Azure 組み込みロールAzure built-in roles
Azure ロールベースのアクセス制御 (Azure RBAC) には、ユーザー、グループ、サービス プリンシパル、マネージド ID に割り当てることのできる Azure 組み込みロールがいくつかあります。Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. ロールの割り当ては、Azure リソースへのアクセスを制御する方法です。Role assignments are the way you control access to Azure resources. 組み込みロールが組織の特定のニーズを満たさない場合は、独自の Azure カスタム ロールを作成することができます。If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.
この記事では、常に進化している Azure 組み込みロールが一覧表示されています。This article lists the Azure built-in roles, which are always evolving. 最新のロールを取得するには、Get-AzRoleDefinition または az role definition list を使用してください。To get the latest roles, use Get-AzRoleDefinition or az role definition list. Azure Active Directory (Azure AD) の管理者ロールについては、「Azure Active Directory での管理者ロールのアクセス許可」を参照してください。If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.
次の表に、各組み込みロールの簡単な説明と一意の ID を示します。The following table provides a brief description and the unique ID of each built-in role. ロール名をクリックすると、各ロールの Actions、NotActions、DataActions、NotDataActions の一覧が表示されます。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. これらのアクションの意味と、管理とデータ プレーンへの適用方法については、「Azure ロールの定義について」を参照してください。For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.
AllAll
| 組み込みのロールBuilt-in role | 説明Description | idID |
|---|---|---|
| 全般General | ||
| ContributorContributor | すべてのリソースを管理するためのフル アクセスを付与しますが、Azure RBAC でのロールの割り当ては許可されません。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. | b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c |
| 所有者Owner | Azure RBAC でロールを割り当てる権限を含め、すべてのリソースを管理するためのフル アクセスを付与します。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
| ReaderReader | すべてのリソースを表示しますが、変更を加えることはできません。View all resources, but does not allow you to make any changes. | acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7 |
| User Access AdministratorUser Access Administrator | Azure リソースに対するユーザー アクセスを管理します。Lets you manage user access to Azure resources. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
| ComputeCompute | ||
| Classic Virtual Machine ContributorClassic Virtual Machine Contributor | 従来の仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb |
| Virtual Machine Administrator LoginVirtual Machine Administrator Login | ポータルで仮想マシンを表示し、管理者としてログインしますView Virtual Machines in the portal and login as administrator | 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4 |
| Virtual Machine ContributorVirtual Machine Contributor | 仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c |
| Virtual Machine User LoginVirtual Machine User Login | ポータルで仮想マシンを表示し、通常のユーザーとしてログインします。View Virtual Machines in the portal and login as a regular user. | fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52 |
| ネットワークNetworking | ||
| CDN Endpoint ContributorCDN Endpoint Contributor | CDN エンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN endpoints, but can't grant access to other users. | 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45 |
| CDN Endpoint ReaderCDN Endpoint Reader | CDN エンドポイントを表示できますが、変更はできません。Can view CDN endpoints, but can't make changes. | 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd |
| CDN Profile ContributorCDN Profile Contributor | CDN プロファイルとそのエンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN profiles and their endpoints, but can't grant access to other users. | ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432 |
| CDN Profile ReaderCDN Profile Reader | CDN プロファイルとそのエンドポイントを表示できますが、変更はできません。Can view CDN profiles and their endpoints, but can't make changes. | 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af |
| Classic Network ContributorClassic Network Contributor | 従来のネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage classic networks, but not access to them. | b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f |
| DNS Zone ContributorDNS Zone Contributor | Azure DNS の DNS ゾーンとレコード セットを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314 |
| Network ContributorNetwork Contributor | ネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage networks, but not access to them. | 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7 |
| プライベート DNS ゾーンの共同作成者Private DNS Zone Contributor | プライベート DNS ゾーンのリソースを管理できますが、リンク先の仮想ネットワークを管理することはできません。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. | b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f |
| Traffic Manager ContributorTraffic Manager Contributor | Traffic Manager プロファイルを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 |
| StorageStorage | ||
| Avere 共同作成者Avere Contributor | Avere vFXT クラスターを作成および管理できます。Can create and manage an Avere vFXT cluster. | 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a |
| Avere オペレーターAvere Operator | クラスターを管理するために Avere vFXT クラスターによって使用されますUsed by the Avere vFXT cluster to manage the cluster | c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 |
| Backup ContributorBackup Contributor | バックアップ サービスを管理できますが、資格情報コンテナーの作成や他のユーザーに対するアクセス権の付与を行うことはできませんLets you manage backup service, but can't create vaults and give access to others | 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b |
| Backup OperatorBackup Operator | バックアップ サービスを管理できます (バックアップの削除、資格情報コンテナーの作成、他のユーザーに対するアクセス権の付与を除く)Lets you manage backup services, except removal of backup, vault creation and giving access to others | 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324 |
| Backup ReaderBackup Reader | バックアップ サービスを表示できますが、変更を行うことはできませんCan view backup services, but can't make changes | a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912 |
| Classic Storage Account ContributorClassic Storage Account Contributor | 従来のストレージ アカウントを管理できますが、アクセスすることはできません。Lets you manage classic storage accounts, but not access to them. | 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25 |
| 従来のストレージ アカウント キー オペレーターのサービス ロールClassic Storage Account Key Operator Service Role | 従来のストレージ アカウント キー オペレーターは、従来のストレージ アカウントでのキーの一覧表示と再生成を行うことができますClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts | 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d |
| Data Box ContributorData Box Contributor | Data Box サービスですべてを管理できます (他のユーザーに対するアクセス権の付与を除く)。Lets you manage everything under Data Box Service except giving access to others. | add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5 |
| Data Box 閲覧者Data Box Reader | Data Box サービスを管理できます (注文の作成または注文の詳細の編集、および他のユーザーに対するアクセス権の付与を除く)。Lets you manage Data Box Service except creating order or editing order details and giving access to others. | 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 |
| Data Lake Analytics DeveloperData Lake Analytics Developer | 独自のジョブを送信、監視、管理できますが、Data Lake Analytics アカウントを作成または削除することはできません。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. | 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88 |
| Reader and Data AccessReader and Data Access | すべてを表示することができますが、ストレージ アカウントや含まれるリソースの削除や作成はできません。Lets you view everything but will not let you delete or create a storage account or contained resource. ストレージ アカウント キーへのアクセスを使用して、ストレージ アカウントに含まれるすべてのデータへの読み取り/書き込みアクセスも許可されます。It will also allow read/write access to all data contained in a storage account via access to storage account keys. | c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349 |
| Storage Account ContributorStorage Account Contributor | ストレージ アカウントの管理を許可します。Permits management of storage accounts. アカウント キーへのアクセスを提供します。これを使用して、共有キー認証を使用してデータにアクセスすることができます。Provides access to the account key, which can be used to access data via Shared Key authorization. | 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab |
| ストレージ アカウント キー オペレーターのサービス ロールStorage Account Key Operator Service Role | ストレージ アカウント アクセス キーを一覧表示および再生成できます。Permits listing and regenerating storage account access keys. | 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12 |
| ストレージ BLOB データ共同作成者Storage Blob Data Contributor | Azure Storage コンテナーと BLOB の読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe |
| ストレージ BLOB データ所有者Storage Blob Data Owner | Azure Storage Blob コンテナーとデータに対するフル アクセス (POSIX アクセスの制御の割り当てを含む) を提供します。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b |
| ストレージ BLOB データ閲覧者Storage Blob Data Reader | Azure Storage コンテナーと BLOB の読み取りと一覧表示を行います。Read and list Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1 |
| Storage Blob デリゲータStorage Blob Delegator | Azure AD 資格情報で署名されたコンテナーまたは BLOB 用の共有アクセス署名を作成するために使用できるユーザー委任キーを取得します。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 詳細については、「ユーザー委任 SAS を作成する」を参照してください。For more information, see Create a user delegation SAS. | db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a |
| 記憶域ファイル データの SMB 共有の共同作成者Storage File Data SMB Share Contributor | Azure ファイル共有のファイルまたはディレクトリに対する読み取り、書き込み、削除のアクセス権を許可します。Allows for read, write, and delete access on files/directories in Azure file shares. このロールに相当する機能は Windows ファイル サーバーに組み込まれていません。This role has no built-in equivalent on Windows file servers. | 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb |
| 記憶域ファイル データの SMB 共有の管理者特権共同作成者Storage File Data SMB Share Elevated Contributor | Azure ファイル共有のファイルまたはディレクトリに対する ACL の読み取り、書き込み、削除、変更を許可します。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の変更に相当します。This role is equivalent to a file share ACL of change on Windows file servers. | a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7 |
| ストレージ ファイル データの SMB 共有の閲覧者Storage File Data SMB Share Reader | Azure ファイル共有のファイルまたはディレクトリに対する読み取りアクセスを許可します。Allows for read access on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の読み取りに相当します。This role is equivalent to a file share ACL of read on Windows file servers. | aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314 |
| ストレージ キュー データ共同作成者共同作成者Storage Queue Data Contributor | Azure Storage キューおよびキュー メッセージの読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88 |
| ストレージ キュー データのメッセージ プロセッサStorage Queue Data Message Processor | Azure Storage キューからのメッセージのピーク、取得、削除を行います。Peek, retrieve, and delete a message from an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed |
| ストレージ キュー データ メッセージ送信者Storage Queue Data Message Sender | Azure Storage キューにメッセージを追加します。Add messages to an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a |
| ストレージ キュー データ閲覧者Storage Queue Data Reader | Azure Storage キューおよびキュー メッセージの読み取りと一覧表示を行います。Read and list Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925 |
| WebWeb | ||
| Azure Maps データ閲覧者Azure Maps Data Reader | Azure Maps アカウントからマップ関連データを読み取るためのアクセス権を付与します。Grants access to read map related data from an Azure maps account. | 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa |
| Search Service ContributorSearch Service Contributor | Search サービスを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0 |
| Web Plan ContributorWeb Plan Contributor | Web サイトの Web プランを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage the web plans for websites, but not access to them. | 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b |
| Website ContributorWebsite Contributor | Web サイト (Web プランではない) を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage websites (not web plans), but not access to them. | de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772 |
| ContainersContainers | ||
| AcrDeleteAcrDelete | acr の削除acr delete | c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11 |
| AcrImageSignerAcrImageSigner | ACR イメージ署名者acr image signer | 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f |
| AcrPullAcrPull | acr のプルacr pull | 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d |
| AcrPushAcrPush | acr のプッシュacr push | 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec |
| AcrQuarantineReaderAcrQuarantineReader | ACR 検査データ閲覧者acr quarantine data reader | cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04 |
| AcrQuarantineWriterAcrQuarantineWriter | ACR 検査データ作成者acr quarantine data writer | c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608 |
| Azure Kubernetes Service クラスター管理者ロールAzure Kubernetes Service Cluster Admin Role | クラスター管理者の資格情報アクションを一覧表示します。List cluster admin credential action. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 |
| Azure Kubernetes Service クラスター ユーザー ロールAzure Kubernetes Service Cluster User Role | クラスター ユーザーの資格情報アクションを一覧表示します。List cluster user credential action. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f |
| Azure Kubernetes Service 共同作成者ロールAzure Kubernetes Service Contributor Role | Azure Kubernetes Service クラスターへの読み取りおよび書き込みアクセスを許可します。Grants access to read and write Azure Kubernetes Service clusters | ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 |
| Azure Kubernetes Service RBAC 管理者Azure Kubernetes Service RBAC Admin | リソース クォータと名前空間の更新または削除を除き、クラスターおよび名前空間のすべてのリソースを管理できます。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. | 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7 |
| Azure Kubernetes Service RBAC クラスター管理者Azure Kubernetes Service RBAC Cluster Admin | クラスター内のすべてのリソースを管理できます。Lets you manage all resources in the cluster. | b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b |
| Azure Kubernetes Service RBAC 閲覧者Azure Kubernetes Service RBAC Reader | クラスターおよび名前空間内のすべてのリソース (シークレットを除く) を表示できます。Lets you view all resources in cluster/namespace, except secrets. | 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db |
| Azure Kubernetes Service RBAC ライターAzure Kubernetes Service RBAC Writer | リソース クォータ、名前空間、ポッド セキュリティ ポリシー、証明書署名要求、(クラスター) ロール、(クラスター) ロール バインドを除く、クラスターおよび名前空間のすべてを更新できます。Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. | a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb |
| データベースDatabases | ||
| Cosmos DB アカウントの閲覧者ロールCosmos DB Account Reader Role | Cosmos DB アカウントのデータを読み取ることができます。Can read Azure Cosmos DB account data. Azure Cosmos DB アカウントの管理については、「DocumentDB Account Contributor」をご覧ください。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. | fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8 |
| Cosmos DB オペレーターCosmos DB Operator | Azure Cosmos DB アカウントを管理することができます。ただし、アカウント内のデータにはアクセスできません。Lets you manage Azure Cosmos DB accounts, but not access data in them. アカウント キーと接続文字列へのアクセスは禁止されます。Prevents access to account keys and connection strings. | 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa |
| CosmosBackupOperatorCosmosBackupOperator | Cosmos DB データベースまたはアカウントのコンテナーの復元要求を送信できますCan submit restore request for a Cosmos DB database or a container for an account | db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb |
| DocumentDB Account ContributorDocumentDB Account Contributor | Azure Cosmos DB アカウントを管理できます。Can manage Azure Cosmos DB accounts. Azure Cosmos DB は以前は DocumentDB と呼ばれていました。Azure Cosmos DB is formerly known as DocumentDB. | 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450 |
| Redis Cache ContributorRedis Cache Contributor | Redis Caches を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Redis caches, but not access to them. | e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17 |
| SQL DB ContributorSQL DB Contributor | SQL データベースを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage SQL databases, but not access to them. また、セキュリティ関連のポリシーまたは親 SQL Server を管理することはできません。Also, you can't manage their security-related policies or their parent SQL servers. | 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec |
| SQL マネージド インスタンス共同作成者SQL Managed Instance Contributor | SQL マネージド インスタンスと必要なネットワーク構成を管理することができますが、他のユーザーにアクセス権を付与することはできません。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. | 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d |
| SQL Security ManagerSQL Security Manager | SQL サーバーとデータベースのセキュリティ関連のポリシーを管理できます。ただし、それらへのアクセスは管理できません。Lets you manage the security-related policies of SQL servers and databases, but not access to them. | 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3 |
| SQL Server ContributorSQL Server Contributor | SQL サーバーとデータベースを管理できます。ただし、それらへのアクセスや、それらのセキュリティ関連ポリシーは管理できません。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. | 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 |
| AnalyticsAnalytics | ||
| Azure Event Hubs データ所有者Azure Event Hubs Data Owner | Azure Event Hubs リソースへのフル アクセスを許可します。Allows for full access to Azure Event Hubs resources. | f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec |
| Azure Event Hubs データ受信者Azure Event Hubs Data Receiver | Azure Event Hubs リソースへの受信アクセスを許可します。Allows receive access to Azure Event Hubs resources. | a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde |
| Azure Event Hubs データ送信者Azure Event Hubs Data Sender | Azure Event Hubs リソースへの送信アクセスを許可します。Allows send access to Azure Event Hubs resources. | 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975 |
| Data Factory ContributorData Factory Contributor | データ ファクトリまたデータ ファクトリ内の子リソースを作成し管理します。Create and manage data factories, as well as child resources within them. | 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5 |
| Data PurgerData Purger | 分析データを削除することができます。Can purge analytics data | 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90 |
| HDInsight クラスター オペレーターHDInsight Cluster Operator | HDInsight クラスター構成の読み取りと変更を実行できます。Lets you read and modify HDInsight cluster configurations. | 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a |
| HDInsight ドメイン サービス共同作成者HDInsight Domain Services Contributor | HDInsight Enterprise セキュリティ パッケージに必要なドメイン サービス関連の操作の読み取り、作成、変更、削除を行うことができます。Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package | 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c |
| Log Analytics ContributorLog Analytics Contributor | Log Analytics 共同作成者は、すべての監視データを読み取り、監視設定を編集できます。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 監視設定の編集には、VM 拡張機能の VM への追加、Azure Storage からログの収集を設定できるようにするためのストレージ アカウント キーの読み取り、Automation アカウントの作成と構成、ソリューションの追加、すべての Azure リソースでの Azure Diagnostics の構成が含まれます。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. | 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293 |
| Log Analytics ReaderLog Analytics Reader | Log Analytics Reader は、すべての監視データの表示と検索、およびすべての Azure リソース上の Azure Diagnostics 構成の表示など、監視設定の表示を行うことができます。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893 |
| Schema Registry Contributor (プレビュー)Schema Registry Contributor (Preview) | Schema Registry グループおよびスキーマの読み取り、書き込み、および削除を行います。Read, write, and delete Schema Registry groups and schemas. | 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25 |
| Schema Registry Reader (プレビュー)Schema Registry Reader (Preview) | Schema Registry グループおよびスキーマの読み取りと一覧表示を行います。Read and list Schema Registry groups and schemas. | 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2 |
| ブロックチェーンBlockchain | ||
| ブロックチェーン メンバー ノードへのアクセス (プレビュー)Blockchain Member Node Access (Preview) | ブロックチェーン メンバー ノードにアクセスできるようにしますAllows for access to Blockchain Member nodes | 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24 |
| AI + 機械学習AI + machine learning | ||
| Cognitive Services 共同作成者Cognitive Services Contributor | Cognitive Services のキーの作成、読み取り、更新、削除、管理を行うことができます。Lets you create, read, update, delete and manage keys of Cognitive Services. | 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 |
| Cognitive Services データ閲覧者 (プレビュー)Cognitive Services Data Reader (Preview) | Cognitive Services データを読み取ります。Lets you read Cognitive Services data. | b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c |
| Cognitive Services ユーザーCognitive Services User | Cognitive Services のキーの読み取りおよび一覧表示を行うことができます。Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908 |
| 複合現実Mixed reality | ||
| Remote Rendering 管理者Remote Rendering Administrator | ユーザーに、Azure Remote Rendering での変換、セッション管理、レンダリング、および診断の機能を提供します。Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering | 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e |
| Remote Rendering クライアントRemote Rendering Client | ユーザーに、Azure Remote Rendering でのセッション管理、レンダリング、および診断の機能を提供します。Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. | d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a |
| Spatial Anchors アカウント共同作成者Spatial Anchors Account Contributor | アカウントで Spatial Anchors を管理します (削除は含まない)Lets you manage spatial anchors in your account, but not delete them | 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827 |
| Spatial Anchors アカウント所有者Spatial Anchors Account Owner | アカウントで Spatial Anchors を管理します (削除も含む)Lets you manage spatial anchors in your account, including deleting them | 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c |
| Spatial Anchors アカウント閲覧者Spatial Anchors Account Reader | アカウントで Spatial Anchors のプロパティを検索して読み取りますLets you locate and read properties of spatial anchors in your account | 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413 |
| 統合Integration | ||
| API Management Service ContributorAPI Management Service Contributor | サービスと API を管理できますCan manage service and the APIs | 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c |
| API Management Service Operator RoleAPI Management Service Operator Role | サービスを管理できますが、API は対象外ですCan manage service but not the APIs | e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61 |
| API Management Service Reader RoleAPI Management Service Reader Role | サービスと API への読み取り専用アクセスですRead-only access to service and APIs | 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d |
| App Configuration データ所有者App Configuration Data Owner | App Configuration データへのフル アクセスを許可します。Allows full access to App Configuration data. | 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b |
| App Configuration データ閲覧者App Configuration Data Reader | App Configuration データへの読み取りアクセスを許可します。Allows read access to App Configuration data. | 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071 |
| Azure Service Bus データ所有者Azure Service Bus Data Owner | Azure Service Bus リソースへのフル アクセスを許可します。Allows for full access to Azure Service Bus resources. | 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419 |
| Azure Service Bus データ受信者Azure Service Bus Data Receiver | Azure Service Bus リソースへの受信アクセスを許可します。Allows for receive access to Azure Service Bus resources. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
| Azure Service Bus データ送信者Azure Service Bus Data Sender | Azure Service Bus リソースへの送信アクセスを許可します。Allows for send access to Azure Service Bus resources. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
| Azure Stack Registration OwnerAzure Stack Registration Owner | Azure Stack の登録を管理できます。Lets you manage Azure Stack registrations. | 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a |
| EventGrid EventSubscription 共同作成者EventGrid EventSubscription Contributor | EventGrid のイベント サブスクリプション操作を管理できます。Lets you manage EventGrid event subscription operations. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |
| EventGrid EventSubscription 閲覧者EventGrid EventSubscription Reader | EventGrid のイベント サブスクリプションを読み取ることができます。Lets you read EventGrid event subscriptions. | 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405 |
| FHIR データ共同作成者FHIR Data Contributor | ユーザーまたはプリンシパルに FHIR データへのフル アクセスを許可するロールRole allows user or principal full access to FHIR Data | 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd |
| FHIR データ エクスポーターFHIR Data Exporter | ユーザーまたはプリンシパルに FHIR データの読み取りとエクスポートを許可するロールRole allows user or principal to read and export FHIR Data | 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843 |
| FHIR データ リーダーFHIR Data Reader | ユーザーまたはプリンシパルに FHIR データの読み取りを許可するロールRole allows user or principal to read FHIR Data | 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508 |
| FHIR データ ライターFHIR Data Writer | ユーザーまたはプリンシパルに FHIR データの読み取りと書き込みを許可するロールRole allows user or principal to read and write FHIR Data | 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913 |
| 統合サービス環境の共同作成者Integration Service Environment Contributor | 統合サービス環境を管理できますが、それらにアクセスすることはできません。Lets you manage integration service environments, but not access to them. | a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8 |
| 統合サービス環境の開発者Integration Service Environment Developer | 開発者が統合サービス環境でワークフロー、統合アカウント、および API 接続を作成および更新することを許可します。Allows developers to create and update workflows, integration accounts and API connections in integration service environments. | c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec |
| Intelligent Systems Account ContributorIntelligent Systems Account Contributor | Intelligent Systems のアカウントを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Intelligent Systems accounts, but not access to them. | 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e |
| Logic App ContributorLogic App Contributor | ロジック アプリを管理できますが、アクセス権を変更することはできません。Lets you manage logic apps, but not change access to them. | 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e |
| Logic App OperatorLogic App Operator | ロジック アプリの読み取り、有効化、無効化ができますが、編集または更新はできません。Lets you read, enable, and disable logic apps, but not edit or update them. | 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe |
| IDIdentity | ||
| Managed Identity ContributorManaged Identity Contributor | ユーザー割り当て ID の作成、読み取り、更新、削除を行いますCreate, Read, Update, and Delete User Assigned Identity | e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 |
| Managed Identity OperatorManaged Identity Operator | ユーザー割り当て ID の読み取りと割り当てを行いますRead and Assign User Assigned Identity | f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830 |
| SecuritySecurity | ||
| Azure Sentinel 共同作成者Azure Sentinel Contributor | Azure Sentinel 共同作成者Azure Sentinel Contributor | ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade |
| Azure Sentinel 閲覧者Azure Sentinel Reader | Azure Sentinel 閲覧者Azure Sentinel Reader | 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb |
| Azure Sentinel レスポンダーAzure Sentinel Responder | Azure Sentinel レスポンダーAzure Sentinel Responder | 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056 |
| Key Vault Administrator (プレビュー)Key Vault Administrator (preview) | キー コンテナーとその内部にあるすべてのオブジェクト (証明書、キー、シークレットを含む) に対して、すべてのデータ プレーン操作を実行します。Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. キー コンテナー リソースの管理やロール割り当ての管理はできません。Cannot manage key vault resources or manage role assignments. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483 |
| Key Vault Certificates Officer (プレビュー)Key Vault Certificates Officer (preview) | キーコンテナーの証明書に対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the certificates of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985 |
| Key Vault ContributorKey Vault Contributor | キー コンテナーを管理しますが、Azure RBAC でのロール割り当ては許可されず、シークレット、キー、証明書へのアクセスも許可されません。Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. | f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395 |
| Key Vault Crypto Officer (プレビュー)Key Vault Crypto Officer (preview) | キーコンテナーのキーに対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the keys of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603 |
| Key Vault Crypto Service Encryption (プレビュー)Key Vault Crypto Service Encryption (preview) | キーのメタデータを読み取り、wrap および unwrap 操作を実行します。Read metadata of keys and perform wrap/unwrap operations. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6 |
| Key Vault Crypto User (プレビュー)Key Vault Crypto User (preview) | キーを使用した暗号化操作を実行します。Perform cryptographic operations using keys. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424 |
| Key Vault Reader (プレビュー)Key Vault Reader (preview) | キー コンテナーとその証明書、キー、シークレットのメタデータを読み取ります。Read metadata of key vaults and its certificates, keys, and secrets. シークレット コンテンツやキー マテリアルなどの機密値を読み取ることはできません。Cannot read sensitive values such as secret contents or key material. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2 |
| Key Vault Secrets Officer (プレビュー)Key Vault Secrets Officer (preview) | キーコンテナーのシークレットに対して、アクセス許可の管理を除く任意の操作を実行します。Perform any action on the secrets of a key vault, except manage permissions. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7 |
| Key Vault Secrets User (プレビュー)Key Vault Secrets User (preview) | シークレット コンテンツを読み取ります。Read secret contents. 「Azure ロールベースのアクセス制御」アクセス許可モデルを使用するキー コンテナーでのみ機能します。Only works for key vaults that use the 'Azure role-based access control' permission model. | 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6 |
| Security AdminSecurity Admin | Security Center の表示および更新のアクセス許可。View and update permissions for Security Center. セキュリティ閲覧者と同じアクセス許可があり、セキュリティ ポリシーの更新、アラートと推奨事項の無視も可能になります。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. | fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd |
| Security Assessment ContributorSecurity Assessment Contributor | 評価を Security Center にプッシュできますLets you push assessments to Security Center | 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
| セキュリティ マネージャー (レガシ)Security Manager (Legacy) | これは、レガシ ロールです。This is a legacy role. 代わりに Security Admin を使用してください。Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
| Security ReaderSecurity Reader | Security Center の表示アクセス許可。View permissions for Security Center. 推奨事項、警告、セキュリティ ポリシー、セキュリティの状態を閲覧できますが、変更することはできません。Can view recommendations, alerts, a security policy, and security states, but cannot make changes. | 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4 |
| DevOpsDevOps | ||
| DevTest Labs UserDevTest Labs User | Azure DevTest Labs で仮想マシンの接続、起動、再起動、シャットダウンができます。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. | 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64 |
| Lab CreatorLab Creator | Azure ラボ アカウントに新しいラボを作成できます。Lets you create new labs under your Azure Lab Accounts. | b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead |
| 監視Monitor | ||
| Application Insights Component ContributorApplication Insights Component Contributor | Application Insights コンポーネントを管理できますCan manage Application Insights components | ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e |
| Application Insights Snapshot DebuggerApplication Insights Snapshot Debugger | Application Insights スナップショット デバッガーで収集されたデバック スナップショットの表示とダウンロードを実行できるアクセス許可をユーザーに与えます。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. これらのアクセス許可は、所有者ロールまたは共同作成者ロールには含まれないことに注意してください。Note that these permissions are not included in the Owner or Contributor roles. ユーザーに Application Insights スナップショット デバッガー ロールを与える場合は、そのロールをユーザーに直接付与する必要があります。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. このロールは、カスタム ロールに追加されるときに認識されません。The role is not recognized when it is added to a custom role. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b |
| Monitoring ContributorMonitoring Contributor | すべての監視データを読み取り、監視設定を編集できます。Can read all monitoring data and edit monitoring settings. 「Azure Monitor での役割、アクセス許可、およびセキュリティの概要」も参照してください。See also Get started with roles, permissions, and security with Azure Monitor. | 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa |
| 監視メトリック パブリッシャーMonitoring Metrics Publisher | Azure リソースに対するメトリックの公開を有効にしますEnables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb |
| Monitoring ReaderMonitoring Reader | すべての監視データ (メトリック、ログなど) を読み取ることができます。Can read all monitoring data (metrics, logs, etc.). 「Azure Monitor での役割、アクセス許可、およびセキュリティの概要」も参照してください。See also Get started with roles, permissions, and security with Azure Monitor. | 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05 |
| Workbook ContributorWorkbook Contributor | 共有ブックを保存できます。Can save shared workbooks. | e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad |
| Workbook ReaderWorkbook Reader | ブックの読み取りが可能です。Can read workbooks. | b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d |
| 管理 + ガバナンスManagement + governance | ||
| Automation Job OperatorAutomation Job Operator | Automation Runbook を使用してジョブを作成および管理します。Create and Manage Jobs using Automation Runbooks. | 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f |
| Automation OperatorAutomation Operator | Automation オペレーターはジョブを開始、停止、中断、再開することができますAutomation Operators are able to start, stop, suspend, and resume jobs | d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404 |
| Automation Runbook OperatorAutomation Runbook Operator | Runbook のジョブを作成する方法については、Runbook のプロパティを参照してください。Read Runbook properties - to be able to create Jobs of the runbook. | 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5 |
| Azure Connected Machine のオンボードAzure Connected Machine Onboarding | Azure Connected Machine をオンボードできます。Can onboard Azure Connected Machines. | b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 |
| Azure Connected Machine のリソース管理者Azure Connected Machine Resource Administrator | Azure Connected Machine の読み取り、書き込み、削除、再オンボードを実行できます。Can read, write, delete and re-onboard Azure Connected Machines. | cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302 |
| Billing ReaderBilling Reader | 課金データへの読み取りアクセスを許可しますAllows read access to billing data | fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 |
| ブループリント共同作成者Blueprint Contributor | ブループリントの定義を管理できますが、それらを割り当てることはできません。Can manage blueprint definitions, but not assign them. | 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4 |
| ブループリント オペレーターBlueprint Operator | 既存の発行済みのブループリントを割り当てることはできますが、ブループリントの新規作成はできません。Can assign existing published blueprints, but cannot create new blueprints. これは、ユーザーが割り当てたマネージド ID を使用して割り当てが行われた場合にのみ機能することに注意してください。Note that this only works if the assignment is done with a user-assigned managed identity. | 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090 |
| Cost Management 共同作成者Cost Management Contributor | コストを表示し、コストの構成 (予算、エクスポートなど) を管理することができます。Can view costs and manage cost configuration (e.g. budgets, exports) | 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430 |
| Cost Management 閲覧者Cost Management Reader | コストのデータと構成 (予算、エクスポートなど) を表示することができます。Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3 |
| Hierarchy Settings AdministratorHierarchy Settings Administrator | ユーザーに、階層設定の編集と削除を許可しますAllows users to edit and delete Hierarchy Settings | 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d |
| Kubernetes クラスター - Azure Arc のオンボードKubernetes Cluster - Azure Arc Onboarding | connectedClusters リソースを作成するため、あらゆるユーザーまたはサービスを承認するロール定義Role definition to authorize any user/service to create connectedClusters resource | 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41 |
| Managed Application Contributor RoleManaged Application Contributor Role | マネージド アプリケーション リソースの作成を許可します。Allows for creating managed application resources. | 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e |
| Managed Application Operator RoleManaged Application Operator Role | マネージド アプリケーション リソースに対する読み取りとアクションの実行が可能です。Lets you read and perform actions on Managed Application resources | c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae |
| Managed Applications 閲覧者Managed Applications Reader | マネージド アプリおよび要求 JIT アクセスでリソースを読み取ることができます。Lets you read resources in a managed app and request JIT access. | b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44 |
| マネージド サービスの登録割り当て削除ロールManaged Services Registration assignment Delete Role | マネージド サービスの登録割り当て削除ロールを使用すると、テナント管理ユーザーは、テナントに割り当てられている登録割り当てを削除できます。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. | 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46 |
| 管理グループ共同作成者Management Group Contributor | 管理グループ共同作成者ロールManagement Group Contributor Role | 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c |
| 管理グループ閲覧者Management Group Reader | 管理グループ閲覧者ロールManagement Group Reader Role | ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d |
| New Relic APM Account ContributorNew Relic APM Account Contributor | New Relic Application Performance Management のアカウントとアプリケーションを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. | 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237 |
| Policy Insights データ ライター (プレビュー)Policy Insights Data Writer (Preview) | リソース ポリシーに対する読み取りアクセスとリソース コンポーネント ポリシー イベントへの書き込みアクセスを許可します。Allows read access to resource policies and write access to resource component policy events. | 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84 |
| リソース ポリシーの共同作成者Resource Policy Contributor | リソース ポリシーの作成または変更、サポート チケットの作成、リソースまたは階層の読み取りを行う権限を持つユーザー。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608 |
| Site Recovery ContributorSite Recovery Contributor | 資格情報コンテナーの作成とロールの割り当てを除く、Site Recovery サービスを管理できますLets you manage Site Recovery service except vault creation and role assignment | 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567 |
| Site Recovery OperatorSite Recovery Operator | フェールオーバーとフェールバックを実行できますが、その他の Site Recovery 管理操作は実行しませんLets you failover and failback but not perform other Site Recovery management operations | 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca |
| Site Recovery ReaderSite Recovery Reader | Site Recovery の状態を表示できますが、その他の管理操作は実行できませんLets you view Site Recovery status but not perform other management operations | dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149 |
| Support Request ContributorSupport Request Contributor | Support request を作成して管理できますLets you create and manage Support requests | cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e |
| タグ共同作成者Tag Contributor | エンティティ自体へのアクセスを提供することなく、エンティティのタグを管理できます。Lets you manage tags on entities, without providing access to the entities themselves. | 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f |
| その他Other | ||
| BizTalk ContributorBizTalk Contributor | BizTalk Services を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage BizTalk services, but not access to them. | 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342 |
| デスクトップ仮想化ユーザーDesktop Virtualization User | ユーザーにアプリケーション グループ内のアプリケーションを使用することを許可します。Allows user to use the applications in an application group. | 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63 |
| Scheduler Job Collections ContributorScheduler Job Collections Contributor | スケジューラ ジョブ コレクションを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Scheduler job collections, but not access to them. | 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94 |
全般General
ContributorContributor
すべてのリソースを管理するためのフル アクセスを付与しますが、Azure RBAC でのロールの割り当ては許可されません。Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| * | あらゆる種類のリソースの作成と管理Create and manage resources of all types |
| NotActionsNotActions | |
| Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete | ロール、ポリシーの割り当て、ポリシーの定義、ポリシー セットの定義を削除します。Delete roles, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write | ロール、ロールの割り当て、ポリシーの割り当て、ポリシーの定義、ポリシー セットの定義を作成します。Create roles, role assignments, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action | テナント スコープで、ユーザー アクセス管理者のアクセス権を呼び出し元に付与します。Grants the caller User Access Administrator access at the tenant scope |
| Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write | 任意のブループリント割り当てを作成または更新しますCreate or update any blueprint assignments |
| Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete | 任意のブループリント割り当てを削除しますDelete any blueprint assignments |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
所有者Owner
Azure RBAC でロールを割り当てる権限を含め、すべてのリソースを管理するためのフル アクセスを付与します。Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| * | あらゆる種類のリソースの作成と管理Create and manage resources of all types |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ReaderReader
すべてのリソースを表示しますが、変更を加えることはできません。View all resources, but does not allow you to make any changes. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| */read*/read | 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "View all resources, but does not allow you to make any changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
User Access AdministratorUser Access Administrator
Azure リソースに対するユーザー アクセスを管理します。Lets you manage user access to Azure resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| */read*/read | 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets. |
| Microsoft.Authorization/*Microsoft.Authorization/* | 承認の管理Manage authorization |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ComputeCompute
Classic Virtual Machine ContributorClassic Virtual Machine Contributor
従来の仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* | 従来のコンピューティング ドメイン名の作成と管理Create and manage classic compute domain names |
| Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* | 仮想マシンの作成と管理Create and manage virtual machines |
| Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action | |
| Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action | 予約済み IP をリンクします。Link a reserved Ip |
| Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read | 予約済み IP を取得します。Gets the reserved Ips |
| Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action | 仮想ネットワークに参加します。Joins the virtual network. |
| Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read | 仮想ネットワークを取得します。Get the virtual network. |
| Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read | ストレージ アカウント ディスクを返します。Returns the storage account disk. |
| Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read | ストレージ アカウント イメージを返します。Returns the storage account image. (非推奨になりました。(Deprecated. 'Microsoft.ClassicStorage/storageAccounts/vmImages' を使用してください。)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | 特定のアカウントのストレージ アカウントを返します。Return the storage account with the given account. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Virtual Machine Administrator LoginVirtual Machine Administrator Login
ポータルで仮想マシンを表示し、管理者としてログインします。詳細View Virtual Machines in the portal and login as administrator Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | パブリック IP アドレス定義を取得します。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | ロード バランサー定義を取得します。Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | ネットワーク インターフェイスの定義を取得します。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 仮想マシンに通常のユーザーとしてログインします。Log in to a virtual machine as a regular user |
| Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action | Windows 管理者または Linux のルート ユーザーの権限で仮想マシンにログインします。Log in to a virtual machine with Windows administrator or Linux root user privileges |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Virtual Machine ContributorVirtual Machine Contributor
仮想マシンを管理できますが、アクセスすることはできません。また、接続先の仮想ネットワークやストレージ アカウントにもアクセスできません。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | コンピューティング可用性セットの作成と管理Create and manage compute availability sets |
| Microsoft.Compute/locations/*Microsoft.Compute/locations/* | コンピューティングの場所の作成と管理Create and manage compute locations |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | 仮想マシンの作成、更新、削除、起動、再起動、電源オフを含む、すべての仮想マシン操作を実行します。Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. 仮想マシンで定義済みのスクリプトを実行します。Execute predefined scripts on virtual machines. |
| Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* | 仮想マシン スケールセットの作成と管理Create and manage virtual machine scale sets |
| Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write | 新しいディスクを作成するか、既存のディスクを更新します。Creates a new Disk or updates an existing one |
| Microsoft.Compute/disks/readMicrosoft.Compute/disks/read | ディスクのプロパティを取得します。Get the properties of a Disk |
| Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete | ディスクを削除します。Deletes the Disk |
| Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action | アプリケーション ゲートウェイのバックエンド アドレス プールを接続します。Joins an application gateway backend address pool. 警告不可能です。Not Alertable. |
| Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | ロード バランサーのバックエンド アドレス プールを接続します。Joins a load balancer backend address pool. 警告不可能です。Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action | ロード バランサーの受信 NAT プールを接続します。Joins a load balancer inbound NAT pool. 警告不可能です。Not alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | ロード バランサーのインバウンド NAT 規則を接続します。Joins a load balancer inbound nat rule. 警告不可能です。Not Alertable. |
| Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action | ロード バランサーのプローブの使用を許可します。Allows using probes of a load balancer. たとえば、このアクセス許可では、VM スケール セットの healthProbe プロパティでプローブを参照できます。For example, with this permission healthProbe property of VM scale set can reference the probe. 警告不可能です。Not alertable. |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | ロード バランサー定義を取得します。Gets a load balancer definition |
| Microsoft.Network/locations/*Microsoft.Network/locations/* | ネットワークの場所の作成と管理Create and manage network locations |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | ネットワーク インターフェイスの作成と管理Create and manage network interfaces |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read | ネットワーク セキュリティ グループの定義を取得します。Gets a network security group definition |
| Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | パブリック IP アドレスに接続します。Joins a public ip address. 警告不可能です。Not Alertable. |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | パブリック IP アドレス定義を取得します。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable. |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | バックアップの保護インテントを作成しますCreate a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | バックアップ保護項目を作成します。Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | すべての保護ポリシーを返します。Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write | 保護ポリシーを作成します。Creates Protection Policy |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | "コンテナーの作成" 操作では、"コンテナー" 型の Azure リソースを作成します。Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Virtual Machine User LoginVirtual Machine User Login
ポータルで仮想マシンを表示し、通常のユーザーとしてログインします。View Virtual Machines in the portal and login as a regular user. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | パブリック IP アドレス定義を取得します。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | ロード バランサー定義を取得します。Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | ネットワーク インターフェイスの定義を取得します。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 仮想マシンに通常のユーザーとしてログインします。Log in to a virtual machine as a regular user |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ネットワークNetworking
CDN Endpoint ContributorCDN Endpoint Contributor
CDN エンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN endpoints, but can't grant access to other users.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN Endpoint ReaderCDN Endpoint Reader
CDN エンドポイントを表示できますが、変更はできません。Can view CDN endpoints, but can't make changes.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN Profile ContributorCDN Profile Contributor
CDN プロファイルとそのエンドポイントを管理できますが、アクセス権を他のユーザーに付与することはできません。Can manage CDN profiles and their endpoints, but can't grant access to other users. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
"name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN Profile ReaderCDN Profile Reader
CDN プロファイルとそのエンドポイントを表示できますが、変更はできません。Can view CDN profiles and their endpoints, but can't make changes.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN profiles and their endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
"name": "8f96442b-4075-438f-813d-ad51ab4019af",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Classic Network ContributorClassic Network Contributor
従来のネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage classic networks, but not access to them. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* | 従来のネットワークの作成と管理Create and manage classic networks |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicNetwork/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DNS Zone ContributorDNS Zone Contributor
Azure DNS の DNS ゾーンとレコード セットを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* | DNS ゾーンとレコードの作成と管理Create and manage DNS zones and records |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"name": "befefa01-2a29-4197-83a8-272ff33ce314",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/dnsZones/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Network ContributorNetwork Contributor
ネットワークを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage networks, but not access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Network/*Microsoft.Network/* | ネットワークの作成と管理Create and manage networks |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
プライベート DNS ゾーンの共同作成者Private DNS Zone Contributor
プライベート DNS ゾーンのリソースを管理できますが、リンク先の仮想ネットワークを管理することはできません。Lets you manage private DNS zone resources, but not the virtual networks they are linked to. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Network/privateDnsZones/*Microsoft.Network/privateDnsZones/* | |
| Microsoft.Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/* | |
| Microsoft.Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/* | |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action | 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable. |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
"permissions": [
{
"actions": [
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/privateDnsZones/*",
"Microsoft.Network/privateDnsOperationResults/*",
"Microsoft.Network/privateDnsOperationStatuses/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/join/action",
"Microsoft.Authorization/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Private DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Traffic Manager ContributorTraffic Manager Contributor
Traffic Manager プロファイルを管理できますが、それにアクセスできるユーザーを制御することはできません。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/* | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/trafficManagerProfiles/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Traffic Manager Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージStorage
Avere 共同作成者Avere Contributor
Avere vFXT クラスターを作成および管理できます。Can create and manage an Avere vFXT cluster. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Compute/*/readMicrosoft.Compute/*/read | |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/* | |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/disks/*Microsoft.Compute/disks/* | |
| Microsoft.Network/*/readMicrosoft.Network/*/read | |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 仮想ネットワーク サブネットの定義を取得します。Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Storage/*/readMicrosoft.Storage/*/read | |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | ストレージ アカウントの作成と管理Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read | リソース グループのリソースを取得します。Gets the resources for the resource group. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | BLOB を削除した結果を返します。Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | BLOB または BLOB の一覧を返します。Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | BLOB の書き込みの結果を返します。Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/proximityPlacementGroups/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Avere オペレーターAvere Operator
クラスターを管理するために Avere vFXT クラスターによって使用されます。詳細Used by the Avere vFXT cluster to manage the cluster Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | 仮想マシンのプロパティを取得します。Get the properties of a virtual machine |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | ネットワーク インターフェイスの定義を取得します。Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | ネットワーク インターフェイスを作成するか、既存のネットワーク インターフェイスを更新します。Creates a network interface or updates an existing network interface. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 仮想ネットワーク サブネットの定義を取得します。Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 仮想ネットワークに参加します。Joins a virtual network. 警告不可能です。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | ネットワーク セキュリティ グループに参加します。Joins a network security group. 警告不可能です。Not Alertable. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | コンテナーを削除した結果を返します。Returns the result of deleting a container |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | コンテナーの一覧を返しますReturns list of containers |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | BLOB コンテナーのプット結果を返しますReturns the result of put blob container |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | BLOB を削除した結果を返します。Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | BLOB または BLOB の一覧を返します。Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | BLOB の書き込みの結果を返します。Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Backup ContributorBackup Contributor
バックアップ サービスを管理できますが、資格情報コンテナーの作成や他のユーザーに対するアクセス権の付与を行うことはできません。詳細Lets you manage backup service, but can't create vaults and give access to others Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | バックアップ管理操作の結果の管理Manage results of operation on backup management |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | Recovery Services コンテナーのバックアップ ファブリック内でのバックアップ コンテナーの作成および管理Create and manage backup containers inside backup fabrics of Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | コンテナーの一覧を更新します。Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | バックアップ ジョブの作成および管理Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | ジョブをエクスポートします。Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | バックアップ管理操作の結果の作成および管理Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* | バックアップ ポリシーの作成および管理Create and manage backup policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | バックアップできるアイテムの作成および管理Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | バックアップ アイテムの作成および管理Create and manage backed up items |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | バックアップ アイテムを保持するコンテナーの作成および管理Create and manage containers holding backup items |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* | Recovery Services コンテナー内のバックアップに関連する証明書の作成および管理Create and manage certificates related to backup in Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | コンテナーに関連する拡張情報の作成および管理Create and manage extended info related to vault |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 登録済み ID の管理Create and manage registered identities |
| Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* | Recovery Services コンテナーの使用状況の作成および管理Create and manage usage of Recovery Services vault |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 保護された項目に対する操作を検証しますValidate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | "コンテナーの作成" 操作では、"コンテナー" 型の Azure リソースを作成します。Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | すべての保護可能なコンテナーを取得します。Get all protectable containers |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 機能を検証します。Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | アラートを解決する。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup service,but can't create vaults and give access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Backup OperatorBackup Operator
バックアップ サービスを管理できます (バックアップの削除、資格情報コンテナーの作成、他のユーザーに対するアクセス権の付与を除きます)。詳細Lets you manage backup services, except removal of backup, vault creation and giving access to others Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 仮想ネットワークの定義を取得します。Get the virtual network definition |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 操作の状態を返します。Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 保護コンテナーに対して実行された操作の結果を取得します。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | 保護された項目のバックアップを実行します。Performs Backup for Protected Item. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 保護された項目に対して実行された操作の結果を取得します。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 保護された項目に対して実行された操作の状態を返します。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | 保護された項目のインスタント項目回復をプロビジョニングします。Provision Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 保護された項目の復旧ポイントを取得します。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | 保護された項目の復旧ポイントを復元します。Restore Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | 保護された項目のインスタント項目回復を取り消します。Revoke Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | バックアップ保護項目を作成します。Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | すべての登録済みコンテナーを返します。Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | コンテナーの一覧を更新します。Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | バックアップ ジョブの作成および管理Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | ジョブをエクスポートします。Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | バックアップ管理操作の結果の作成および管理Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | ポリシー操作の結果を取得します。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | すべての保護ポリシーを返します。Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | バックアップできるアイテムの作成および管理Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | すべての保護された項目の一覧を返します。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | サブスクリプションに属するすべてのコンテナーを返します。Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | "リソース証明書を更新" 操作では、リソース/コンテナー資格情報証明書を更新します。The Update Resource Certificate operation updates the resource/vault credential certificate. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write | "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | "操作結果を取得" 操作を使用すると、非同期で送信された操作の状態と結果を取得できます。The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | " コンテナーを取得" 操作を使用すると、リソースの登録済みコンテナーを取得できます。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write | "サービス コンテナーを登録" 操作を使用すると、コンテナーを Recovery Services に登録できます。The Register Service Container operation can be used to register a container with Recovery Service. |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 保護された項目に対する操作を検証しますValidate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | ポリシー操作の状態を取得します。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | 登録済みコンテナーを作成します。Creates a registered container |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action | コンテナー内のワークロードを照会します。Do inquiry for workloads within a container |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | バックアップの保護インテントを作成しますCreate a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | バックアップ保護の意図を取得しますGet a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | すべての保護可能なコンテナーを取得します。Get all protectable containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | コンテナー内のすべての項目を取得します。Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 機能を検証します。Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | アラートを解決する。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Backup ReaderBackup Reader
バックアップ サービスを表示できますが、変更を行うことはできません。詳細Can view backup services, but can't make changes Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp は、サービスによって使用される内部操作です。GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 操作の状態を返します。Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 保護コンテナーに対して実行された操作の結果を取得します。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 保護された項目に対して実行された操作の結果を取得します。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 保護された項目に対して実行された操作の状態を返します。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 保護された項目のオブジェクトの詳細を返します。Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 保護された項目の復旧ポイントを取得します。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | すべての登録済みコンテナーを返します。Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read | ジョブ操作の結果を返します。Returns the Result of Job Operation. |
| Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read | すべてのジョブ オブジェクトを返します。Returns all Job Objects |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | ジョブをエクスポートします。Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read | Recovery Services コンテナーに対するバックアップ操作の結果を返します。Returns Backup Operation Result for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | ポリシー操作の結果を取得します。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | すべての保護ポリシーを返します。Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | すべての保護された項目の一覧を返します。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | サブスクリプションに属するすべてのコンテナーを返します。Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | Recovery Services の保護された項目と保護されたサーバーの概要を返します。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | "拡張情報の取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトの拡張情報を取得します。The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | Recovery Services コンテナーのアラートを取得します。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | "コンテナーの取得" 操作では、"コンテナー" 型の Azure リソースを表すオブジェクトを取得します。The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | "操作結果を取得" 操作を使用すると、非同期で送信された操作の状態と結果を取得できます。The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | " コンテナーを取得" 操作を使用すると、リソースの登録済みコンテナーを取得できます。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read | Recovery Services コンテナーのストレージ構成を返します。Returns Storage Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read | Recovery Services コンテナーの構成を返します。Returns Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | Recovery Services コンテナーに対するバックアップ操作の状態を返します。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | ポリシー操作の状態を取得します。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | コンテナーに登録されているすべてのバックアップ管理サーバーを返します。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | バックアップ保護の意図を取得しますGet a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | コンテナー内のすべての項目を取得します。Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | Recovery Services コンテナーのバックアップの状態を確認します。Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | アラートを解決する。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | リソース プロバイダーの操作の一覧を返します。Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 特定の操作の操作の状態を取得しますGets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | すべてのバックアップ保護の意図を一覧表示しますList all backup Protection Intents |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | Recovery Services コンテナーの使用状況の詳細を返します。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 機能を検証します。Validate Features |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Classic Storage Account ContributorClassic Storage Account Contributor
従来のストレージ アカウントを管理できますが、アクセスすることはできません。Lets you manage classic storage accounts, but not access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* | ストレージ アカウントの作成と管理Create and manage storage accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
従来のストレージ アカウント キー オペレーターのサービス ロールClassic Storage Account Key Operator Service Role
従来のストレージ アカウント キー オペレーターは、従来のストレージ アカウントでのキーの一覧表示と再生成を行うことができます。詳細Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action | ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action | ストレージ アカウントの既存のアクセス キーを再生成します。Regenerates the existing access keys for the storage account. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box ContributorData Box Contributor
Data Box サービスですべてを管理できます (他のユーザーに対するアクセス権の付与を除く)。Lets you manage everything under Data Box Service except giving access to others. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Databox/*Microsoft.Databox/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Box 閲覧者Data Box Reader
Data Box サービスを管理できます (注文の作成または注文の詳細の編集、および他のユーザーに対するアクセス権の付与を除く)。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Databox/*/readMicrosoft.Databox/*/read | |
| Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action | |
| Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action | 注文に関連する暗号化されていない資格情報を一覧表示します。Lists the unencrypted credentials related to the order. |
| Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action | このメソッドは、使用可能な SKU の一覧を返します。This method returns the list of available skus. |
| Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action | このメソッドでは、すべての種類の検証が行われます。This method does all type of validations. |
| Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action | このメソッドでは、リージョンの構成が返されます。This method returns the configurations for the region. |
| Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action | 配送先住所を検証し、存在する場合には別の住所を指定します。Validates the shipping address and provides alternate addresses if any. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Lake Analytics DeveloperData Lake Analytics Developer
独自のジョブを送信、監視、管理できますが、Data Lake Analytics アカウントを作成または削除することはできません。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/* | |
| Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete | |
| Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action | |
| Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write | |
| Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete | DataLakeAnalytics アカウントを削除します。Delete a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action | 他のユーザーによって送信されたジョブを取り消すアクセス許可を付与します。Grant permissions to cancel jobs submitted by other users. |
| Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write | DataLakeAnalytics アカウントを作成または更新します。Create or update a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | DataLakeAnalytics アカウントのリンクされた DataLakeStore アカウントを作成または更新します。Create or update a linked DataLakeStore account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | DataLakeAnalytics アカウントから DataLakeStore アカウントのリンクを解除します。Unlink a DataLakeStore account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write | DataLakeAnalytics アカウントのリンクされたストレージ アカウントを作成または更新します。Create or update a linked Storage account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete | DataLakeAnalytics アカウントからストレージ アカウントをリンク解除します。Unlink a Storage account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write | ファイアウォール規則を作成または更新します。Create or update a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete | ファイアウォール規則を削除します。Delete a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write | コンピューティング ポリシーを作成または更新します。Create or update a compute policy. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete | コンピューティング ポリシーを削除します。Delete a compute policy. |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Reader and Data AccessReader and Data Access
すべてを表示することができますが、ストレージ アカウントや含まれるリソースの削除や作成はできません。Lets you view everything but will not let you delete or create a storage account or contained resource. ストレージ アカウント キーへのアクセスを使用して、ストレージ アカウントに含まれるすべてのデータへの読み取り/書き込みアクセスも許可されます。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action | 指定されたストレージ アカウントのアカウント SAS トークンを返します。Returns the Account SAS token for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | ストレージ アカウントの一覧を返すか、指定されたストレージ アカウントのプロパティを取得します。Returns the list of storage accounts or gets the properties for the specified storage account. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage Account ContributorStorage Account Contributor
ストレージ アカウントの管理を許可します。Permits management of storage accounts. アカウント キーへのアクセスを提供します。これを使用して、共有キー認証を使用してデータにアクセスすることができます。Provides access to the account key, which can be used to access data via Shared Key authorization. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | ストレージ アカウントの作成と管理Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ アカウント キー オペレーターのサービス ロールStorage Account Key Operator Service Role
ストレージ アカウント アクセス キーを一覧表示および再生成できます。Permits listing and regenerating storage account access keys. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action | 指定されたストレージ アカウントのアクセス キーを再生成します。Regenerates the access keys for the specified storage account. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ BLOB データ共同作成者Storage Blob Data Contributor
Azure Storage コンテナーと BLOB の読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | コンテナーを削除します。Delete a container. |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | コンテナーまたはコンテナーの一覧を返します。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | コンテナーのメタデータまたはプロパティを変更します。Modify a container's metadata or properties. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | BLOB を削除するDelete a blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | BLOB または BLOB の一覧を返します。Return a blob or a list of blobs. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | パス間で BLOB を移動しますMoves the blob from one path to another |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | BLOB に書き込みます。Write to a blob. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ BLOB データ所有者Storage Blob Data Owner
Azure Storage Blob コンテナーとデータに対するフル アクセス (POSIX アクセスの制御の割り当てを含む) を提供します。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* | コンテナーのフル アクセス許可。Full permissions on containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | BLOB のフル アクセス許可。Full permissions on blobs. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ BLOB データ閲覧者Storage Blob Data Reader
Azure Storage コンテナーと BLOB の読み取りと一覧表示を行います。Read and list Azure Storage containers and blobs. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | コンテナーまたはコンテナーの一覧を返します。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | BLOB または BLOB の一覧を返します。Return a blob or a list of blobs. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Storage Blob デリゲータStorage Blob Delegator
Azure AD 資格情報で署名されたコンテナーまたは BLOB 用の共有アクセス署名を作成するために使用できるユーザー委任キーを取得します。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 詳細については、「ユーザー委任 SAS を作成する」を参照してください。For more information, see Create a user delegation SAS. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | Blob service 用のユーザー委任キーを返します。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
記憶域ファイル データの SMB 共有の共同作成者Storage File Data SMB Share Contributor
Azure ファイル共有のファイルまたはディレクトリに対する読み取り、書き込み、削除のアクセス権を許可します。Allows for read, write, and delete access on files/directories in Azure file shares. このロールに相当する機能は Windows ファイル サーバーに組み込まれていません。This role has no built-in equivalent on Windows file servers. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | ファイルの書き込みまたはフォルダーの作成の結果を返します。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | ファイル/フォルダーの削除の結果を返します。Returns the result of deleting a file/folder. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
記憶域ファイル データの SMB 共有の管理者特権共同作成者Storage File Data SMB Share Elevated Contributor
Azure ファイル共有のファイルまたはディレクトリに対する ACL の読み取り、書き込み、削除、変更を許可します。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の変更に相当します。This role is equivalent to a file share ACL of change on Windows file servers. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | ファイルの書き込みまたはフォルダーの作成の結果を返します。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | ファイル/フォルダーの削除の結果を返します。Returns the result of deleting a file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | ファイル/フォルダーに対するアクセス許可の変更の結果を返します。Returns the result of modifying permission on a file/folder. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
記憶域ファイル データの SMB 共有の閲覧者Storage File Data SMB Share Reader
Azure ファイル共有のファイルまたはディレクトリに対する読み取りアクセスを許可します。Allows for read access on files/directories in Azure file shares. このロールは、Windows ファイル サーバーでのファイル共有 ACL の読み取りに相当します。This role is equivalent to a file share ACL of read on Windows file servers. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | ファイル/フォルダーまたはファイル/フォルダーの一覧を返します。Returns a file/folder or a list of files/folders. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ キュー データ共同作成者Storage Queue Data Contributor
Azure Storage キューおよびキュー メッセージの読み取り、書き込み、削除を行います。Read, write, and delete Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete | キューを削除します。Delete a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | キューまたはキューの一覧を返します。Return a queue or a list of queues. |
| Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write | キューのメタデータまたはプロパティを変更します。Modify queue metadata or properties. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete | 1 つまたは複数のメッセージをキューから削除します。Delete one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 1 つまたは複数のメッセージをキューからピークまたは取得します。Peek or retrieve one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write | メッセージをキューに追加します。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ キュー データのメッセージ プロセッサStorage Queue Data Message Processor
Azure Storage キューからのメッセージのピーク、取得、削除を行います。Peek, retrieve, and delete a message from an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | メッセージをピークします。Peek a message. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action | メッセージを取得および削除します。Retrieve and delete a message. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ キュー データ メッセージ送信者Storage Queue Data Message Sender
Azure Storage キューにメッセージを追加します。Add messages to an Azure Storage queue. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action | メッセージをキューに追加します。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ストレージ キュー データ閲覧者Storage Queue Data Reader
Azure Storage キューおよびキュー メッセージの読み取りと一覧表示を行います。Read and list Azure Storage queues and queue messages. 特定のデータ操作に必要なアクションについては、「Permissions for calling blob and queue data operations (BLOB およびキューのデータの操作を呼び出すためのアクセス許可)」をご覧ください。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | キューまたはキューの一覧を返します。Returns a queue or a list of queues. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 1 つまたは複数のメッセージをキューからピークまたは取得します。Peek or retrieve one or more messages from a queue. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
WebWeb
Azure Maps データ閲覧者Azure Maps Data Reader
Azure Maps アカウントからマップ関連データを読み取るためのアクセス権を付与します。Grants access to read map related data from an Azure maps account.
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Search Service ContributorSearch Service Contributor
Search サービスを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Search services, but not access to them. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* | 検索サービスの作成と管理Create and manage search services |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Web Plan ContributorWeb Plan Contributor
Web サイトの Web プランを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage the web plans for websites, but not access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* | サーバー ファームの作成と管理Create and manage server farms |
| Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action | App Service Environment に参加しますJoins an App Service Environment |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the web plans for websites, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/hostingEnvironments/Join/Action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Web Plan Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Website ContributorWebsite Contributor
Web サイト (Web プランではない) を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage websites (not web plans), but not access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | Insights コンポーネントの作成と管理Create and manage Insights components |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Web/certificates/*Microsoft.Web/certificates/* | Web サイト証明書の作成と管理Create and manage website certificates |
| Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read | ホスト名に割り当てられたサイトの名前を取得します。Get names of sites assigned to hostname. |
| Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action | App Service プランに参加します。Joins an App Service Plan |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | App Service プランのプロパティを取得します。Get the properties on an App Service Plan |
| Microsoft.Web/sites/*Microsoft.Web/sites/* | Web サイトの作成と管理 (サイト作成では、関連付けられた App Service プランに対する書き込みアクセス許可も必要です)Create and manage websites (site creation also requires write permissions to the associated App Service Plan) |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage websites (not web plans), but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
"name": "de139f84-1756-47ae-9be6-808fbbe84772",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/certificates/*",
"Microsoft.Web/listSitesAssignedToHostName/read",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Website Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ContainersContainers
AcrDeleteAcrDelete
acr の削除 詳細acr delete Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete | コンテナー レジストリの成果物を削除します。Delete artifact in a container registry. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr delete",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/artifacts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrDelete",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrImageSignerAcrImageSigner
acr イメージ署名者 詳細acr image signer Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write | コンテナー レジストリのコンテンツの信頼メタデータをプッシュ/プルします。Push/Pull content trust metadata for a container registry. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr image signer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
"name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/sign/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrImageSigner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPullAcrPull
acr のプル 詳細acr pull Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | コンテナー レジストリからイメージをプルまたは取得します。Pull or Get images from a container registry. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr pull",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
"name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPull",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPushAcrPush
acr のプッシュ 詳細acr push Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | コンテナー レジストリからイメージをプルまたは取得します。Pull or Get images from a container registry. |
| Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write | コンテナー レジストリにイメージをプッシュするか書き込みます。Push or Write images to a container registry. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr push",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
"name": "8311e382-0749-4cb8-b61a-304f252e45ec",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/push/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPush",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineReaderAcrQuarantineReader
ACR 検査データ閲覧者acr quarantine data reader
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | コンテナー レジストリから検疫済みのイメージをプルまたは取得しますPull or Get quarantined images from container registry |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
"name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineReader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineWriterAcrQuarantineWriter
ACR 検査データ作成者acr quarantine data writer
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | コンテナー レジストリから検疫済みのイメージをプルまたは取得しますPull or Get quarantined images from container registry |
| Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write | 検疫済みイメージの検疫状態を書き込むか変更しますWrite/Modify quarantine state of quarantined images |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data writer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read",
"Microsoft.ContainerRegistry/registries/quarantine/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineWriter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service クラスター管理者ロールAzure Kubernetes Service Cluster Admin Role
クラスター管理者の資格情報アクションを一覧表示します。List cluster admin credential action. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action | 管理対象クラスターの clusterAdmin 資格情報を一覧表示します。List the clusterAdmin credential of a managed cluster |
| Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action | 資格情報の一覧の取得を使用し、ロール名を指定してマネージド クラスターのアクセス プロファイルを取得します。Get a managed cluster access profile by role name using list credential |
| Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | マネージド クラスターを取得します。Get a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "List cluster admin credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster Admin Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service クラスター ユーザー ロールAzure Kubernetes Service Cluster User Role
クラスター ユーザーの資格情報アクションを一覧表示します。List cluster user credential action. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster |
| Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | マネージド クラスターを取得します。Get a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "List cluster user credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
"Microsoft.ContainerService/managedClusters/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster User Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service 共同作成者ロールAzure Kubernetes Service Contributor Role
Azure Kubernetes Service クラスターへの読み取りおよび書き込みアクセスを許可します 詳細Grants access to read and write Azure Kubernetes Service clusters Learn more
| ActionsActions | 説明Description |
|---|---|
| Microsoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read | マネージド クラスターを取得します。Get a managed cluster |
| Microsoft.ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write | 新しいマネージド クラスターを作成するか、既存のものを更新します。Creates a new managed cluster or updates an existing one |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read and write Azure Kubernetes Service clusters",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.ContainerService/managedClusters/write",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC 管理者Azure Kubernetes Service RBAC Admin
リソース クォータと名前空間の更新または削除を除き、クラスターおよび名前空間のすべてのリソースを管理できます。Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | デプロイを作成または更新します。Creates or updates an deployment. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/* | |
| NotDataActionsNotDataActions | |
| Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write | resourcequotas を書き込みますWrites resourcequotas |
| Microsoft.ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete | resourcequotas を削除しますDeletes resourcequotas |
| Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write | namespaces を書き込みますWrites namespaces |
| Microsoft.ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete | 名前空間を削除しますDeletes namespaces |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
"name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": [
"Microsoft.ContainerService/managedClusters/resourcequotas/write",
"Microsoft.ContainerService/managedClusters/resourcequotas/delete",
"Microsoft.ContainerService/managedClusters/namespaces/write",
"Microsoft.ContainerService/managedClusters/namespaces/delete"
]
}
],
"roleName": "Azure Kubernetes Service RBAC Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC クラスター管理者Azure Kubernetes Service RBAC Cluster Admin
クラスター内のすべてのリソースを管理できます。Lets you manage all resources in the cluster. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | デプロイを作成または更新します。Creates or updates an deployment. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage all resources in the cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*"
],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service RBAC Cluster Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC 閲覧者Azure Kubernetes Service RBAC Reader
クラスターおよび名前空間内のすべてのリソース (シークレットを除く) を表示できます。Lets you view all resources in cluster/namespace, except secrets. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | デプロイを作成または更新します。Creates or updates an deployment. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read | |
| NotDataActionsNotDataActions | |
| Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read | |
| Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write | |
| Microsoft.ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/* |
{
"assignableScopes": [
"/"
],
"description": "Lets you view all resources in cluster/namespace, except secrets.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*/read"
],
"notDataActions": [
"Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
"Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
"Microsoft.ContainerService/managedClusters/secrets/*"
]
}
],
"roleName": "Azure Kubernetes Service RBAC Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service RBAC ライターAzure Kubernetes Service RBAC Writer
リソース クォータ、名前空間、ポッド セキュリティ ポリシー、証明書署名要求、(クラスター) ロール、(クラスター) ロール バインドを除く、クラスターおよび名前空間のすべてを更新できます。Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/writeMicrosoft.Resources/deployments/write | デプロイを作成または更新します。Creates or updates an deployment. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 管理対象クラスターの clusterUser 資格情報を一覧表示します。List the clusterUser credential of a managed cluster |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ContainerService/managedClusters/*/readMicrosoft.ContainerService/managedClusters/*/read | |
| Microsoft.ContainerService/managedClusters/*/writeMicrosoft.ContainerService/managedClusters/*/write | |
| NotDataActionsNotDataActions | |
| Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/readMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read | |
| Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/writeMicrosoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write | |
| Microsoft.ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write | namespaces を書き込みますWrites namespaces |
| Microsoft.ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write | resourcequotas を書き込みますWrites resourcequotas |
| Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/writeMicrosoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write | certificatesigningrequests を書き込みますWrites certificatesigningrequests |
| Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/writeMicrosoft.ContainerService/managedClusters/policy/podsecuritypolicies/write | podsecuritypolicies を書き込みますWrites podsecuritypolicies |
{
"assignableScopes": [
"/"
],
"description": "Lets you update everything in cluster/namespace, except resource quotas, namespaces, pod security policies, certificate signing requests, (cluster)roles and (cluster)role bindings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [
"Microsoft.ContainerService/managedClusters/*/read",
"Microsoft.ContainerService/managedClusters/*/write"
],
"notDataActions": [
"Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/read",
"Microsoft.ContainerService/managedClusters/rbac.authorization.k8s.io/*/write",
"Microsoft.ContainerService/managedClusters/namespaces/write",
"Microsoft.ContainerService/managedClusters/resourcequotas/write",
"Microsoft.ContainerService/managedClusters/certificates.k8s.io/certificatesigningrequests/write",
"Microsoft.ContainerService/managedClusters/policy/podsecuritypolicies/write"
]
}
],
"roleName": "Azure Kubernetes Service RBAC Writer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
データベースDatabases
Cosmos DB アカウントの閲覧者ロールCosmos DB Account Reader Role
Cosmos DB アカウントのデータを読み取ることができます。Can read Azure Cosmos DB account data. Azure Cosmos DB アカウントの管理については、「DocumentDB Account Contributor」をご覧ください。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read | 任意のコレクションの読み取りRead any collection |
| Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action | データベース アカウントの読み取り専用キーを読み取ります。Reads the database account readonly keys. |
| Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can read Azure Cosmos DB Accounts data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
"Microsoft.Insights/MetricDefinitions/read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Account Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cosmos DB オペレーターCosmos DB Operator
Azure Cosmos DB アカウントを管理することができます。ただし、アカウント内のデータにはアクセスできません。Lets you manage Azure Cosmos DB accounts, but not access data in them. アカウント キーと接続文字列へのアクセスは禁止されます。Prevents access to account keys and connection strings. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable. |
| NotActionsNotActions | |
| Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/* | |
| Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
"name": "230815da-be43-4aae-9cb4-875f7bd000aa",
"permissions": [
{
"actions": [
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [
"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
"Microsoft.DocumentDB/databaseAccounts/listKeys/*",
"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosBackupOperatorCosmosBackupOperator
Cosmos DB データベースまたはアカウントのコンテナーの復元要求を送信できます。詳細Can submit restore request for a Cosmos DB database or a container for an account Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action | バックアップを構成するための要求を送信しますSubmit a request to configure backup |
| Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action | 復元要求を送信しますSubmit a restore request |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can submit restore request for a Cosmos DB database or a container for an account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/databaseAccounts/backup/action",
"Microsoft.DocumentDB/databaseAccounts/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosBackupOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DocumentDB Account ContributorDocumentDB Account Contributor
Azure Cosmos DB アカウントを管理できます。Can manage Azure Cosmos DB accounts. Azure Cosmos DB は以前は DocumentDB と呼ばれていました。Azure Cosmos DB is formerly known as DocumentDB. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | Azure Cosmos DB アカウントの作成と管理Create and manage Azure Cosmos DB accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DocumentDB accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
"name": "5bd9cd88-fe45-4216-938b-f97437e15450",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DocumentDB Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Redis Cache ContributorRedis Cache Contributor
Redis Caches を管理できます。ただし、それらへのアクセスは含まれません。Lets you manage Redis caches, but not access to them.
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Cache/register/actionMicrosoft.Cache/register/action | "Microsoft.Cache" リソース プロバイダーをサブスクリプションに登録します。Registers the 'Microsoft.Cache' resource provider with a subscription |
| Microsoft.Cache/redis/*Microsoft.Cache/redis/* | Redis キャッシュの作成と管理Create and manage Redis caches |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Redis caches, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
"name": "e0f68234-74aa-48ed-b826-c38b57376e17",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cache/register/action",
"Microsoft.Cache/redis/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Redis Cache Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL DB ContributorSQL DB Contributor
SQL データベースを管理できます。ただし、それらへのアクセスは含まれません。Lets you manage SQL databases, but not access to them. また、セキュリティ関連のポリシーまたは親 SQL Server を管理することはできません。Also, you can't manage their security-related policies or their parent SQL servers. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* | SQL データベースの作成と管理Create and manage SQL databases |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | サーバーの一覧を返すか、指定されたサーバーのプロパティを取得します。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| NotActionsNotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 監査ポリシーの編集Edit audit policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 監査設定の編集Edit audit settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 接続ポリシーの編集Edit connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | データ マスク ポリシーの編集Edit data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | セキュリティ警告ポリシーの編集Edit security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | セキュリティ基準の編集Edit security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Sql/servers/read",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL DB Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL マネージド インスタンス共同作成者SQL Managed Instance Contributor
SQL マネージド インスタンスと必要なネットワーク構成を管理することができますが、他のユーザーにアクセス権を付与することはできません。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.
| アクションActions | 説明Description |
|---|---|
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/* | |
| Microsoft.Network/routeTables/*Microsoft.Network/routeTables/* | |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/* | |
| Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/* | |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/* | |
| Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/* | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"permissions": [
{
"actions": [
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/locations/instanceFailoverGroups/*",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Managed Instance Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL Security ManagerSQL Security Manager
SQL サーバーとデータベースのセキュリティ関連のポリシーを管理できます。ただし、それらへのアクセスは管理できません。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | ストレージ アカウントや SQL Database などのリソースをサブネットに結合します。Joins resource such as storage account or SQL database to a subnet. 警告不可能です。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | SQL サーバー監査ポリシーの作成と管理Create and manage SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | SQL サーバー監査設定の作成と管理Create and manage SQL server auditing setting |
| Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read | 指定されたサーバーで構成されている拡張サーバー BLOB 監査ポリシーの詳細を取得します。Retrieve details of the extended server blob auditing policy configured on a given server |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | SQL サーバー データベース監査ポリシーの作成と管理Create and manage SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | SQL サーバー データベース監査設定の作成と管理Create and manage SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | SQL サーバー データベース接続ポリシーの作成と管理Create and manage SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | SQL サーバー データベース データ マスク ポリシーの作成と管理Create and manage SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read | 指定されたデータベースで構成されている拡張 BLOB 監査ポリシーの詳細を取得します。Retrieve details of the extended blob auditing policy configured on a given database |
| Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read | データベースの一覧を返すか、指定されたデータベースのプロパティを取得します。Return the list of databases or gets the properties for the specified database. |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read | データベースのスキーマを取得します。Get a database schema. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read | データベースの列を取得します。Get a database column. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read | データベースのテーブルを取得します。Get a database table. |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | SQL サーバー データベース セキュリティの警告のポリシーの作成と管理Create and manage SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | SQL サーバー データベース セキュリティ基準の作成と管理Create and manage SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/* | |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | サーバーの一覧を返すか、指定されたサーバーのプロパティを取得します。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | SQL サーバー セキュリティの警告のポリシーの作成と管理Create and manage SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read | 特定の Azure Active Directory 管理者オブジェクトを取得しますGets a specific Azure Active Directory administrator object |
| Microsoft.Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/read",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/read",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/transparentDataEncryption/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/firewallRules/*",
"Microsoft.Sql/servers/read",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Support/*",
"Microsoft.Sql/servers/administrators/read",
"Microsoft.Sql/servers/azureADOnlyAuthentications/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Security Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL Server ContributorSQL Server Contributor
SQL サーバーとデータベースを管理できます。ただし、それらへのアクセスや、それらのセキュリティ関連ポリシーは管理できません。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/*Microsoft.Sql/servers/* | SQL サーバーの作成と管理Create and manage SQL servers |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| NotActionsNotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | SQL サーバー監査ポリシーの編集Edit SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | SQL サーバー監査設定の編集Edit SQL server auditing settings |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | SQL サーバー データベース監査ポリシーの編集Edit SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | SQL サーバー データベース監査設定の編集Edit SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | データベースの BLOB 監査レコードを取得します。Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | SQL サーバー データベース接続ポリシーの編集Edit SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | SQL サーバー データベース データ マスク ポリシーの編集Edit SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | SQL サーバー データベースのセキュリティ警告ポリシーの編集Edit SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | SQL サーバー データベースのセキュリティ基準の編集Edit SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | SQL サーバーのセキュリティ警告ポリシーの編集Edit SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete | 特定のサーバーの Azure Active Directory のみの認証オブジェクトを削除しますDeletes a specific server Azure Active Directory only authentication object |
| Microsoft.Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write | 特定のサーバーの Azure Active Directory 認証オブジェクトのみを追加または更新しますAdds or updates a specific server Azure Active Directory only authentication object |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/*",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/*",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
"Microsoft.Sql/servers/azureADOnlyAuthentications/write"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AnalyticsAnalytics
Azure Event Hubs データ所有者Azure Event Hubs Data Owner
Azure Event Hubs リソースへのフル アクセスを許可します。Allows for full access to Azure Event Hubs resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Event Hubs データ受信者Azure Event Hubs Data Receiver
Azure Event Hubs リソースへの受信アクセスを許可します。Allows receive access to Azure Event Hubs resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Event Hubs データ送信者Azure Event Hubs Data Sender
Azure Event Hubs リソースへの送信アクセスを許可します。Allows send access to Azure Event Hubs resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Factory ContributorData Factory Contributor
データ ファクトリまたデータ ファクトリ内の子リソースを作成し管理します。Create and manage data factories, as well as child resources within them. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* | Data Factory と Data Factory に含まれる子リソースを作成および管理します。Create and manage data factories, and child resources within them. |
| Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* | Data Factory と Data Factory に含まれる子リソースを作成および管理します。Create and manage data factories, and child resources within them. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write | eventSubscription を作成または更新します。Create or update an eventSubscription |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data PurgerData Purger
分析データを削除できます。詳細Can purge analytics data Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action | Application Insights からデータを削除します。Purging data from Application Insights |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | Log Analytics のデータの表示View log analytics data |
| Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action | ワークスペースから指定されたデータを削除します。Delete specified data from workspace |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight クラスター オペレーターHDInsight Cluster Operator
HDInsight クラスター構成の読み取りと変更を実行できます。Lets you read and modify HDInsight cluster configurations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action | HDInsight クラスター向けのアプリケーションを取得しますGet gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action | HDInsight クラスターのゲートウェイ設定を更新しますUpdate gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | デプロイ操作を取得または一覧表示します。Gets or lists deployment operations. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight ドメイン サービス共同作成者HDInsight Domain Services Contributor
HDInsight Enterprise セキュリティ パッケージに必要なドメイン サービス関連の操作の読み取り、作成、変更、および削除を行うことができます。詳細Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.AAD/*/readMicrosoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 共同作成者Log Analytics Contributor
Log Analytics 共同作成者は、すべての監視データを読み取り、監視設定を編集できます。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 監視設定の編集には、VM 拡張機能の VM への追加、Azure Storage からログの収集を設定できるようにするためのストレージ アカウント キーの読み取り、Automation アカウントの作成と構成、ソリューションの追加、すべての Azure リソースでの Azure Diagnostics の構成が含まれます。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| */read*/read | 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets. |
| Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/* | |
| Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | ストレージ アカウントのアクセス キーを一覧表示します。Lists the access keys for the storage accounts. |
| Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write | Azure Arc 拡張機能をインストールまたは更新されますInstalls or Updates an Azure Arc extensions |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.OperationalInsights/*Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/*Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 指定されたストレージ アカウントのアクセス キーを返します。Returns the access keys for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 閲覧者Log Analytics Reader
Log Analytics Reader は、すべての監視データの表示と検索、およびすべての Azure リソース上の Azure Diagnostics 構成の表示など、監視設定の表示を行うことができます。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| */read*/read | 機密データを除くあらゆる種類のリソースの読み取りRead resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 新しいエンジンを使用して検索します。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 検索クエリを実行します。Executes a search query |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read | ワークスペースの共有キーを取得します。Retrieves the shared keys for the workspace. これらのキーを使用して、Microsoft Operational Insights エージェントをワークスペースに接続します。These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Schema Registry Contributor (プレビュー)Schema Registry Contributor (Preview)
Schema Registry グループおよびスキーマの読み取り、書き込み、および削除を行います。Read, write, and delete Schema Registry groups and schemas.
| アクションActions | 説明Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Read, write, and delete Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
"name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/*"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Contributor (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Schema Registry Reader (プレビュー)Schema Registry Reader (Preview)
Schema Registry グループおよびスキーマの読み取りと一覧表示を行います。Read and list Schema Registry groups and schemas.
| アクションActions | 説明Description |
|---|---|
| Microsoft.EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read | SchemaGroup リソースの説明の一覧を取得しますGet list of SchemaGroup Resource Descriptions |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read | スキーマを取得するRetrieve schemas |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Read and list Schema Registry groups and schemas.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
"permissions": [
{
"actions": [
"Microsoft.EventHub/namespaces/schemagroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/namespaces/schemas/read"
],
"notDataActions": []
}
],
"roleName": "Schema Registry Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
ブロックチェーンBlockchain
ブロックチェーン メンバー ノードへのアクセス (プレビュー)Blockchain Member Node Access (Preview)
ブロックチェーン メンバー ノードにアクセスできるようにします。詳細Allows for access to Blockchain Member nodes Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read | 既存のブロックチェーン メンバーのトランザクション ノードを取得または一覧表示します。Gets or Lists existing Blockchain Member Transaction Node(s). |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action | ブロックチェーン メンバーのトランザクション ノードに接続します。Connects to a Blockchain Member Transaction Node. |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for access to Blockchain Member nodes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"permissions": [
{
"actions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
],
"notDataActions": []
}
],
"roleName": "Blockchain Member Node Access (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AI + 機械学習AI + machine learning
Cognitive Services 共同作成者Cognitive Services Contributor
Cognitive Services のキーの作成、読み取り、更新、削除、管理を行うことができます。Lets you create, read, update, delete and manage keys of Cognitive Services. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| Microsoft.Features/features/readMicrosoft.Features/features/read | サブスクリプションの機能を取得します。Gets the features of a subscription. |
| Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read | 指定されたリソース プロバイダーのサブスクリプションの機能を取得します。Gets the feature of a subscription in a given resource provider. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 分析サーバーの診断の設定の作成、更新、または読み取りを行いますCreates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | ログ定義を読み取ります。Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | デプロイ操作を取得または一覧表示します。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cognitive Services データ閲覧者 (プレビュー)Cognitive Services Data Reader (Preview)
Cognitive Services データを読み取ります。Lets you read Cognitive Services data.
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cognitive Services ユーザーCognitive Services User
Cognitive Services のキーの読み取りおよび一覧表示を行うことができます。Lets you read and list keys of Cognitive Services. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action | キーを一覧表示します。List Keys |
| Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read | クラシック メトリック アラートを読み取りますRead a classic metric alert |
| Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read | リソースの診断設定を読み取りますRead a resource diagnostic setting |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | ログ定義を読み取ります。Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | メトリック定義を読み取ります。Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | メトリックを読み取ります。Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | デプロイ操作を取得または一覧表示します。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | サブスクリプション操作の結果を取得します。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | サブスクリプションの一覧を取得します。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
複合現実Mixed reality
Remote Rendering 管理者Remote Rendering Administrator
ユーザーに、Azure Remote Rendering の変換、セッション管理、レンダリング、および診断の機能を提供します。詳細Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/actionMicrosoft.MixedReality/RemoteRenderingAccounts/convert/action | 資産の変換を開始しますStart asset conversion |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/readMicrosoft.MixedReality/RemoteRenderingAccounts/convert/read | 資産の変換プロパティを取得しますGet asset conversion properties |
| Microsoft.MixedReality/RemoteRenderingAccounts/convert/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/convert/delete | 資産の変換を停止しますStop asset conversion |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read | セッションのプロパティを取得しますGet session properties |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action | セッションを開始しますStart sessions |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete | セッションを停止しますStop sessions |
| Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read | セッションに接続しますConnect to a session |
| Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read | Remote Rendering インスペクターに接続しますConnect to the Remote Rendering inspector |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
"name": "3df8b902-2a6f-47c7-8cc5-360e9b272a7e",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/convert/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
],
"notDataActions": []
}
],
"roleName": "Remote Rendering Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Remote Rendering クライアントRemote Rendering Client
ユーザーに、Azure Remote Rendering でのセッション管理、レンダリング、および診断の機能を提供します。Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/readMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/read | セッションのプロパティを取得しますGet session properties |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/actionMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/action | セッションを開始しますStart sessions |
| Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/deleteMicrosoft.MixedReality/RemoteRenderingAccounts/managesessions/delete | セッションを停止しますStop sessions |
| Microsoft.MixedReality/RemoteRenderingAccounts/render/readMicrosoft.MixedReality/RemoteRenderingAccounts/render/read | セッションに接続しますConnect to a session |
| Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/readMicrosoft.MixedReality/RemoteRenderingAccounts/diagnostic/read | Remote Rendering インスペクターに接続しますConnect to the Remote Rendering inspector |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a",
"name": "d39065c4-c120-43c9-ab0a-63eed9795f0a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/action",
"Microsoft.MixedReality/RemoteRenderingAccounts/managesessions/delete",
"Microsoft.MixedReality/RemoteRenderingAccounts/render/read",
"Microsoft.MixedReality/RemoteRenderingAccounts/diagnostic/read"
],
"notDataActions": []
}
],
"roleName": "Remote Rendering Client",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Spatial Anchors アカウント共同作成者Spatial Anchors Account Contributor
アカウントで空間アンカーを管理できますが、削除することはできません。詳細Lets you manage spatial anchors in your account, but not delete them Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 空間アンカーを作成します。Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 近くにある空間アンカーを検出します。Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 空間アンカーのプロパティを取得します。Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 空間アンカーを探します。Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 空間アンカーのプロパティを更新します。Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, but not delete them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Spatial Anchors アカウント所有者Spatial Anchors Account Owner
アカウントで空間アンカーを管理できます。削除も可能です。詳細Lets you manage spatial anchors in your account, including deleting them Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 空間アンカーを作成します。Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete | 空間アンカーを削除します。Delete spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 近くにある空間アンカーを検出します。Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 空間アンカーのプロパティを取得します。Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 空間アンカーを探します。Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 空間アンカーのプロパティを更新します。Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, including deleting them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
"name": "70bbe301-9835-447d-afdd-19eb3167307c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Spatial Anchors アカウント閲覧者Spatial Anchors Account Reader
アカウントで空間アンカーのプロパティを検索して読み取ることができます。詳細Lets you locate and read properties of spatial anchors in your account Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 近くにある空間アンカーを検出します。Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 空間アンカーのプロパティを取得します。Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 空間アンカーを探します。Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | Azure Spatial Anchors サービスの品質を改善するために診断データを送信します。Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you locate and read properties of spatial anchors in your account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
"name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
統合Integration
API Management Service ContributorAPI Management Service Contributor
サービスと API を管理できます。詳細Can manage service and the APIs Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* | API Management サービスの作成と管理Create and manage API Management service |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API Management Service Operator RoleAPI Management Service Operator Role
サービスを管理できますが、API は対象外です。詳細Can manage service but not the APIs Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | API Management サービス インスタンスの読み取りRead API Management Service instances |
| Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action | ユーザーが指定したストレージ アカウント内の指定されたコンテナーに API Management サービスをバックアップします。Backup API Management Service to the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete | API Management サービス インスタンスを削除します。Delete API Management Service instance |
| Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action | SKU/ユニット数を変更し、API Management サービスのリージョン デプロイを追加または削除します。Change SKU/units, add/remove regional deployments of API Management Service |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | API Management サービス インスタンスのメタデータの読み取りRead metadata for an API Management Service instance |
| Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action | ユーザーが指定したストレージ アカウント内の指定されたコンテナーからの API Management サービスの復元Restore API Management Service from the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action | API Management サービスの TLS/SSL 証明書をアップロードします。Upload TLS/SSL certificate for an API Management Service |
| Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action | API Management サービスのカスタム ドメイン名を設定、更新、または削除します。Setup, update or remove custom domain names for an API Management Service |
| Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write | API Management サービスのインスタンスが作成または更新されますCreate or Update API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | ユーザーに関連付けられたキーを取得しますGet keys associated with user |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API Management Service Reader RoleAPI Management Service Reader Role
サービスと API への読み取り専用アクセスです。詳細Read-only access to service and APIs Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | API Management サービス インスタンスの読み取りRead API Management Service instances |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | API Management サービス インスタンスのメタデータの読み取りRead metadata for an API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 指定されたスコープのすべてのリソースの利用状況を取得します。Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | ユーザーに関連付けられたキーを取得しますGet keys associated with user |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
App Configuration データ所有者App Configuration Data Owner
App Configuration データへのフル アクセスを許可します。Allows full access to App Configuration data. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write | |
| Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
App Configuration データ閲覧者App Configuration Data Reader
App Configuration データへの読み取りアクセスを許可します。Allows read access to App Configuration data. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus データ所有者Azure Service Bus Data Owner
Azure Service Bus リソースへのフル アクセスを許可します。Allows for full access to Azure Service Bus resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus データ受信者Azure Service Bus Data Receiver
Azure Service Bus リソースへの受信アクセスを許可します。Allows for receive access to Azure Service Bus resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Service Bus データ送信者Azure Service Bus Data Sender
Azure Service Bus リソースへの送信アクセスを許可します。Allows for send access to Azure Service Bus resources. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack Registration OwnerAzure Stack Registration Owner
Azure Stack の登録を管理できます。Lets you manage Azure Stack registrations.
| アクションActions | 説明Description |
|---|---|
| Microsoft.AzureStack/edgeSubscriptions/readMicrosoft.AzureStack/edgeSubscriptions/read | |
| Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action | |
| Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read | Azure Stack Marketplace の製品のプロパティを取得しますGets the properties of an Azure Stack Marketplace product |
| Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read | Azure Stack の登録のプロパティを取得しますGets the properties of an Azure Stack registration |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 共同作成者EventGrid EventSubscription Contributor
EventGrid のイベント サブスクリプション操作を管理できます。Lets you manage EventGrid event subscription operations. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/* | |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | グローバル イベント サブスクリプションをトピックの種類ごとに一覧表示しますList global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | リージョンのイベント サブスクリプションを一覧表示しますList regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | リージョンのイベント サブスクリプションを topictype ごとに一覧表示しますList regional event subscriptions by topictype |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | クラシック メトリック アラートの作成と管理Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | デプロイの作成と管理Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | サポート チケットの作成と更新Create and update a support ticket |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 閲覧者EventGrid EventSubscription Reader
EventGrid のイベント サブスクリプションを読み取ることができます。Lets you read EventGrid event subscriptions. 詳細情報Learn more
| アクションActions | 説明Description |
|---|---|
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | ロールとロール割り当ての読み取りRead roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read | eventSubscription を削除します。Read an eventSubscription |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | グローバル イベント サブスクリプションをトピックの種類ごとに一覧表示しますList global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | リージョンのイベント サブスクリプションを一覧表示しますList regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | リージョンのイベント サブスクリプションを topictype ごとに一覧表示しますList regional event subscriptions by topictype |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | リソース グループを取得または一覧表示します。Gets or lists resource groups. |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| "なし"none | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR データ共同作成者FHIR Data Contributor
ユーザーまたはプリンシパルに FHIR データへのフル アクセスを許可するロールです。詳細Role allows user or principal full access to FHIR Data Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/* | |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal full access to FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd",
"name": "5a1fc7df-4bf1-4951-a576-89034ee01acd",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/*"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR データ エクスポーターFHIR Data Exporter
ユーザーまたはプリンシパルに FHIR データの読み取りとエクスポートを許可するロールです。詳細Role allows user or principal to read and export FHIR Data Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read | FHIR リソースを読み取ります (検索とバージョン管理された履歴を含みます)。Read FHIR resources (includes searching and versioned history). |
| Microsoft.HealthcareApis/services/fhir/resources/export/actionMicrosoft.HealthcareApis/services/fhir/resources/export/action | エクスポート操作 ($export)。Export operation ($export). |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read and export FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843",
"name": "3db33094-8700-4567-8da5-1501d4e7e843",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read",
"Microsoft.HealthcareApis/services/fhir/resources/export/action"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Exporter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR データ リーダーFHIR Data Reader
ユーザーまたはプリンシパルに FHIR データの読み取りを許可するロールです。詳細Role allows user or principal to read FHIR Data Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/readMicrosoft.HealthcareApis/services/fhir/resources/read | FHIR リソースを読み取ります (検索とバージョン管理された履歴を含みます)。Read FHIR resources (includes searching and versioned history). |
| NotDataActionsNotDataActions | |
| "なし"none |
{
"assignableScopes": [
"/"
],
"description": "Role allows user or principal to read FHIR Data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"name": "4c8d0bbc-75d3-4935-991f-5f3c56d81508",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.HealthcareApis/services/fhir/resources/read"
],
"notDataActions": []
}
],
"roleName": "FHIR Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
FHIR データ ライターFHIR Data Writer
ユーザーまたはプリンシパルに FHIR データの読み取りと書き込みを許可するロールです。詳細Role allows user or principal to read and write FHIR Data Learn more
| アクションActions | 説明Description |
|---|---|
| "なし"none | |
| NotActionsNotActions | |
| "なし"none | |
| DataActionsDataActions | |
| Microsoft.HealthcareApis/services/fhir/resources/*Microsoft.HealthcareApis/services/fhir/resources/* | |