認証オブジェクトのみを追加または更新しますAdds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnalyticsAnalytics

Azure Event Hubs データ所有者Azure Event Hubs Data Owner

Azure Event Hubs リソースへのフル アクセスを許可します。Allows for full access to Azure Event Hubs resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs データ受信者Azure Event Hubs Data Receiver

Azure Event Hubs リソースへの受信アクセスを許可します。Allows receive access to Azure Event Hubs resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs データ送信者Azure Event Hubs Data Sender

Azure Event Hubs リソースへの送信アクセスを許可します。Allows send access to Azure Event Hubs resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Factory ContributorData Factory Contributor

データ ファクトリまたデータ ファクトリ内の子リソースを作成し管理します。Create and manage data factories, as well as child resources within them. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Data Factory と Data Factory に含まれる子リソースを作成および管理します。Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* Data Factory と Data Factory に含まれる子リソースを作成および管理します。Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write eventSubscription を作成または更新します。Create or update an eventSubscription
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data PurgerData Purger

分析データを削除できます。詳細Can purge analytics data Learn more

アクションActions 説明Description
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action Application Insights からデータを削除します。Purging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read Log Analytics のデータの表示View log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action ワークスペースから指定されたデータを削除します。Delete specified data from workspace
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight クラスター オペレーターHDInsight Cluster Operator

HDInsight クラスター構成の読み取りと変更を実行できます。Lets you read and modify HDInsight cluster configurations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action HDInsight クラスター向けのアプリケーションを取得しますGet gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action HDInsight クラスターのゲートウェイ設定を更新しますUpdate gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read デプロイ操作を取得または一覧表示します。Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight ドメイン サービス共同作成者HDInsight Domain Services Contributor

HDInsight Enterprise セキュリティ パッケージに必要なドメイン サービス関連の操作の読み取り、作成、変更、および削除を行うことができます。詳細Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

アクションActions 説明Description
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 共同作成者Log Analytics Contributor

Log Analytics 共同作成者は、すべての監視データを読み取り、監視設定を編集できます。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 監視設定の編集には、VM 拡張機能の VM への追加、Azure Storage からログの収集を設定できるようにするためのストレージ アカウント キーの読み取り、Automation アカウントの作成と構成、ソリューションの追加、すべての Azure リソースでの Azure Diagnostics の構成が含まれます。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 詳細情報Learn more

アクションActions 説明Description
*/read*/read 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Azure Arc 拡張機能をインストールまたは更新されますInstalls or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 閲覧者Log Analytics Reader

Log Analytics Reader は、すべての監視データの表示と検索、およびすべての Azure リソース上の Azure Diagnostics 構成の表示など、監視設定の表示を行うことができます。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 詳細情報Learn more

アクションActions 説明Description
*/read*/read 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 新しいエンジンを使用して検索します。Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 検索クエリを実行します。Executes a search query
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read ワークスペースの共有キーを取得します。Retrieves the shared keys for the workspace. これらのキーを使用して、Microsoft Operational Insights エージェントをワークスペースに接続します。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Schema Registry Contributor (プレビュー)Schema Registry Contributor (Preview)

Schema Registry グループおよびスキーマの読み取り、書き込み、および削除を行います。Read, write, and delete Schema Registry groups and schemas.

アクションActions 説明Description
Microsoft.EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Schema Registry Reader (プレビュー)Schema Registry Reader (Preview)

Schema Registry グループおよびスキーマの読み取りと一覧表示を行います。Read and list Schema Registry groups and schemas.

アクションActions 説明Description
Microsoft.EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read SchemaGroup リソースの説明の一覧を取得しますGet list of SchemaGroup Resource Descriptions
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read スキーマを取得するRetrieve schemas
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ブロックチェーンBlockchain

ブロックチェーン メンバー ノードへのアクセス (プレビュー)Blockchain Member Node Access (Preview)

ブロックチェーン メンバー ノードにアクセスできるようにします。詳細Allows for access to Blockchain Member nodes Learn more

アクションActions 説明Description
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read 既存のブロックチェーン メンバーのトランザクション ノードを取得または一覧表示します。Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action ブロックチェーン メンバーのトランザクション ノードに接続します。Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AI + 機械学習AI + machine learning

Cognitive Services 共同作成者Cognitive Services Contributor

Cognitive Services のキーの作成、読み取り、更新、削除、管理を行うことができます。Lets you create, read, update, delete and manage keys of Cognitive Services. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read サブスクリプションの機能を取得します。Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read 指定されたリソース プロバイダーのサブスクリプションの機能を取得します。Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read ログ定義を読み取ります。Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read メトリック定義を読み取ります。Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read メトリックを読み取ります。Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read デプロイ操作を取得または一覧表示します。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services データ閲覧者 (プレビュー)Cognitive Services Data Reader (Preview)

Cognitive Services データを読み取ります。Lets you read Cognitive Services data.

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services ユーザーCognitive Services User

Cognitive Services のキーの読み取りおよび一覧表示を行うことができます。Lets you read and list keys of Cognitive Services. 詳細情報Learn more

アクションActions 説明Description
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action キーを一覧表示します。List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read クラシック メトリック アラートを読み取りますRead a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read リソースの診断設定を読み取りますRead a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read ログ定義を読み取ります。Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read メトリック定義を読み取ります。Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read メトリックを読み取ります。Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read デプロイ操作を取得または一覧表示します。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read サブスクリプション操作の結果を取得します。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read サブスクリプションの一覧を取得します。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

複合現実Mixed reality

Remote Rendering 管理者Remote Rendering Administrator

ユーザーに、Azure Remote Rendering の変換、セッション管理、レンダリング、および診断の機能を提供します。詳細Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.MixedReality/RemoteRenderingAccounts/convert/actionMicrosoft.MixedReality/RemoteRenderingAccounts/convert/action 資産の変換を開始しますStart asset conversion
Microsoft.MixedReality/RemoteRenderingAccounts/convert/readMicrosoft.MixedReality/RemoteRenderingAccounts/convert/read 資産の変換プロパティを取得しますGet asset conversion properties
Microsoft.MixedReality/RemoteRenderingAccounts/convert/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/convert/delete 資産の変換を停止しますStop asset conversion
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read セッションのプロパティを取得しますGet session properties
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action セッションを開始しますStart sessions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete セッションを停止しますStop sessions
Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read セッションに接続しますConnect to a session
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read Remote Rendering インスペクターに接続しますConnect to the Remote Rendering inspector
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Remote Rendering クライアントRemote Rendering Client

ユーザーに、Azure Remote Rendering でのセッション管理、レンダリング、および診断の機能を提供します。Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read セッションのプロパティを取得しますGet session properties
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action セッションを開始しますStart sessions
Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete セッションを停止しますStop sessions
Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read セッションに接続しますConnect to a session
Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read Remote Rendering インスペクターに接続しますConnect to the Remote Rendering inspector
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "name": "d39065c4-c120-43c9-ab0a-63eed9795f0a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
        "Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
        "Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
        "Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Remote Rendering Client",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors アカウント共同作成者Spatial Anchors Account Contributor

アカウントで空間アンカーを管理できますが、削除することはできません。詳細Lets you manage spatial anchors in your account, but not delete them Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 空間アンカーを作成します。Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 近くにある空間アンカーを検出します。Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 空間アンカーのプロパティを取得します。Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 空間アンカーを探します。Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 空間アンカーのプロパティを更新します。Update spatial anchors properties
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, but not delete them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors アカウント所有者Spatial Anchors Account Owner

アカウントで空間アンカーを管理できます。削除も可能です。詳細Lets you manage spatial anchors in your account, including deleting them Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 空間アンカーを作成します。Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete 空間アンカーを削除します。Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 近くにある空間アンカーを検出します。Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 空間アンカーのプロパティを取得します。Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 空間アンカーを探します。Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 空間アンカーのプロパティを更新します。Update spatial anchors properties
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, including deleting them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
  "name": "70bbe301-9835-447d-afdd-19eb3167307c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Spatial Anchors アカウント閲覧者Spatial Anchors Account Reader

アカウントで空間アンカーのプロパティを検索して読み取ることができます。詳細Lets you locate and read properties of spatial anchors in your account Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 近くにある空間アンカーを検出します。Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 空間アンカーのプロパティを取得します。Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 空間アンカーを探します。Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you locate and read properties of spatial anchors in your account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

統合Integration

API Management Service ContributorAPI Management Service Contributor

サービスと API を管理できます。詳細Can manage service and the APIs Learn more

アクションActions 説明Description
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* API Management サービスの作成と管理Create and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API Management Service Operator RoleAPI Management Service Operator Role

サービスを管理できますが、API は対象外です。詳細Can manage service but not the APIs Learn more

アクションActions 説明Description
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read API Management サービス インスタンスの読み取りRead API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action ユーザーが指定したストレージ アカウント内の指定されたコンテナーに API Management サービスをバックアップします。Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete API Management サービス インスタンスを削除します。Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action SKU/ユニット数を変更し、API Management サービスのリージョン デプロイを追加または削除します。Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read API Management サービス インスタンスのメタデータの読み取りRead metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action ユーザーが指定したストレージ アカウント内の指定されたコンテナーからの API Management サービスの復元Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action API Management サービスの TLS/SSL 証明書をアップロードします。Upload TLS/SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action API Management サービスのカスタム ドメイン名を設定、更新、または削除します。Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write API Management サービスのインスタンスが作成または更新されますCreate or Update API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read ユーザーに関連付けられたキーを取得しますGet keys associated with user
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API Management Service Reader RoleAPI Management Service Reader Role

サービスと API への読み取り専用アクセスです。詳細Read-only access to service and APIs Learn more

アクションActions 説明Description
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read API Management サービス インスタンスの読み取りRead API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read API Management サービス インスタンスのメタデータの読み取りRead metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read ユーザーに関連付けられたキーを取得しますGet keys associated with user
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

App Configuration データ所有者App Configuration Data Owner

App Configuration データへのフル アクセスを許可します。Allows full access to App Configuration data. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write
Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

App Configuration データ閲覧者App Configuration Data Reader

App Configuration データへの読み取りアクセスを許可します。Allows read access to App Configuration data. 詳細情報Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus データ所有者Azure Service Bus Data Owner

Azure Service Bus リソースへのフル アクセスを許可します。Allows for full access to Azure Service Bus resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus データ受信者Azure Service Bus Data Receiver

Azure Service Bus リソースへの受信アクセスを許可します。Allows for receive access to Azure Service Bus resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Service Bus データ送信者Azure Service Bus Data Sender

Azure Service Bus リソースへの送信アクセスを許可します。Allows for send access to Azure Service Bus resources. 詳細情報Learn more

アクションActions 説明Description
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Stack Registration OwnerAzure Stack Registration Owner

Azure Stack の登録を管理できます。Lets you manage Azure Stack registrations.

アクションActions 説明Description
Microsoft.AzureStack/edgeSubscriptions/readMicrosoft.AzureStack/edgeSubscriptions/read
Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read Azure Stack Marketplace の製品のプロパティを取得しますGets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read Azure Stack の登録のプロパティを取得しますGets the properties of an Azure Stack registration
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Stack registrations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureStack/edgeSubscriptions/read",
        "Microsoft.AzureStack/registrations/products/*/action",
        "Microsoft.AzureStack/registrations/products/read",
        "Microsoft.AzureStack/registrations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Stack Registration Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 共同作成者EventGrid EventSubscription Contributor

EventGrid のイベント サブスクリプション操作を管理できます。Lets you manage EventGrid event subscription operations. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/*
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read グローバル イベント サブスクリプションをトピックの種類ごとに一覧表示しますList global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read リージョンのイベント サブスクリプションを一覧表示しますList regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read リージョンのイベント サブスクリプションを topictype ごとに一覧表示しますList regional event subscriptions by topictype
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* クラシック メトリック アラートの作成と管理Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* デプロイの作成と管理Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* サポート チケットの作成と更新Create and update a support ticket
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 閲覧者EventGrid EventSubscription Reader

EventGrid のイベント サブスクリプションを読み取ることができます。Lets you read EventGrid event subscriptions. 詳細情報Learn more

アクションActions 説明Description
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read ロールとロール割り当ての読み取りRead roles and role assignments
Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read eventSubscription を削除します。Read an eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read グローバル イベント サブスクリプションをトピックの種類ごとに一覧表示しますList global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read リージョンのイベント サブスクリプションを一覧表示しますList regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read リージョンのイベント サブスクリプションを topictype ごとに一覧表示しますList regional event subscriptions by topictype
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read リソース グループを取得または一覧表示します。Gets or lists resource groups.
NotActionsNotActions
"なし"none
DataActionsDataActions
"なし"none
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR データ共同作成者FHIR Data Contributor

ユーザーまたはプリンシパルに FHIR データへのフル アクセスを許可するロールです。詳細Role allows user or principal full access to FHIR Data Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/*
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal full access to FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR データ エクスポーターFHIR Data Exporter

ユーザーまたはプリンシパルに FHIR データの読み取りとエクスポートを許可するロールです。詳細Role allows user or principal to read and export FHIR Data Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read FHIR リソースを読み取ります (検索とバージョン管理された履歴を含みます)。Read FHIR resources (includes searching and versioned history).
Microsoft.HealthcareApis/services/fhir/resources/export/actionMicrosoft.HealthcareApis/services/fhir/resources/export/action エクスポート操作 ($export)。Export operation ($export).
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read and export FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
  "name": "3db33094-8700-4567-8da5-1501d4e7e843",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read",
        "Microsoft.HealthcareApis/services/fhir/resources/export/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Exporter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR データ リーダーFHIR Data Reader

ユーザーまたはプリンシパルに FHIR データの読み取りを許可するロールです。詳細Role allows user or principal to read FHIR Data Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read FHIR リソースを読み取ります (検索とバージョン管理された履歴を含みます)。Read FHIR resources (includes searching and versioned history).
NotDataActionsNotDataActions
"なし"none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Role allows user or principal to read FHIR Data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.HealthcareApis/services/fhir/resources/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "FHIR Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

FHIR データ ライターFHIR Data Writer

ユーザーまたはプリンシパルに FHIR データの読み取りと書き込みを許可するロールです。詳細Role allows user or principal to read and write FHIR Data Learn more

アクションActions 説明Description
"なし"none
NotActionsNotActions
"なし"none
DataActionsDataActions
Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/*