Azure 기본 제공 역할Azure built-in roles

Azure RBAC(역할 기반 액세스 제어)는 사용자, 그룹, 서비스 주체 및 관리 ID에 할당할 수 있는 여러 가지 Azure 기본 제공 역할을 제공합니다.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. 역할 할당은 Azure 리소스에 대한 액세스를 제어하는 방법입니다.Role assignments are the way you control access to Azure resources. 기본 제공 역할이 조직의 특정 요구 사항을 충족하지 않는 경우 Azure 사용자 지정 역할을 만들면 됩니다.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

이 문서에는 Azure 기본 제공 역할 목록이 포함되어 있으며, 이 목록은 지속적으로 업데이트됩니다.This article lists the Azure built-in roles, which are always evolving. 최신 역할을 가져오려면 Get-AzRoleDefinition 또는 az role definition list를 사용합니다.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Azure AD(Azure Active Directory)의 관리자 역할을 찾고 있는 경우 Azure Active Directory의 관리자 역할 권한을 참조하세요.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

다음 표에서는 각 기본 제공 역할에 대한 간략한 설명과 고유 ID를 제공합니다.The following table provides a brief description and the unique ID of each built-in role. 각 역할의 Actions, NotActions, DataActionsNotDataActions 목록을 보려면 역할 이름을 클릭합니다.Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 이러한 작업의 의미와 작업이 관리 및 데이터 평면에 적용되는 방식에 대한 자세한 내용은 Azure 리소스에 대한 역할 정의 이해를 참조하세요.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

모두All

기본 제공 역할Built-in role DescriptionDescription IDID
일반General
기여자Contributor 모든 리소스를 관리할 수 있는 모든 권한을 부여 하지만, Azure RBAC에서 역할을 할당 하거나, Azure 청사진의 할당을 관리 하거나, 이미지 갤러리를 공유할 수 없습니다.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
소유자Owner Azure RBAC에서 역할을 할당 하는 기능을 포함 하 여 모든 리소스를 관리할 수 있는 모든 권한을 부여 합니다.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
판독기Reader 모든 리소스를 볼 수 있지만 변경할 수는 없습니다.View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
사용자 액세스 관리자User Access Administrator Azure 리소스에 대한 사용자 액세스를 관리할 수 있습니다.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
컴퓨팅Compute
Classic Virtual Machine 참가자Classic Virtual Machine Contributor 클래식 가상 머신을 관리할 수 있지만 가상 머신이나 연결된 가상 네트워크 또는 스토리지 계정에 액세스할 수는 없습니다.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
가상 머신 관리자 로그인Virtual Machine Administrator Login 포털에서 Virtual Machines를 보고 관리자 권한으로 로그인합니다.View Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Virtual Machine 참가자Virtual Machine Contributor 가상 머신을 관리할 수 있지만 가상머신이나 연결된 가상 네트워크 또는 스토리지 계정에 액세스할 수는 없습니다.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
가상 머신 사용자 로그인Virtual Machine User Login 포털에서 Virtual Machines를 보고 일반 사용자 권한으로 로그인합니다.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
네트워킹Networking
CDN 엔드포인트 기여자CDN Endpoint Contributor CDN 엔드포인트를 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN 엔드포인트 독자CDN Endpoint Reader CDN 엔드포인트를 볼 수 있지만 변경할 수는 없습니다.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
CDN 프로필 기여자CDN Profile Contributor CDN 프로필과 해당 엔드포인트를 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN 프로필 독자CDN Profile Reader CDN 프로필과 해당 엔드포인트를 볼 수 있지만 변경할 수는 없습니다.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
클래식 네트워크 기여자Classic Network Contributor 기본 네트워크를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
DNS 영역 참가자DNS Zone Contributor Azure DNS의 DNS 영역과 레코드 집합을 관리할 수 있지만 액세스할 수 있는 사람을 제어할 수는 없습니다.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
네트워크 기여자Network Contributor 네트워크를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
사설 DNS 영역 기여자Private DNS Zone Contributor 개인 DNS 영역 리소스를 관리할 수 있지만 연결 된 가상 네트워크는 관리할 수 없습니다.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Traffic Manager 기여자Traffic Manager Contributor Traffic Manager 프로필을 관리할 수 있지만 액세스할 수 있는 사람을 제어할 수는 없습니다.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
스토리지Storage
Avere 기여자Avere Contributor Avere vFXT 클러스터를 만들고 관리할 수 있습니다.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere 운영자Avere Operator Avere vFXT 클러스터에서 클러스터를 관리하는 데 사용됩니다.Used by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Backup 기여자Backup Contributor 백업 서비스를 관리할 수 있지만, 자격 증명 모음을 만들고 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Lets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Backup 운영자Backup Operator 백업 제거를 제외한 백업 서비스를 관리하고 자격 증명 모음 만들고 다른 사람에게 액세스 권한을 부여할 수 있습니다.Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Backup 읽기 권한자Backup Reader 백업 서비스를 볼 수 있지만 변경할 수는 없습니다.Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
클래식 Storage 계정 기여자Classic Storage Account Contributor 클래식 Storage 계정을 관리할 수 있지만 여기에 액세스할 수는 없습니다.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
클래식 스토리지 계정 키 운영자 서비스 역할Classic Storage Account Key Operator Service Role 클래식 스토리지 계정 키 운영자가 클래식 스토리지 계정에서 키를 나열하고 다시 생성할 수 있습니다.Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Data Box 기여자Data Box Contributor 다른 사람에게 액세스 권한을 부여하는 것을 제외한 모든 항목을 Data Box 서비스에서 관리할 수 있습니다.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Data Box 읽기 권한자Data Box Reader 주문하기나 주문 세부 정보 편집 및 다른 사용자에게 액세스 권한 부여 외에 Data Box 서비스를 관리할 수 있습니다.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Data Lake Analytics 개발자Data Lake Analytics Developer 사용자 자신의 작업을 제출, 모니터링 및 관리할 수 있지만 Data Lake Analytics 계정을 만들거나 삭제할 수는 없습니다.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
읽기 권한자 및 데이터 액세스Reader and Data Access 모든 것을 볼 수 있지만, 스토리지 계정 또는 포함된 리소스를 삭제하거나 만들 수는 없습니다.Lets you view everything but will not let you delete or create a storage account or contained resource. 또한 스토리지 계정 키에 액세스하여 스토리지 계정에 포함된 모든 데이터를 읽고 쓸 수 있습니다.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Storage 계정 기여자Storage Account Contributor 스토리지 계정을 관리할 수 있도록 허용합니다.Permits management of storage accounts. 공유 키 권한 부여를 통해 데이터에 액세스하는 데 사용할 수 있는 계정 키에 대한 액세스 권한을 제공합니다.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
스토리지 계정 키 운영자 서비스 역할Storage Account Key Operator Service Role 스토리지 계정 액세스 키를 나열하고 다시 생성할 수 있도록 허용합니다.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Storage Blob 데이터 기여자Storage Blob Data Contributor Azure Storage 컨테이너 및 BLOB을 읽고, 쓰고, 삭제합니다.Read, write, and delete Azure Storage containers and blobs. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Storage Blob 데이터 소유자Storage Blob Data Owner POSIX 액세스 제어 할당을 포함하여 Azure Storage BLOB 컨테이너 및 데이터에 대한 모든 액세스 권한을 제공합니다.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Storage Blob 데이터 읽기 권한자Storage Blob Data Reader Azure Storage 컨테이너 및 BLOB을 읽고 나열합니다.Read and list Azure Storage containers and blobs. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Storage Blob 위임자Storage Blob Delegator Azure AD 자격 증명으로 서명된 컨테이너 또는 BLOB의 공유 액세스 서명을 만드는 데 사용할 수 있는 사용자 위임 키를 가져옵니다.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 자세한 내용은 사용자 위임 SAS 만들기를 참조하세요.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Storage 파일 데이터 SMB 공유 기여자Storage File Data SMB Share Contributor Azure 파일 공유의 파일/디렉터리에 대한 읽기, 쓰기 및 삭제 액세스를 허용합니다.Allows for read, write, and delete access on files/directories in Azure file shares. Windows 파일 서버에는 이 역할에 상응하는 기본 제공 역할이 없습니다.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Storage 파일 데이터 SMB 공유 높은 권한 기여자Storage File Data SMB Share Elevated Contributor Azure 파일 공유의 파일/디렉터리에 대한 ACL을 읽고, 쓰고, 삭제하고, 수정할 수 있습니다.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 이 역할은 Windows 파일 서버의 변경 내용에 대한 파일 공유 ACL에 해당합니다.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Storage 파일 데이터 SMB 공유 읽기 권한자Storage File Data SMB Share Reader Azure 파일 공유의 파일/디렉터리에 대한 읽기 액세스를 허용합니다.Allows for read access on files/directories in Azure file shares. 이 역할은 Windows 파일 서버에 대한 파일 공유 ACL 읽기에 해당합니다.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Storage 큐 데이터 기여자Storage Queue Data Contributor Azure Storage 큐 및 큐 메시지를 읽고, 쓰고, 삭제할 수 있습니다.Read, write, and delete Azure Storage queues and queue messages. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Storage 큐 데이터 메시지 처리자Storage Queue Data Message Processor Azure Storage 큐의 메시지를 선택, 검색 및 삭제할 수 있습니다.Peek, retrieve, and delete a message from an Azure Storage queue. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Storage 큐 데이터 메시지 보내는 사람Storage Queue Data Message Sender Azure Storage 큐에 메시지를 추가할 수 있습니다.Add messages to an Azure Storage queue. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Storage 큐 데이터 읽기 권한자Storage Queue Data Reader Azure Storage 큐 및 큐 메시지를 읽고 나열할 수 있습니다.Read and list Azure Storage queues and queue messages. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Azure Maps 데이터 기여자Azure Maps Data Contributor Azure maps 계정에서 관련 데이터를 매핑하기 위한 읽기, 쓰기 및 삭제 액세스 권한을 부여 합니다.Grants access to read, write, and delete access to map related data from an Azure maps account. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Azure Maps 데이터 읽기 권한자Azure Maps Data Reader Azure 맵 계정에서 맵 관련 데이터를 읽을 수 있는 액세스 권한을 부여합니다.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Search 서비스 기여자Search Service Contributor Search 서비스를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
SignalR AccessKey 판독기SignalR AccessKey Reader SignalR 서비스 액세스 키 읽기Read SignalR Service Access Keys 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e
SignalR App 서버 (미리 보기)SignalR App Server (Preview) 앱 서버에서 AAD 인증 옵션을 사용 하 여 SignalR Service에 액세스할 수 있습니다.Lets your app server access SignalR Service with AAD auth options. 420fcaa2-552c-430f-98c-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7
SignalR 기여자SignalR Contributor SignalR service 리소스를 만들고, 읽고, 업데이트 하 고, 삭제 합니다.Create, Read, Update, and Delete SignalR service resources 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
SignalR 서버를 사용 하지 않는 참가자 (미리 보기)SignalR Serverless Contributor (Preview) AAD 인증 옵션을 사용 하 여 앱이 서버 리스 모드에서 서비스에 액세스할 수 있도록 합니다.Lets your app access service in serverless mode with AAD auth options. fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521
SignalR 서비스 소유자 (미리 보기)SignalR Service Owner (Preview) Azure SignalR Service REST Api에 대 한 모든 권한Full access to Azure SignalR Service REST APIs 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3
SignalR Service Reader (미리 보기)SignalR Service Reader (Preview) Azure SignalR Service REST Api에 대 한 읽기 전용 액세스Read-only access to Azure SignalR Service REST APIs ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035
웹 계획 참가자Web Plan Contributor 웹 사이트의 웹 계획을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
웹 사이트 기여자Website Contributor 웹 사이트(웹 계획은 제외)를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
컨테이너Containers
AcrDeleteAcrDelete acr 삭제acr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner acr 이미지 서명자acr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull acr pullacr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush acr pushacr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader acr 격리 데이터 읽기 권한자acr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter acr 격리 데이터 작성자acr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Azure Kubernetes Service 클러스터 관리자 역할Azure Kubernetes Service Cluster Admin Role 클러스터 관리자 자격 증명 작업을 나열합니다.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Azure Kubernetes Service 클러스터 사용자 역할Azure Kubernetes Service Cluster User Role 클러스터 사용자 자격 증명 작업을 나열합니다.List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Azure Kubernetes Service 기여자 역할Azure Kubernetes Service Contributor Role Azure Kubernetes 서비스 클러스터를 읽고 쓸 수 있는 액세스 권한을 부여 합니다.Grants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Azure Kubernetes 서비스 RBAC 관리자Azure Kubernetes Service RBAC Admin 리소스 할당량 및 네임 스페이스 업데이트 또는 삭제를 제외 하 고 클러스터/네임 스페이스 아래의 모든 리소스를 관리할 수 있습니다.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Azure Kubernetes 서비스 RBAC 클러스터 관리자Azure Kubernetes Service RBAC Cluster Admin 클러스터의 모든 리소스를 관리할 수 있습니다.Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Azure Kubernetes 서비스 RBAC 판독기Azure Kubernetes Service RBAC Reader 읽기 전용 액세스를 허용 하 여 네임 스페이스의 대부분의 개체를 표시 합니다.Allows read-only access to see most objects in a namespace. 역할 또는 역할 바인딩을 볼 수 없습니다.It does not allow viewing roles or role bindings. 비밀의 콘텐츠를 읽으면 네임 스페이스의 ServiceAccount 자격 증명에 액세스할 수 있으므로이 역할은 암호 보기를 허용 하지 않습니다 .이는 네임 스페이스의 모든 ServiceAccount (권한 상승 형태)로 API 액세스를 허용 합니다.This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). 클러스터 범위에서이 역할을 적용 하면 모든 네임 스페이스에 대 한 액세스 권한이 부여 됩니다.Applying this role at cluster scope will give access across all namespaces. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Azure Kubernetes 서비스 RBAC 기록기Azure Kubernetes Service RBAC Writer 네임 스페이스의 대부분의 개체에 대 한 읽기/쓰기 액세스를 허용 합니다. 이 역할은 역할이 나 역할 바인딩을 보거나 수정할 수 없습니다.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. 그러나이 역할을 사용 하 여 네임 스페이스의 ServiceAccount로 Pod를 실행 하 고 암호에 액세스할 수 있으므로 네임 스페이스에 있는 모든 ServiceAccount의 API 액세스 수준을 얻을 수 있습니다.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. 클러스터 범위에서이 역할을 적용 하면 모든 네임 스페이스에 대 한 액세스 권한이 부여 됩니다.Applying this role at cluster scope will give access across all namespaces. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
데이터베이스Databases
Cosmos DB 계정 독자 역할Cosmos DB Account Reader Role Azure Cosmos DB 계정 데이터를 읽을 수 있음.Can read Azure Cosmos DB account data. Azure Cosmos DB 계정 관리는 DocumentDB 계정 참가자를 참조하세요.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB 운영자Cosmos DB Operator Azure Cosmos DB 계정을 관리할 수 있지만 계정의 데이터에 액세스할 수는 없습니다.Lets you manage Azure Cosmos DB accounts, but not access data in them. 계정 키 및 연결 문자열에 대한 액세스를 차단합니다.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Cosmos DB 데이터베이스 또는 계정의 컨테이너에 대한 복원 요청을 제출할 수 있습니다.Can submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperatorCosmosRestoreOperator 연속 백업 모드를 사용 하 여 Cosmos DB 데이터베이스 계정에 대 한 복원 작업을 수행할 수 있습니다.Can perform restore action for Cosmos DB database account with continuous backup mode 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f
DocumentDB 계정 기여자DocumentDB Account Contributor Azure Cosmos DB 계정을 관리할 수 있습니다.Can manage Azure Cosmos DB accounts. Azure Cosmos DB는 이전의 DocumentDB입니다.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Redis Cache 참가자Redis Cache Contributor Redis Cache를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
SQL DB 기여자SQL DB Contributor SQL 데이터베이스를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage SQL databases, but not access to them. 또한 보안 관련 정책이나 부모 SQL 서버를 관리할 수 없습니다.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
SQL Managed Instance 기여자SQL Managed Instance Contributor SQL Managed Instances 및 필수 네트워크 구성을 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL 보안 관리자SQL Security Manager SQL Server 및 데이터베이스의 보안과 관련된 정책을 관리할 수 있지만 여기에 액세스할 수는 없습니다.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
SQL Server 기여자SQL Server Contributor SQL Server 및 데이터베이스를 관리할 수 있지만 액세스할 수는 없으며, 해당하는 보안 관련 정책에도 액세스할 수 없습니다.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
분석Analytics
Azure Event Hubs 데이터 소유자Azure Event Hubs Data Owner Azure Event Hubs 리소스에 대한 전체 액세스를 허용합니다.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure Event Hubs 데이터 받는 사람Azure Event Hubs Data Receiver Azure Event Hubs 리소스에 대한 받기 액세스 권한을 허용합니다.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure Event Hubs 데이터 보내는 사람Azure Event Hubs Data Sender Azure Event Hubs 리소스에 대한 보내기 액세스 권한을 허용합니다.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Data Factory 참가자Data Factory Contributor 데이터 팩터리를 만들고 관리하며 해당 하위 리소스도 만들고 관리합니다.Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
데이터 제거자Data Purger 분석 데이터를 제거할 수 있습니다.Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
HDInsight 클러스터 운영자HDInsight Cluster Operator HDInsight 클러스터 구성을 읽고 수정할 수 있습니다.Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
HDInsight 도메인 서비스 기여자HDInsight Domain Services Contributor HDInsight Enterprise Security Package에 필요한 도메인 서비스 관련 작업을 읽고, 만들고, 수정하고, 삭제할 수 있음Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Log Analytics 기여자Log Analytics Contributor Log Analytics 참가자는 모든 모니터링 데이터를 읽고 모니터링 설정을 편집할 수 있습니다.Log Analytics Contributor can read all monitoring data and edit monitoring settings. 모니터링 설정 편집에는 VM에 VM 확장 추가, Azure Storage에서 로그 컬렉션을 구성할 수 있는 스토리지 계정 키 읽기, Automation 계정 생성 및 구성, 솔루션 추가 및 모든 Azure 리소스에 대한 Azure 진단을 구성하는 기능도 포함되어 있습니다.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics 독자Log Analytics Reader Log Analytics 독자는 모든 Azure 리소스에 대한 Azure 진단의 구성 보기를 비롯하여 모니터링 설정 보기 및 모든 모니터링 데이터를 보고 검색할 수 있습니다.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
부서의 범위 Data 큐레이터Purview Data Curator 부서의 범위 데이터 큐레이터는 카탈로그 데이터 개체를 만들고, 읽고, 수정 하 고, 삭제 하 고, 개체 간의 관계를 설정할 수 있습니다.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change. 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347
부서의 범위 데이터 판독기Purview Data Reader 부서의 범위 데이터 판독기는 카탈로그 데이터 개체를 읽을 수 있습니다.The Microsoft.Purview data reader can read catalog data objects. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change. ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db
부서의 범위 데이터 원본 관리자Purview Data Source Administrator 부서의 범위 데이터 원본 관리자는 데이터 원본 및 데이터 검색을 관리할 수 있습니다.The Microsoft.Purview data source administrator can manage data sources and data scans. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change. 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803
스키마 레지스트리 기여자(미리 보기)Schema Registry Contributor (Preview) 스키마 레지스트리 그룹 및 스키마를 읽고, 쓰고, 삭제합니다.Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
스키마 레지스트리 판독기(미리 보기)Schema Registry Reader (Preview) 스키마 레지스트리 그룹 및 스키마를 읽고 나열합니다.Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
블록체인Blockchain
블록체인 멤버 노드 액세스(미리 보기)Blockchain Member Node Access (Preview) 블록체인 멤버 노드에 액세스할 수 있습니다.Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
AI + 기계 학습AI + machine learning
Cognitive Services 기여자Cognitive Services Contributor Cognitive Services의 키를 만들고, 읽고, 업데이트하고, 삭제 및 관리할 수 있습니다.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Cognitive Services Custom Vision 기여자Cognitive Services Custom Vision Contributor 프로젝트를 보거나, 만들거나, 편집 하거나, 삭제할 수 있는 기능을 포함 하 여 프로젝트에 대 한 모든 권한을 제공 합니다.Full access to the project, including the ability to view, create, edit, or delete projects. c1ff6cc2-c111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
Cognitive Services Custom Vision 배포Cognitive Services Custom Vision Deployment 모델 게시, 게시 취소 또는 내보내기Publish, unpublish or export models. 배포에서 프로젝트를 볼 수는 있지만 업데이트할 수는 없습니다.Deployment can view the project but can't update. 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f
Cognitive Services Custom Vision LabelerCognitive Services Custom Vision Labeler 이미지 태그를 보고 편집 하며 이미지 태그를 만들거나 추가, 제거 또는 삭제 합니다.View, edit training images and create, add, remove, or delete the image tags. Labelers는 프로젝트를 볼 수 있지만 학습 이미지 및 태그 이외의 항목을 업데이트할 수 없습니다.Labelers can view the project but can't update anything other than training images and tags. 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c
Cognitive Services Custom Vision 판독기Cognitive Services Custom Vision Reader 프로젝트의 읽기 전용 작업입니다.Read-only actions in the project. 판독기에서 프로젝트를 만들거나 업데이트할 수 없습니다.Readers can't create or update the project. 93586559-c37d-4a6b-ba08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73
Cognitive Services Custom Vision 교육 담당자Cognitive Services Custom Vision Trainer 모델을 게시, 게시 취소, 내보내는 기능을 포함 하 여 프로젝트를 보고 편집 하 고 모델을 학습 합니다.View, edit projects and train the models, including the ability to publish, unpublish, export the models. 강사는 프로젝트를 만들거나 삭제할 수 없습니다.Trainers can't create or delete the project. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
Cognitive Services 데이터 읽기 권한자(미리 보기)Cognitive Services Data Reader (Preview) Cognitive Services 데이터를 읽을 수 있습니다.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Cognitive Services 메트릭 관리자 관리자Cognitive Services Metrics Advisor Administrator 시스템 수준 구성을 포함 하 여 프로젝트에 대 한 모든 권한Full access to the project, including the system level configuration. cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a
Cognitive Services QnA Maker 편집기Cognitive Services QnA Maker Editor KB를 만들고, 편집 하 고, 가져오고, 내보낼 수 있습니다.Let's you create, edit, import and export a KB. KB를 게시 하거나 삭제할 수 없습니다.You cannot publish or delete a KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025
Cognitive Services QnA Maker 판독기Cognitive Services QnA Maker Reader KB만 읽고 테스트할 수 있습니다.Let's you read and test a KB only. 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126
Cognitive Services 사용자Cognitive Services User Cognitive Services의 키를 읽고 나열할 수 있습니다.Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
혼합 현실Mixed reality
원격 렌더링 관리자Remote Rendering Administrator Azure 원격 렌더링을 위한 변환, 관리 세션, 렌더링 및 진단 기능을 사용자에 게 제공 합니다.Provides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
원격 렌더링 클라이언트Remote Rendering Client Azure 원격 렌더링을 위한 관리 세션, 렌더링 및 진단 기능을 사용자에 게 제공 합니다.Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Spatial Anchors 계정 기여자Spatial Anchors Account Contributor 계정의 공간 앵커를 관리할 수 있지만 삭제할 수는 없습니다.Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Spatial Anchors 계정 소유자Spatial Anchors Account Owner 계정의 공간 앵커를 관리할 수 있고 삭제할 수도 있습니다.Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Spatial Anchors 계정 읽기 권한자Spatial Anchors Account Reader 계정의 공간 앵커 속성을 찾아서 읽을 수 있습니다.Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
통합Integration
API Management 서비스 참가자API Management Service Contributor 서비스 및 API를 관리할 수 있습니다.Can manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
API Management 서비스 운영자 역할API Management Service Operator Role 서비스를 관리할 수 있지만 API는 관리할 수 없습니다.Can manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Azure API Management 읽기 권한자 역할API Management Service Reader Role 서비스 및 API에 대한 읽기 전용 액세스Read-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
App Configuration 데이터 소유자App Configuration Data Owner App Configuration 데이터에 대한 모든 액세스 권한을 허용합니다.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
App Configuration 데이터 읽기 권한자App Configuration Data Reader App Configuration 데이터에 대한 읽기 액세스 권한을 허용합니다.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Azure Service Bus 데이터 소유자Azure Service Bus Data Owner Azure Service Bus 리소스에 대한 전체 액세스를 허용합니다.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure Service Bus 데이터 받는 사람Azure Service Bus Data Receiver Azure Service Bus 리소스에 대한 받기 액세스 권한을 허용합니다.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure Service Bus 데이터 보내는 사람Azure Service Bus Data Sender Azure Service Bus 리소스에 대한 보내기 액세스 권한을 허용합니다.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Azure Stack 등록 소유자Azure Stack Registration Owner Azure Stack 등록을 관리할 수 있습니다.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
EventGrid EventSubscription 기여자EventGrid EventSubscription Contributor EventGrid 이벤트 구독 작업을 관리할 수 있습니다.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription 읽기 권한자EventGrid EventSubscription Reader EventGrid 이벤트 구독을 읽을 수 있습니다.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
데이터 기여자FHIR Data Contributor 역할을 통해 사용자 또는 보안 주체가 FHIR 데이터에 대 한 모든 액세스를 허용 합니다.Role allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
데이터 내보내기 (& e)FHIR Data Exporter 역할을 통해 사용자 또는 보안 주체가 FHIR 데이터를 읽고 내보낼 수 있음Role allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
데이터 판독기FHIR Data Reader 역할을 통해 사용자 또는 보안 주체가 FHIR 데이터를 읽을 수 있습니다.Role allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
데이터 기록기FHIR Data Writer 역할을 통해 사용자 또는 보안 주체가 FHIR 데이터를 읽고 쓸 수 있습니다.Role allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
통합 서비스 환경 참가자Integration Service Environment Contributor Integration service 환경을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
통합 서비스 환경 개발자Integration Service Environment Developer 개발자가 통합 서비스 환경에서 워크플로, 통합 계정 및 API 연결을 만들고 업데이트할 수 있습니다.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
지능형 시스템 계정 기여자Intelligent Systems Account Contributor 인텔리전트 시스템 계정을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
논리 앱 기여자Logic App Contributor 논리 앱을 관리할 수 있지만 앱을 변경할 수는 없습니다.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
논리 앱 운영자Logic App Operator 논리 앱을 읽고 사용하도록 설정하고 사용하지 않도록 설정할 수 있지만 편집하거나 업데이트할 수는 없습니다.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IDIdentity
관리 ID 기여자Managed Identity Contributor 사용자 할당 ID를 만들고, 읽고, 업데이트하고, 삭제합니다.Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
관리 ID 운영자Managed Identity Operator 사용자 할당 ID를 읽고 할당합니다.Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
보안Security
증명 참여자Attestation Contributor 증명 공급자 인스턴스 쓰기 또는 삭제를 읽을 수 있습니다.Can read write or delete the attestation provider instance bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e
증명 판독기Attestation Reader 증명 공급자 속성을 읽을 수 있습니다.Can read the attestation provider properties fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Azure Sentinel 기여자Azure Sentinel Contributor Azure Sentinel 기여자Azure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel 읽기 권한자Azure Sentinel Reader Azure Sentinel 읽기 권한자Azure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel 응답자Azure Sentinel Responder Azure Sentinel 응답자Azure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Key Vault 관리자Key Vault Administrator 인증서, 키 및 비밀을 포함 하 여 주요 자격 증명 모음 및 해당 개체에 있는 모든 개체에 대 한 모든 데이터 평면 작업을 수행 합니다.Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. 주요 자격 증명 모음 리소스를 관리 하거나 역할 할당을 관리할 수 없습니다.Cannot manage key vault resources or manage role assignments. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Key Vault 인증서 담당자Key Vault Certificates Officer 권한 관리를 제외한 key vault의 인증서에 대 한 작업을 수행 합니다.Perform any action on the certificates of a key vault, except manage permissions. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
키 자격 증명 모음 기여자Key Vault Contributor 키 자격 증명 모음을 관리 하지만 Azure RBAC에서 역할을 할당 하는 것을 허용 하지 않으며 비밀, 키 또는 인증서에 액세스할 수 없습니다.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Key Vault Crypto 담당자Key Vault Crypto Officer 권한 관리를 제외한 key vault 키에 대 한 작업을 수행 합니다.Perform any action on the keys of a key vault, except manage permissions. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Key Vault Crypto Service 암호화 사용자Key Vault Crypto Service Encryption User 키의 메타 데이터를 읽고 래핑/래핑 해제 작업을 수행 합니다.Read metadata of keys and perform wrap/unwrap operations. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
암호화 사용자 Key VaultKey Vault Crypto User 키를 사용 하 여 암호화 작업을 수행 합니다.Perform cryptographic operations using keys. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Key Vault 판독기Key Vault Reader 키 자격 증명 모음 및 해당 인증서, 키 및 비밀의 메타 데이터를 읽습니다.Read metadata of key vaults and its certificates, keys, and secrets. 비밀 콘텐츠 또는 키 자료와 같은 중요 한 값을 읽을 수 없습니다.Cannot read sensitive values such as secret contents or key material. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Key Vault 비밀 책임자Key Vault Secrets Officer 권한 관리를 제외한 key vault의 비밀에 대 한 작업을 수행 합니다.Perform any action on the secrets of a key vault, except manage permissions. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
비밀 사용자 Key VaultKey Vault Secrets User 비밀 콘텐츠를 읽습니다.Read secret contents. ' Azure 역할 기반 액세스 제어 ' 권한 모델을 사용 하는 키 자격 증명 모음에만 적용 됩니다.Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
관리 되는 HSM 참가자Managed HSM contributor 관리 되는 HSM 풀을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage managed HSM pools, but not access to them. 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d
보안 관리자Security Admin Security Center에 대한 권한을 살펴보고 업데이트할 수 있습니다.View and update permissions for Security Center. 보안 읽기 권한자 역할과 동일한 권한이며, 보안 정책을 업데이트하고 경고 및 권장 사항을 해제할 수도 있습니다.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
보안 평가 기여자Security Assessment Contributor Security Center로 평가를 푸시할 수 있습니다.Lets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
보안 관리자(레거시)Security Manager (Legacy) 레거시 역할입니다.This is a legacy role. 그 대신 보안 관리자를 사용하세요.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
보안 판독기Security Reader Security Center에 대한 권한을 살펴볼 수 있습니다.View permissions for Security Center. 권장 사항, 경고, 보안 정책 및 보안 상태를 볼 수 있지만 변경할 수는 없습니다.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
DevTest Lab 사용자DevTest Labs User Azure DevTest Labs의 가상 머신을 연결, 시작, 다시 시작 및 종료할 수 있습니다.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
랩 작성자Lab Creator Azure 랩 계정으로 새 랩을 만들 수 있습니다.Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
모니터Monitor
Application Insights 구성 요소 기여자Application Insights Component Contributor Application Insights 구성 요소를 관리할 수 있음Can manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights 스냅샷 디버거Application Insights Snapshot Debugger Application Insights 스냅샷 디버거를 사용하여 수집한 디버그 스냅샷을 보고 다운로드할 수 있는 사용자 권한을 제공합니다.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 이러한 사용 권한은 소유자 또는 기여자 역할에 포함되지 않습니다.Note that these permissions are not included in the Owner or Contributor roles. 사용자에게 Application Insights 스냅샷 디버거 역할을 부여할 때 사용자에게 직접 역할을 부여해야 합니다.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 이 역할은 사용자 지정 역할에 추가될 때 인식되지 않습니다.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Monitoring ContributorMonitoring Contributor 모든 모니터링 데이터를 읽고 모니터링 설정을 편집할 수 있음Can read all monitoring data and edit monitoring settings. Azure Monitor에서의 역할, 권한 및 보안 시작도 참조하세요.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
모니터링 메트릭 게시자Monitoring Metrics Publisher Azure 리소스에 대한 게시 메트릭 사용Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Monitoring ReaderMonitoring Reader 모든 모니터링 데이터를 읽을 수 있음(메트릭, 로그 등)Can read all monitoring data (metrics, logs, etc.). Azure Monitor에서의 역할, 권한 및 보안 시작도 참조하세요.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
통합 문서 기여자Workbook Contributor 공유 통합 문서를 저장할 수 있습니다.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
통합 문서 읽기 권한자Workbook Reader 통합 문서를 읽을 수 있습니다.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
관리 + 거버넌스Management + governance
Automation 작업 연산자Automation Job Operator Automation Runbook을 사용하여 작업을 만들고 관리합니다.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Automation 운영자Automation Operator 자동화 연산자는 작업을 시작, 중지, 일시 중단 및 다시 시작할 수 있습니다.Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Automation Runbook 연산자Automation Runbook Operator Runbook 작업을 만들려면 Runbook 속성을 읽어보세요.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Azure Connected Machine 온보딩Azure Connected Machine Onboarding Azure Connected Machines을 온보딩할 수 있습니다.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Azure Connected Machine 리소스 관리자Azure Connected Machine Resource Administrator Azure Connected Machines을 읽고, 쓰고, 삭제하고, 다시 온보딩할 수 있습니다.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
청구 읽기 권한자Billing Reader 결제 데이터에 대해 읽기 권한 허용Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
청사진 기여자Blueprint Contributor 청사진 정의를 관리할 수 있지만 할당할 수는 없습니다.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
청사진 연산자Blueprint Operator 게시된 기존 청사진을 할당할 수 있지만 새 청사진을 만들 수는 없습니다.Can assign existing published blueprints, but cannot create new blueprints. 이 역할은 사용자가 할당한 관리 ID를 사용하여 할당하는 경우에만 작동합니다.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Cost Management 기여자Cost Management Contributor 비용을 확인하고 비용 구성(예: 예산, 내보내기)을 관리할 수 있음Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Cost Management 읽기 권한자Cost Management Reader 비용 데이터 및 구성(예: 예산, 내보내기)을 확인할 수 있음Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
계층 구조 설정 관리자Hierarchy Settings Administrator 사용자가 계층 구조 설정을 편집하고 삭제할 수 있습니다.Allows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Kubernetes Cluster-Azure Arc 온 보 딩Kubernetes Cluster - Azure Arc Onboarding ConnectedClusters 리소스를 만들도록 모든 사용자/서비스에 권한을 부여 하는 역할 정의Role definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
관리형 애플리케이션 기여자 역할Managed Application Contributor Role 관리형 애플리케이션 리소스를 만들 수 있습니다.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
관리되는 애플리케이션 운영자 역할Managed Application Operator Role 관리되는 애플리케이션 리소스에서 작업을 읽고 수행할 수 있습니다.Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Managed Applications 읽기 권한자Managed Applications Reader 관리 앱 및 요청 JIT 액세스에서 리소스를 읽을 수 있습니다.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
관리형 서비스 등록 할당 삭제 역할Managed Services Registration assignment Delete Role 관리형 서비스 등록 할당 삭제 역할은 관리하는 테넌트 사용자가 테넌트에 할당된 등록 할당을 삭제할 수 있도록 허용합니다.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
관리 그룹 참가자Management Group Contributor 관리 그룹 참가자 역할Management Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
관리 그룹 읽기 권한자Management Group Reader 관리 그룹 읽기 권한자 역할Management Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
NewRelic APM 계정 기여자New Relic APM Account Contributor New Relic Application Performance Management 계정 및 애플리케이션을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Policy Insights 데이터 쓰기 권한자(미리 보기)Policy Insights Data Writer (Preview) 리소스 정책에 대한 읽기 액세스 권한과 리소스 구성 요소 정책 이벤트에 대한 쓰기 액세스 권한을 허용합니다.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
예약 구매Reservation Purchaser 예약을 구매할 수 있습니다.Lets you purchase reservations f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689
리소스 정책 기여자Resource Policy Contributor 리소스 정책을 생성/수정하고, 지원 티켓을 만들고, 리소스/계층 구조를 읽을 수 있는 권한을 가진 사용자입니다.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Site Recovery 기여자Site Recovery Contributor 자격 증명 모음 만들기 및 역할 할당을 제외한 Site Recovery 서비스를 관리할 수 있습니다.Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery 운영자Site Recovery Operator 장애 조치(failover) 및 장애 복구(failback)를 수행할 수 있지만 다른 Site Recovery 관리 작업은 수행할 수 없습니다.Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery 구독자Site Recovery Reader Site Recovery 상태를 볼 수 있지만 다른 관리 작업은 수행할 수 없습니다.Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
지원 요청 참가자Support Request Contributor 지원 요청을 만들고 관리할 수 있습니다.Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
태그 기여자Tag Contributor 엔터티의 태그를 관리할 수 있으며, 엔터티 자체에 대한 액세스 권한은 없습니다.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
기타Other
Azure Digital Twins 데이터 소유자Azure Digital Twins Data Owner 디지털 쌍 데이터 평면에 대 한 모든 권한 역할Full access role for Digital Twins data-plane bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe
Azure Digital Twins 데이터 판독기Azure Digital Twins Data Reader Digital Twins 데이터 평면 속성에 대 한 읽기 전용 역할Read-only role for Digital Twins data-plane properties d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3
BizTalk 참가자BizTalk Contributor BizTalk Services를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
데스크톱 가상화 응용 프로그램 그룹 기여자Desktop Virtualization Application Group Contributor 데스크톱 가상화 응용 프로그램 그룹의 기여자입니다.Contributor of the Desktop Virtualization Application Group. 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8
데스크톱 가상화 응용 프로그램 그룹 읽기 권한자Desktop Virtualization Application Group Reader 데스크톱 가상화 응용 프로그램 그룹의 판독기입니다.Reader of the Desktop Virtualization Application Group. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
데스크톱 가상화 기여자Desktop Virtualization Contributor 데스크톱 가상화의 기여자입니다.Contributor of Desktop Virtualization. 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387
데스크톱 가상화 호스트 풀 기여자Desktop Virtualization Host Pool Contributor 데스크톱 가상화 호스트 풀의 기여자입니다.Contributor of the Desktop Virtualization Host Pool. e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc
데스크톱 가상화 호스트 풀 판독기Desktop Virtualization Host Pool Reader 데스크톱 가상화 호스트 풀의 판독기입니다.Reader of the Desktop Virtualization Host Pool. ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822
데스크톱 가상화 판독기Desktop Virtualization Reader 데스크톱 가상화의 판독기입니다.Reader of Desktop Virtualization. 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868
데스크톱 가상화 세션 호스트 운영자Desktop Virtualization Session Host Operator 데스크톱 가상화 세션 호스트의 연산자입니다.Operator of the Desktop Virtualization Session Host. 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408
데스크톱 가상화 사용자Desktop Virtualization User 사용자가 응용 프로그램 그룹에서 응용 프로그램을 사용할 수 있습니다.Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
데스크톱 가상화 사용자 세션 운영자Desktop Virtualization User Session Operator 데스크톱 가상화 Uesr 세션의 연산자입니다.Operator of the Desktop Virtualization Uesr Session. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
데스크톱 가상화 작업 영역 기여자Desktop Virtualization Workspace Contributor 데스크톱 가상화 작업 영역의 기여자입니다.Contributor of the Desktop Virtualization Workspace. 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b
데스크톱 가상화 작업 영역 판독기Desktop Virtualization Workspace Reader 데스크톱 가상화 작업 영역의 판독기입니다.Reader of the Desktop Virtualization Workspace. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
디스크 백업 판독기Disk Backup Reader 백업 자격 증명 모음에서 디스크 백업을 수행할 수 있는 권한을 제공 합니다.Provides permission to backup vault to perform disk backup. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24
Disk Restore 운영자Disk Restore Operator 디스크 복원을 수행 하는 백업 자격 증명 모음에 대 한 사용 권한을 제공 합니다.Provides permission to backup vault to perform disk restore. b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13
디스크 스냅숏 참가자Disk Snapshot Contributor 백업 자격 증명 모음에서 디스크 스냅숏을 관리할 수 있는 권한을 제공 합니다.Provides permission to backup vault to manage disk snapshots. 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce
Scheduler 작업 컬렉션 참가자Scheduler Job Collections Contributor Scheduler 작업 컬렉션을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
서비스 허브 운영자Services Hub Operator 서비스 허브 운영자를 사용 하면 서비스 허브 커넥터와 관련 된 모든 읽기, 쓰기 및 삭제 작업을 수행할 수 있습니다.Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b

일반General

참가자Contributor

모든 리소스를 관리할 수 있는 모든 권한을 부여 하지만, Azure RBAC에서 역할을 할당 하거나, Azure 청사진의 할당을 관리 하거나, 이미지 갤러리를 공유할 수 없습니다.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. 자세한 정보Learn more

동작Actions 설명Description
* 모든 유형의 리소스 만들기 및 관리Create and manage resources of all types
NotActionsNotActions
Microsoft 권한 부여/*/deleteMicrosoft.Authorization/*/Delete 역할, 정책 할당, 정책 정의 및 정책 집합 정의를 삭제합니다.Delete roles, policy assignments, policy definitions and policy set definitions
Microsoft 인증/*/쓰기Microsoft.Authorization/*/Write 역할, 역할 할당, 정책 할당, 정책 정의 및 정책 집합 정의를 기록합니다.Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft 인증/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action 테넌트 범위에서 호출자에게 사용자 액세스 관리자 액세스 권한 부여Grants the caller User Access Administrator access at the tenant scope
/BlueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 청사진 할당을 만들거나 업데이트합니다.Create or update any blueprint assignments
/BlueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 청사진 할당을 삭제합니다.Delete any blueprint assignments
/Galleries/share/action 계산Microsoft.Compute/galleries/share/action 갤러리를 여러 범위에 공유Shares a Gallery to different scopes
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

소유자Owner

Azure RBAC에서 역할을 할당 하는 기능을 포함 하 여 모든 리소스를 관리할 수 있는 모든 권한을 부여 합니다.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 자세한 정보Learn more

동작Actions 설명Description
* 모든 유형의 리소스 만들기 및 관리Create and manage resources of all types
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

판독기Reader

모든 리소스를 볼 수 있지만 변경할 수는 없습니다.View all resources, but does not allow you to make any changes. 자세한 정보Learn more

동작Actions 설명Description
*/read*/read 암호를 제외한 모든 유형의 리소스를 읽습니다.Read resources of all types, except secrets.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

사용자 액세스 관리자User Access Administrator

Azure 리소스에 대한 사용자 액세스를 관리할 수 있습니다.Lets you manage user access to Azure resources. 자세한 정보Learn more

동작Actions 설명Description
*/read*/read 암호를 제외한 모든 유형의 리소스를 읽습니다.Read resources of all types, except secrets.
Microsoft 인증/*Microsoft.Authorization/* 권한 부여 관리Manage authorization
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

컴퓨팅Compute

클래식 Virtual Machine 참가자Classic Virtual Machine Contributor

클래식 가상 머신을 관리할 수 있지만 가상 머신이나 연결된 가상 네트워크 또는 스토리지 계정에 액세스할 수는 없습니다.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft.classiccompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 클래식 컴퓨팅 도메인 이름 만들기 및 관리Create and manage classic compute domain names
Microsoft.classiccompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 가상 머신 만들기 및 관리Create and manage virtual machines
Microsoft.classicnetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.classicnetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 예약된 IP를 연결합니다.Link a reserved Ip
Microsoft.classicnetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 예약된 IP를 가져옵니다.Gets the reserved Ips
Microsoft.classicnetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 가상 네트워크를 조인합니다.Joins the virtual network.
Microsoft.classicnetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 가상 네트워크를 가져옵니다.Get the virtual network.
ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 스토리지 계정 디스크를 반환합니다.Returns the storage account disk.
ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 스토리지 계정 이미지를 반환합니다.Returns the storage account image. (사용되지 않음,(Deprecated. 대신 ‘Microsoft.ClassicStorage/storageAccounts/vmImages’ 사용)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 스토리지 계정의 액세스 키를 나열합니다.Lists the access keys for the storage accounts.
ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 지정된 계정의 스토리지 계정을 반환합니다.Return the storage account with the given account.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

가상 머신 관리자 로그인Virtual Machine Administrator Login

포털에서 Virtual Machines를 확인 하 고 관리자 권한 으로 로그인 합니다.View Virtual Machines in the portal and login as administrator Learn more

동작Actions 설명Description
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 공용 IP 주소 정의를 가져옵니다.Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 부하 분산 장치 정의를 가져옵니다.Gets a load balancer definition
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 네트워크 인터페이스 정의를 가져옵니다.Gets a network interface definition.
/VirtualMachines/*/creadMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
없음none
DataActionsDataActions
/VirtualMachines/login/action 계산Microsoft.Compute/virtualMachines/login/action 가상 머신에 일반 사용자로 로그인합니다.Log in to a virtual machine as a regular user
/VirtualMachines/loginAsAdmin/action 계산Microsoft.Compute/virtualMachines/loginAsAdmin/action 가상 머신에 Windows 관리자 또는 Linux 루트 사용자 권한으로 로그인합니다.Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

가상 머신 참가자Virtual Machine Contributor

가상 머신을 관리할 수 있지만 가상머신이나 연결된 가상 네트워크 또는 스토리지 계정에 액세스할 수는 없습니다.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
/AvailabilitySets/*Microsoft.Compute/availabilitySets/* 컴퓨팅 가용성 집합 만들기 및 관리Create and manage compute availability sets
/Locations/*Microsoft.Compute/locations/* 컴퓨팅 위치 만들기 및 관리Create and manage compute locations
/VirtualMachines/*Microsoft.Compute/virtualMachines/* 가상 컴퓨터 만들기, 업데이트, 삭제, 시작, 다시 시작, 전원 끄기 등을 비롯 한 모든 가상 컴퓨터 작업을 수행 합니다.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. 가상 머신에서 미리 정의 된 스크립트를 실행 합니다.Execute predefined scripts on virtual machines.
/VirtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 가상 머신 확장 집합 만들기 및 관리Create and manage virtual machine scale sets
/Disks/write 계산Microsoft.Compute/disks/write 새 디스크를 만들거나 기존 디스크를 업데이트합니다.Creates a new Disk or updates an existing one
/Disks/read 계산Microsoft.Compute/disks/read 디스크의 속성을 가져옵니다.Get the properties of a Disk
Microsoft. Compute/disks/deleteMicrosoft.Compute/disks/delete 디스크를 삭제합니다.Deletes the Disk
Microsoft. DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft. Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 애플리케이션 게이트웨이 백 엔드 주소 풀을 조인합니다.Joins an application gateway backend address pool. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 부하 분산 장치 백 엔드 주소 풀을 조인합니다.Joins a load balancer backend address pool. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 부하 분산 장치 인바운드 NAT 풀을 조인합니다.Joins a load balancer inbound NAT pool. 경고할 수 없습니다.Not alertable.
Microsoft. Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 부하 분산 장치 인바운드 NAT 규칙을 조인합니다.Joins a load balancer inbound nat rule. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action 부하 분산 장치 프로브 사용을 허용합니다.Allows using probes of a load balancer. 예를 들어 이 권한이 있으면 VM 확장 집합의 healthProbe 속성이 프로브를 참조할 수 있습니다.For example, with this permission healthProbe property of VM scale set can reference the probe. 경고할 수 없습니다.Not alertable.
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 부하 분산 장치 정의를 가져옵니다.Gets a load balancer definition
Microsoft. Network/locations/*Microsoft.Network/locations/* 네트워크 위치 만들기 및 관리Create and manage network locations
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* 네트워크 인터페이스 만들기 및 관리Create and manage network interfaces
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 네트워크 보안 그룹을 조인합니다.Joins a network security group. 경고할 수 없습니다.Not Alertable.
Microsoft. 네트워크/네트워크보안Microsoft.Network/networkSecurityGroups/read 네트워크 보안 그룹 정의를 가져옵니다.Gets a network security group definition
Microsoft. Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 공용 IP 주소를 조인합니다.Joins a public ip address. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 공용 IP 주소 정의를 가져옵니다.Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 가상 네트워크를 조인합니다.Joins a virtual network. 경고할 수 없습니다.Not Alertable.
Microsoft RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 백업 보호 의도 만들기Create a backup Protection Intent
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/sreadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 보호된 항목의 개체 정보를 반환합니다.Returns object details of the Protected Item
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 백업 보호 항목을 만듭니다.Create a backup Protected Item
Microsoft RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 모든 보호 정책을 반환합니다.Returns all Protection Policies
Microsoft RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 보호 정책을 만듭니다.Creates Protection Policy
Microsoft RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 자격 증명 모음 가져오기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 나타내는 개체를 가져옵니다.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services 자격 증명 모음에 대한 사용 세부 정보를 반환합니다.Returns usage details for a Recovery Services Vault.
Microsoft RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 자격 증명 모음 만들기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 만듭니다.Create Vault operation creates an Azure resource of type 'vault'
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 지정된 스토리지 계정에 대한 액세스 키를 반환합니다.Returns the access keys for the specified storage account.
Microsoft Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 스토리지 계정의 목록을 반환하거나 지정된 스토리지 계정의 속성을 가져옵니다.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

가상 머신 사용자 로그인Virtual Machine User Login

포털에서 Virtual Machines를 보고 일반 사용자 권한으로 로그인합니다.View Virtual Machines in the portal and login as a regular user. 자세한 정보Learn more

동작Actions 설명Description
Microsoft. Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 공용 IP 주소 정의를 가져옵니다.Gets a public ip address definition.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 부하 분산 장치 정의를 가져옵니다.Gets a load balancer definition
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 네트워크 인터페이스 정의를 가져옵니다.Gets a network interface definition.
/VirtualMachines/*/creadMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
없음none
DataActionsDataActions
/VirtualMachines/login/action 계산Microsoft.Compute/virtualMachines/login/action 가상 머신에 일반 사용자로 로그인합니다.Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

네트워킹Networking

CD 엔드포인트 참가자CDN Endpoint Contributor

CDN 엔드포인트를 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Can manage CDN endpoints, but can't grant access to other users.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 엔드포인트 독자CDN Endpoint Reader

CDN 엔드포인트를 볼 수 있지만 변경할 수는 없습니다.Can view CDN endpoints, but can't make changes.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/profiles/endpoints/*/읽기Microsoft.Cdn/profiles/endpoints/*/read
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 프로필 참가자CDN Profile Contributor

CDN 프로필과 해당 엔드포인트를 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Can manage CDN profiles and their endpoints, but can't grant access to other users. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/프로필/*Microsoft.Cdn/profiles/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 프로필 독자CDN Profile Reader

CDN 프로필과 해당 엔드포인트를 볼 수 있지만 변경할 수는 없습니다.Can view CDN profiles and their endpoints, but can't make changes.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft Cdn/프로/*/> 읽기Microsoft.Cdn/profiles/*/read
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

클래식 네트워크 참가자Classic Network Contributor

기본 네트워크를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage classic networks, but not access to them. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft.classicnetwork/*Microsoft.ClassicNetwork/* 클래식 네트워크 만들기 및 관리Create and manage classic networks
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DNS 영역 참가자DNS Zone Contributor

Azure DNS의 DNS 영역과 레코드 집합을 관리할 수 있지만 액세스할 수 있는 사람을 제어할 수는 없습니다.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft. Network/dnsZones/*Microsoft.Network/dnsZones/* DNS 영역 및 레코드 만들기 및 관리Create and manage DNS zones and records
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

네트워크 참가자Network Contributor

네트워크를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage networks, but not access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft 네트워크/*Microsoft.Network/* 네트워크 만들기 및 관리Create and manage networks
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

사설 DNS 영역 기여자Private DNS Zone Contributor

개인 DNS 영역 리소스를 관리할 수 있지만 연결 된 가상 네트워크는 관리할 수 없습니다.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft. Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft. Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft. Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/virtualNetworks/join/actionMicrosoft.Network/virtualNetworks/join/action 가상 네트워크를 조인합니다.Joins a virtual network. 경고할 수 없습니다.Not Alertable.
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Traffic Manager 참가자Traffic Manager Contributor

Traffic Manager 프로필을 관리할 수 있지만 액세스할 수 있는 사람을 제어할 수는 없습니다.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft. Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

스토리지Storage

Avere 기여자Avere Contributor

Avere vFXT 클러스터를 만들고 관리할 수 있습니다.Can create and manage an Avere vFXT cluster. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft. Compute/*/creadMicrosoft.Compute/*/read
/AvailabilitySets/*Microsoft.Compute/availabilitySets/*
/ProximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
/VirtualMachines/*Microsoft.Compute/virtualMachines/*
/Disks/*Microsoft.Compute/disks/*
Microsoft. 네트워크/*/읽기Microsoft.Network/*/read
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 가상 네트워크 서브넷 정의를 가져옵니다.Gets a virtual network subnet definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 가상 네트워크를 조인합니다.Joins a virtual network. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 스토리지 계정 또는 SQL 데이터베이스 같은 리소스를 서브넷에 조인합니다.Joins resource such as storage account or SQL database to a subnet. 경고할 수 없습니다.Not alertable.
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 네트워크 보안 그룹을 조인합니다.Joins a network security group. 경고할 수 없습니다.Not Alertable.
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 저장소/*/읽기Microsoft.Storage/*/read
Microsoft Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 스토리지 계정 만들기 및 관리Create and manage storage accounts
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
/Subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read 리소스 그룹에 대한 리소스를 가져옵니다.Gets the resources for the resource group.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Blob 삭제 결과를 반환합니다.Returns the result of deleting a blob
Microsoft Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Blob 또는 Blob 목록을 반환합니다.Returns a blob or a list of blobs
Microsoft Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Blob 쓰기 결과 반환Returns the result of writing a blob
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Avere 운영자Avere Operator

Avere vFXT 클러스터에서 클러스터를 관리 하는 데 사용 됩니다. 자세한 정보Used by the Avere vFXT cluster to manage the cluster Learn more

동작Actions 설명Description
/VirtualMachines/read 계산Microsoft.Compute/virtualMachines/read 가상 머신의 속성을 가져옵니다.Get the properties of a virtual machine
Microsoft. Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 네트워크 인터페이스 정의를 가져옵니다.Gets a network interface definition.
Microsoft. Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 네트워크 인터페이스를 만들거나 기존 네트워크 인터페이스를 업데이트합니다.Creates a network interface or updates an existing network interface.
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft. Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 가상 네트워크 서브넷 정의를 가져옵니다.Gets a virtual network subnet definition
Microsoft. Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 가상 네트워크를 조인합니다.Joins a virtual network. 경고할 수 없습니다.Not Alertable.
Microsoft. Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 네트워크 보안 그룹을 조인합니다.Joins a network security group. 경고할 수 없습니다.Not Alertable.
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 컨테이너 삭제 결과를 반환합니다.Returns the result of deleting a container
Microsoft Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 컨테이너 목록을 반환합니다.Returns list of containers
Microsoft Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write Blob 컨테이너 넣기의 결과를 반환합니다.Returns the result of put blob container
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Blob 삭제 결과를 반환합니다.Returns the result of deleting a blob
Microsoft Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Blob 또는 Blob 목록을 반환합니다.Returns a blob or a list of blobs
Microsoft Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Blob 쓰기 결과 반환Returns the result of writing a blob
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup 참가자Backup Contributor

백업 서비스를 관리할 수 있지만 자격 증명 모음을 만들고 다른 사용자에 게 액세스 권한을 부여할 수 없습니다. 자세한 정보Lets you manage backup service, but can't create vaults and give access to others Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* 백업 관리에 대한 작업의 결과 관리Manage results of operation on backup management
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Recovery Services 자격 증명 모음의 백업 패브릭 내에서 백업 컨테이너 만들기 및 관리Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 컨테이너 목록을 새로 고칩니다.Refreshes the container list
Microsoft RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 백업 작업 만들기 및 관리Create and manage backup jobs
Microsoft RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 작업을 내보냅니다.Export Jobs
Microsoft RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 백업 관리 작업의 결과 만들기 및 관리Create and manage Results of backup management operations
Microsoft RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* 백업 정책 만들기 및 관리Create and manage backup policies
Microsoft RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 백업할 수 있는 항목 만들기 및 관리Create and manage items which can be backed up
Microsoft RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* 백업한 항목 만들기 및 관리Create and manage backed up items
Microsoft RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* 백업 항목을 보유하는 컨테이너 만들기 및 관리Create and manage containers holding backup items
Microsoft RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services의 보호된 항목 및 보호된 서버에 대한 요약을 반환합니다.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Recovery Services 자격 증명 모음의 백업과 관련된 인증서 만들기 및 관리Create and manage certificates related to backup in Recovery Services vault
Microsoft RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 자격 증명 모음과 관련된 확장 정보 만들기 및 관리Create and manage extended info related to vault
Microsoft RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services 자격 증명 모음에 대한 경고를 받습니다.Gets the alerts for the Recovery services vault.
Microsoft RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 자격 증명 모음 가져오기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 나타내는 개체를 가져옵니다.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 등록된 ID 만들기 및 관리Create and manage registered identities
Microsoft RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* Recovery Services 자격 증명 모음 만들기 및 사용 관리Create and manage usage of Recovery Services vault
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 스토리지 계정의 목록을 반환하거나 지정된 스토리지 계정의 속성을 가져옵니다.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 보호된 항목에 대한 작업의 유효성을 검사합니다.Validate Operation on Protected Item
Microsoft RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 자격 증명 모음 만들기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 만듭니다.Create Vault operation creates an Azure resource of type 'vault'
Microsoft RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services 자격 증명 모음의 Backup 작업 상태를 반환합니다.Returns Backup Operation Status for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 자격 증명 모음에 등록된 모든 백업 관리 서버를 반환합니다.Returns all the backup management servers registered with vault.
Microsoft RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 보호 가능한 컨테이너를 모두 가져옵니다.Get all protectable containers
Microsoft RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services 자격 증명 모음의 백업 상태를 반환합니다.Check Backup Status for Recovery Services Vaults
Microsoft RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 기능의 유효성을 검사합니다.Validate Features
Microsoft RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 경고를 해결합니다.Resolves the alert.
Microsoft RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 작업에서 리소스 공급자에 대한 작업 목록을 반환합니다.Operation returns the list of Operations for a Resource Provider
Microsoft RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 지정된 작업의 작업 상태를 가져옵니다.Gets Operation Status for a given Operation
Microsoft RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 모든 백업 보호 의도를 나열합니다.List all backup Protection Intents
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup 운영자Backup Operator

백업 제거, 자격 증명 모음 만들기 및 다른 사용자에 게 액세스 권한 부여를 제외 하 고 백업 서비스를 관리할 수 있습니다.Lets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft. Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 가상 네트워크 정의를 가져옵니다.Get the virtual network definition
Microsoft RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 작업의 상태를 반환합니다.Returns status of the operation
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 보호 컨테이너에 대해 수행된 작업의 결과를 가져옵니다.Gets result of Operation performed on Protection Container.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 보호 항목 Backup을 수행합니다.Performs Backup for Protected Item.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 보호 항목에 대해 수행된 작업의 결과를 가져옵니다.Gets Result of Operation Performed on Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 보호 항목에 대해 수행된 작업의 상태를 반환합니다.Returns the status of Operation performed on Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 보호된 항목의 개체 정보를 반환합니다.Returns object details of the Protected Item
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 보호된 항목에 대한 빠른 항목 복구를 프로비전합니다.Provision Instant Item Recovery for Protected Item
Microsoft RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/actionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action 지역 간 복원에 대 한 AccessToken를 가져옵니다.Get AccessToken for Cross Region Restore.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 보호 항목의 복구 지점을 가져옵니다.Get Recovery Points for Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 보호 항목의 복구 지점을 복원합니다.Restore Recovery Points for Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 보호된 항목에 대한 빠른 항목 복구를 취소합니다.Revoke Instant Item Recovery for Protected Item
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 백업 보호 항목을 만듭니다.Create a backup Protected Item
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 등록된 모든 컨테이너를 반환합니다.Returns all registered containers
Microsoft RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 컨테이너 목록을 새로 고칩니다.Refreshes the container list
Microsoft RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 백업 작업 만들기 및 관리Create and manage backup jobs
Microsoft RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 작업을 내보냅니다.Export Jobs
Microsoft RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 백업 관리 작업의 결과 만들기 및 관리Create and manage Results of backup management operations
Microsoft RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 정책 작업의 결과를 가져옵니다.Get Results of Policy Operation.
Microsoft RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 모든 보호 정책을 반환합니다.Returns all Protection Policies
Microsoft RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 백업할 수 있는 항목 만들기 및 관리Create and manage items which can be backed up
Microsoft RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 모든 보호 항목 목록을 반환합니다.Returns the list of all Protected Items.
Microsoft RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 구독에 속하는 컨테이너를 모두 반환합니다.Returns all containers belonging to the subscription
Microsoft RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services의 보호된 항목 및 보호된 서버에 대한 요약을 반환합니다.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write 리소스 인증서 업데이트 작업은 리소스/저장소 자격 증명 인증서를 업데이트합니다.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 확장 정보 가져오기 작업에서는 ‘자격 증명 모음’ 형식의 Azure 리소스를 나타내는 개체의 확장 정보를 가져옵니다.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write 확장 정보 가져오기 작업에서는 ‘자격 증명 모음’ 형식의 Azure 리소스를 나타내는 개체의 확장 정보를 가져옵니다.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services 자격 증명 모음에 대한 경고를 받습니다.Gets the alerts for the Recovery services vault.
Microsoft RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 자격 증명 모음 가져오기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 나타내는 개체를 가져옵니다.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 작업 결과 가져오기 작업을 사용하여 비동기적으로 제출된 작업에 대한 작업 상태와 결과를 가져올 수 있습니다.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 컨테이너 가져오기 작업을 사용하여 리소스에 대해 등록된 컨테이너를 가져올 수 있습니다.The Get Containers operation can be used get the containers registered for a resource.
Microsoft RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write 서비스 컨테이너 등록 작업을 사용하여 복구 서비스와 함께 컨테이너를 등록할 수 있습니다.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services 자격 증명 모음에 대한 사용 세부 정보를 반환합니다.Returns usage details for a Recovery Services Vault.
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 스토리지 계정의 목록을 반환하거나 지정된 스토리지 계정의 속성을 가져옵니다.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 보호된 항목에 대한 작업의 유효성을 검사합니다.Validate Operation on Protected Item
Microsoft RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services 자격 증명 모음의 Backup 작업 상태를 반환합니다.Returns Backup Operation Status for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 정책 작업의 상태를 가져옵니다.Get Status of Policy Operation.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 등록된 컨테이너를 만듭니다.Creates a registered container
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action 컨테이너 내의 워크로드를 조회합니다.Do inquiry for workloads within a container
Microsoft RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 자격 증명 모음에 등록된 모든 백업 관리 서버를 반환합니다.Returns all the backup management servers registered with vault.
Microsoft RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 백업 보호 의도 만들기Create a backup Protection Intent
Microsoft RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 백업 보호 의도를 가져옵니다.Get a backup Protection Intent
Microsoft RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 보호 가능한 컨테이너를 모두 가져옵니다.Get all protectable containers
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 컨테이너의 모든 항목을 가져옵니다.Get all items in a container
Microsoft RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services 자격 증명 모음의 백업 상태를 반환합니다.Check Backup Status for Recovery Services Vaults
Microsoft RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 기능의 유효성을 검사합니다.Validate Features
Microsoft RecoveryServices/locations/backupAadProperties/readMicrosoft.RecoveryServices/locations/backupAadProperties/read 지역 간 복원에 대 한 세 번째 지역에서 인증에 대 한 AAD 속성을 가져옵니다.Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft RecoveryServices/locations/backupCrrJobs/actionMicrosoft.RecoveryServices/locations/backupCrrJobs/action 보조 지역에서 Recovery Services 자격 증명 모음에 대 한 지역 간 복원 작업을 나열 합니다.List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft RecoveryServices/locations/backupCrrJob/actionMicrosoft.RecoveryServices/locations/backupCrrJob/action 보조 지역에서 Recovery Services 자격 증명 모음에 대 한 지역 간 복원 작업 세부 정보를 가져옵니다.Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft RecoveryServices/locations/backupCrossRegionRestore/actionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action 지역 간 복원을 트리거합니다.Trigger Cross region restore.
Microsoft RecoveryServices/locations/backupCrrOperationResults/readMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read Recovery Services 자격 증명 모음에 대 한 CRR 작업 결과를 반환 합니다.Returns CRR Operation Result for Recovery Services Vault.
Microsoft RecoveryServices/locations/backupCrrOperationsStatus/readMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read Recovery Services 자격 증명 모음에 대 한 CRR 작업 상태를 반환 합니다.Returns CRR Operation Status for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 경고를 해결합니다.Resolves the alert.
Microsoft RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 작업에서 리소스 공급자에 대한 작업 목록을 반환합니다.Operation returns the list of Operations for a Resource Provider
Microsoft RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 지정된 작업의 작업 상태를 가져옵니다.Gets Operation Status for a given Operation
Microsoft RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 모든 백업 보호 의도를 나열합니다.List all backup Protection Intents
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Backup 읽기 권한자Backup Reader

백업 서비스를 볼 수 있지만 변경할 수 없습니다. 자세한 정보Can view backup services, but can't make changes Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp는 서비스에서 사용하는 내부 작업입니다.GetAllocatedStamp is internal operation used by service
Microsoft RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 작업의 상태를 반환합니다.Returns status of the operation
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 보호 컨테이너에 대해 수행된 작업의 결과를 가져옵니다.Gets result of Operation performed on Protection Container.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 보호 항목에 대해 수행된 작업의 결과를 가져옵니다.Gets Result of Operation Performed on Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 보호 항목에 대해 수행된 작업의 상태를 반환합니다.Returns the status of Operation performed on Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 보호된 항목의 개체 정보를 반환합니다.Returns object details of the Protected Item
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 보호 항목의 복구 지점을 가져옵니다.Get Recovery Points for Protected Items.
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 등록된 모든 컨테이너를 반환합니다.Returns all registered containers
Microsoft RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 작업의 작업 결과를 반환합니다.Returns the Result of Job Operation.
Microsoft RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 모든 작업 개체를 반환합니다.Returns all Job Objects
Microsoft RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 작업을 내보냅니다.Export Jobs
Microsoft RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Recovery Services 자격 증명 모음의 Backup 작업 결과를 반환합니다.Returns Backup Operation Result for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 정책 작업의 결과를 가져옵니다.Get Results of Policy Operation.
Microsoft RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 모든 보호 정책을 반환합니다.Returns all Protection Policies
Microsoft RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 모든 보호 항목 목록을 반환합니다.Returns the list of all Protected Items.
Microsoft RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 구독에 속하는 컨테이너를 모두 반환합니다.Returns all containers belonging to the subscription
Microsoft RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Recovery Services의 보호된 항목 및 보호된 서버에 대한 요약을 반환합니다.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 확장 정보 가져오기 작업에서는 ‘자격 증명 모음’ 형식의 Azure 리소스를 나타내는 개체의 확장 정보를 가져옵니다.The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Recovery Services 자격 증명 모음에 대한 경고를 받습니다.Gets the alerts for the Recovery services vault.
Microsoft RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 자격 증명 모음 가져오기 작업에서는 '자격 증명 모음' 형식의 Azure 리소스를 나타내는 개체를 가져옵니다.The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 작업 결과 가져오기 작업을 사용하여 비동기적으로 제출된 작업에 대한 작업 상태와 결과를 가져올 수 있습니다.The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 컨테이너 가져오기 작업을 사용하여 리소스에 대해 등록된 컨테이너를 가져올 수 있습니다.The Get Containers operation can be used get the containers registered for a resource.
Microsoft RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Recovery Services 자격 증명 모음에 대한 스토리지 구성을 반환합니다.Returns Storage Configuration for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read Recovery Services 자격 증명 모음에 구성을 반환합니다.Returns Configuration for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read Recovery Services 자격 증명 모음의 Backup 작업 상태를 반환합니다.Returns Backup Operation Status for Recovery Services Vault.
Microsoft RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 정책 작업의 상태를 가져옵니다.Get Status of Policy Operation.
Microsoft RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 자격 증명 모음에 등록된 모든 백업 관리 서버를 반환합니다.Returns all the backup management servers registered with vault.
Microsoft RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 백업 보호 의도를 가져옵니다.Get a backup Protection Intent
Microsoft RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 컨테이너의 모든 항목을 가져옵니다.Get all items in a container
Microsoft RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action Recovery Services 자격 증명 모음의 백업 상태를 반환합니다.Check Backup Status for Recovery Services Vaults
Microsoft RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 경고를 해결합니다.Resolves the alert.
Microsoft RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 작업에서 리소스 공급자에 대한 작업 목록을 반환합니다.Operation returns the list of Operations for a Resource Provider
Microsoft RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 지정된 작업의 작업 상태를 가져옵니다.Gets Operation Status for a given Operation
Microsoft RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 모든 백업 보호 의도를 나열합니다.List all backup Protection Intents
Microsoft RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read Recovery Services 자격 증명 모음에 대한 사용 세부 정보를 반환합니다.Returns usage details for a Recovery Services Vault.
Microsoft RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 기능의 유효성을 검사합니다.Validate Features
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

클래식 Storage 계정 참가자Classic Storage Account Contributor

클래식 Storage 계정을 관리할 수 있지만 여기에 액세스할 수는 없습니다.Lets you manage classic storage accounts, but not access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* 스토리지 계정 만들기 및 관리Create and manage storage accounts
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

클래식 스토리지 계정 키 운영자 서비스 역할Classic Storage Account Key Operator Service Role

클래식 저장소 계정 키 운영자가 클래식 저장소 계정에서 키를 나열 하 고 다시 생성할 수 있습니다. 자세한 정보Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

동작Actions 설명Description
ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action 스토리지 계정의 액세스 키를 나열합니다.Lists the access keys for the storage accounts.
ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action 스토리지 계정에 대한 기존 액세스 키를 다시 생성합니다.Regenerates the existing access keys for the storage account.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box 기여자Data Box Contributor

다른 사람에게 액세스 권한을 부여하는 것을 제외한 모든 항목을 Data Box 서비스에서 관리할 수 있습니다.Lets you manage everything under Data Box Service except giving access to others. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Databox/*Microsoft.Databox/*
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Box 읽기 권한자Data Box Reader

주문하기나 주문 세부 정보 편집 및 다른 사용자에게 액세스 권한 부여 외에 Data Box 서비스를 관리할 수 있습니다.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Databox/*/읽기Microsoft.Databox/*/read
Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 주문과 관련된 암호화되지 않은 자격 증명을 나열합니다.Lists the unencrypted credentials related to the order.
Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action 이 메서드는 사용할 수 있는 SKU 목록을 반환합니다.This method returns the list of available skus.
Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action 이 메서드는 모든 유형의 유효성 검사를 수행합니다.This method does all type of validations.
Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action 이 메서드는 영역에 대한 구성을 반환합니다.This method returns the configurations for the region.
Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action 배송 주소의 유효성을 검사하고, 있는 경우, 대체 주소를 제공합니다.Validates the shipping address and provides alternate addresses if any.
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Lake Analytics 개발자Data Lake Analytics Developer

사용자 자신의 작업을 제출, 모니터링 및 관리할 수 있지만 Data Lake Analytics 계정을 만들거나 삭제할 수는 없습니다.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete DataLakeAnalytics 계정을 삭제합니다.Delete a DataLakeAnalytics account.
DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action 다른 사용자가 제출한 작업을 취소하는 권한을 부여합니다.Grant permissions to cancel jobs submitted by other users.
DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write DataLakeAnalytics 계정을 만들거나 업데이트합니다.Create or update a DataLakeAnalytics account.
DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write DataLakeAnalytics 계정과 연결된 DataLakeStore 계정을 만들거나 업데이트합니다.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete DataLakeAnalytics 계정에서 DataLakeStore 계정을 연결 해제합니다.Unlink a DataLakeStore account from a DataLakeAnalytics account.
DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write DataLakeAnalytics 계정과 연결된 Storage 계정을 만들거나 업데이트합니다.Create or update a linked Storage account of a DataLakeAnalytics account.
DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete DataLakeAnalytics 계정에서 Storage 계정을 연결 해제합니다.Unlink a Storage account from a DataLakeAnalytics account.
DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write 방화벽 규칙을 만들거나 업데이트합니다.Create or update a firewall rule.
DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete 방화벽 규칙을 삭제합니다.Delete a firewall rule.
DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write 컴퓨팅 정책을 만들거나 업데이트합니다.Create or update a compute policy.
DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete 컴퓨팅 정책을 삭제합니다.Delete a compute policy.
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

읽기 권한자 및 데이터 액세스Reader and Data Access

모든 것을 볼 수 있지만, 스토리지 계정 또는 포함된 리소스를 삭제하거나 만들 수는 없습니다.Lets you view everything but will not let you delete or create a storage account or contained resource. 또한 스토리지 계정 키에 액세스하여 스토리지 계정에 포함된 모든 데이터를 읽고 쓸 수 있습니다.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

동작Actions 설명Description
Microsoft Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 지정된 스토리지 계정에 대한 액세스 키를 반환합니다.Returns the access keys for the specified storage account.
Microsoft Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 지정된 스토리지 계정에 대한 계정 SAS 토큰을 반환합니다.Returns the Account SAS token for the specified storage account.
Microsoft Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 스토리지 계정의 목록을 반환하거나 지정된 스토리지 계정의 속성을 가져옵니다.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 계정 참가자Storage Account Contributor

스토리지 계정을 관리할 수 있도록 허용합니다.Permits management of storage accounts. 공유 키 권한 부여를 통해 데이터에 액세스하는 데 사용할 수 있는 계정 키에 대한 액세스 권한을 제공합니다.Provides access to the account key, which can be used to access data via Shared Key authorization. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Analysis Server에 대한 진단 설정 생성, 업데이트 및 읽기Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 스토리지 계정 또는 SQL 데이터베이스 같은 리소스를 서브넷에 조인합니다.Joins resource such as storage account or SQL database to a subnet. 경고할 수 없습니다.Not alertable.
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 스토리지 계정 만들기 및 관리Create and manage storage accounts
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

스토리지 계정 키 운영자 서비스 역할Storage Account Key Operator Service Role

스토리지 계정 액세스 키를 나열하고 다시 생성할 수 있도록 허용합니다.Permits listing and regenerating storage account access keys. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 지정된 스토리지 계정에 대한 액세스 키를 반환합니다.Returns the access keys for the specified storage account.
Microsoft Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 지정된 스토리지 계정에 대한 액세스 키를 다시 생성합니다.Regenerates the access keys for the specified storage account.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob 데이터 기여자Storage Blob Data Contributor

Azure Storage 컨테이너 및 BLOB을 읽고, 쓰고, 삭제합니다.Read, write, and delete Azure Storage containers and blobs. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 컨테이너를 삭제합니다.Delete a container.
Microsoft Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 컨테이너 또는 컨테이너 목록을 반환합니다.Return a container or a list of containers.
Microsoft Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 컨테이너의 메타데이터 또는 속성을 수정합니다.Modify a container's metadata or properties.
Microsoft Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service의 사용자 위임 키를 반환합니다.Returns a user delegation key for the Blob service.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Blob을 삭제합니다.Delete a blob.
Microsoft Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB 또는 BLOB 목록을 반환합니다.Return a blob or a list of blobs.
Microsoft Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write BLOB에 씁니다.Write to a blob.
Microsoft Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action BLOB을 한 경로에서 다른 경로로 이동합니다.Moves the blob from one path to another
Microsoft Storage/storageAccounts/blobServices/containers/blobs/add/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/add/action Blob 콘텐츠 추가 결과를 반환합니다.Returns the result of adding blob content
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob 데이터 소유자Storage Blob Data Owner

POSIX 액세스 제어 할당을 포함하여 Azure Storage BLOB 컨테이너 및 데이터에 대한 모든 액세스 권한을 제공합니다.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* 컨테이너에 대한 모든 권한이 있습니다.Full permissions on containers.
Microsoft Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service의 사용자 위임 키를 반환합니다.Returns a user delegation key for the Blob service.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* BLOB에 대한 모든 권한이 있습니다.Full permissions on blobs.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob 데이터 읽기 권한자Storage Blob Data Reader

Azure Storage 컨테이너 및 BLOB을 읽고 나열합니다.Read and list Azure Storage containers and blobs. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 컨테이너 또는 컨테이너 목록을 반환합니다.Return a container or a list of containers.
Microsoft Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service의 사용자 위임 키를 반환합니다.Returns a user delegation key for the Blob service.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read BLOB 또는 BLOB 목록을 반환합니다.Return a blob or a list of blobs.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage Blob 위임자Storage Blob Delegator

Azure AD 자격 증명으로 서명된 컨테이너 또는 BLOB의 공유 액세스 서명을 만드는 데 사용할 수 있는 사용자 위임 키를 가져옵니다.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 자세한 내용은 사용자 위임 SAS 만들기를 참조하세요.For more information, see Create a user delegation SAS. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Blob service의 사용자 위임 키를 반환합니다.Returns a user delegation key for the Blob service.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 파일 데이터 SMB 공유 기여자Storage File Data SMB Share Contributor

Azure 파일 공유의 파일/디렉터리에 대한 읽기, 쓰기 및 삭제 액세스를 허용합니다.Allows for read, write, and delete access on files/directories in Azure file shares. Windows 파일 서버에는 이 역할에 상응하는 기본 제공 역할이 없습니다.This role has no built-in equivalent on Windows file servers. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 파일/폴더 또는 파일/폴더 목록을 반환합니다.Returns a file/folder or a list of files/folders.
Microsoft Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 파일을 쓰거나 폴더를 만든 결과를 반환합니다.Returns the result of writing a file or creating a folder.
Microsoft Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 파일/폴더를 삭제한 결과를 반환합니다.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 파일 데이터 SMB 공유 높은 권한 기여자Storage File Data SMB Share Elevated Contributor

Azure 파일 공유의 파일/디렉터리에 대한 ACL을 읽고, 쓰고, 삭제하고, 수정할 수 있습니다.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 이 역할은 Windows 파일 서버의 변경 내용에 대한 파일 공유 ACL에 해당합니다.This role is equivalent to a file share ACL of change on Windows file servers. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 파일/폴더 또는 파일/폴더 목록을 반환합니다.Returns a file/folder or a list of files/folders.
Microsoft Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 파일을 쓰거나 폴더를 만든 결과를 반환합니다.Returns the result of writing a file or creating a folder.
Microsoft Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 파일/폴더를 삭제한 결과를 반환합니다.Returns the result of deleting a file/folder.
Microsoft Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action 파일/폴더에 대한 권한을 수정한 결과를 반환합니다.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 파일 데이터 SMB 공유 읽기 권한자Storage File Data SMB Share Reader

Azure 파일 공유의 파일/디렉터리에 대한 읽기 액세스를 허용합니다.Allows for read access on files/directories in Azure file shares. 이 역할은 Windows 파일 서버에 대한 파일 공유 ACL 읽기에 해당합니다.This role is equivalent to a file share ACL of read on Windows file servers. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 파일/폴더 또는 파일/폴더 목록을 반환합니다.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 큐 데이터 기여자Storage Queue Data Contributor

Azure Storage 큐 및 큐 메시지를 읽고, 쓰고, 삭제할 수 있습니다.Read, write, and delete Azure Storage queues and queue messages. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete 큐를 삭제합니다.Delete a queue.
Microsoft Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 큐 또는 큐 목록을 반환합니다.Return a queue or a list of queues.
Microsoft Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write 큐 메타데이터 또는 속성을 수정합니다.Modify queue metadata or properties.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 큐에서 하나 이상의 메시지를 삭제합니다.Delete one or more messages from a queue.
Microsoft Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 큐에서 하나 이상의 메시지를 선택 또는 검색합니다.Peek or retrieve one or more messages from a queue.
Microsoft Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write 큐에 메시지를 추가합니다.Add a message to a queue.
Microsoft Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 메시지 처리 결과를 반환합니다.Returns the result of processing a message
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 큐 데이터 메시지 처리자Storage Queue Data Message Processor

Azure Storage 큐의 메시지를 선택, 검색 및 삭제할 수 있습니다.Peek, retrieve, and delete a message from an Azure Storage queue. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 메시지를 선택합니다.Peek a message.
Microsoft Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 메시지를 검색하고 삭제합니다.Retrieve and delete a message.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 큐 데이터 메시지 보내는 사람Storage Queue Data Message Sender

Azure Storage 큐에 메시지를 추가할 수 있습니다.Add messages to an Azure Storage queue. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action 큐에 메시지를 추가합니다.Add a message to a queue.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Storage 큐 데이터 읽기 권한자Storage Queue Data Reader

Azure Storage 큐 및 큐 메시지를 읽고 나열할 수 있습니다.Read and list Azure Storage queues and queue messages. 특정 데이터 연산에 어떤 작업이 필요한지 알아보려면 BLOB 및 큐 데이터 연산을 호출하기 위한 권한을 참조하세요.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 큐 또는 큐 목록을 반환합니다.Returns a queue or a list of queues.
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 큐에서 하나 이상의 메시지를 선택 또는 검색합니다.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Web

Azure Maps 데이터 기여자Azure Maps Data Contributor

Azure maps 계정에서 관련 데이터를 매핑하기 위한 읽기, 쓰기 및 삭제 액세스 권한을 부여 합니다.Grants access to read, write, and delete access to map related data from an Azure maps account. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Maps/accounts/*/sreadMicrosoft.Maps/accounts/*/read
Microsoft Maps/accounts/*/쓰기Microsoft.Maps/accounts/*/write
Microsoft Maps/accounts/*/deleteMicrosoft.Maps/accounts/*/delete
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Maps 데이터 읽기 권한자Azure Maps Data Reader

Azure 맵 계정에서 맵 관련 데이터를 읽을 수 있는 액세스 권한을 부여합니다.Grants access to read map related data from an Azure maps account. 자세한 정보Learn more

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Maps/accounts/*/sreadMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Search 서비스 참가자Search Service Contributor

Search 서비스를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Search services, but not access to them. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft. 검색/검색Microsoft.Search/searchServices/* 검색 서비스 만들기 및 관리Create and manage search services
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR AccessKey 판독기SignalR AccessKey Reader

SignalR 서비스 액세스 키 읽기Read SignalR Service Access Keys

동작Actions 설명Description
SignalRService/*/읽기Microsoft.SignalRService/*/read
SignalRService/SignalR/listkeys/actionMicrosoft.SignalRService/SignalR/listkeys/action 관리 포털에서 또는 API를 통해 SignalR 액세스 키 값을 봅니다.View the value of SignalR access keys in the management portal or through API
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR App 서버 (미리 보기)SignalR App Server (Preview)

앱 서버에서 AAD 인증 옵션을 사용 하 여 SignalR Service에 액세스할 수 있습니다.Lets your app server access SignalR Service with AAD auth options.

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
SignalRService/SignalR/auth/accessKey/actionMicrosoft.SignalRService/SignalR/auth/accessKey/action ClientTokens에 서명 하기 위한 임시 AccessKey를 생성 합니다.Generate a temporary AccessKey for signing ClientTokens.
SignalRService/SignalR/serverConnection/writeMicrosoft.SignalRService/SignalR/serverConnection/write 서버 연결을 시작 합니다.Start a server connection.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 기여자SignalR Contributor

SignalR service 리소스를 만들고, 읽고, 업데이트 하 고, 삭제 합니다.Create, Read, Update, and Delete SignalR service resources

동작Actions 설명Description
SignalRService/*Microsoft.SignalRService/*
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 서버를 사용 하지 않는 참가자 (미리 보기)SignalR Serverless Contributor (Preview)

AAD 인증 옵션을 사용 하 여 앱이 서버 리스 모드에서 서비스에 액세스할 수 있도록 합니다.Lets your app access service in serverless mode with AAD auth options.

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
SignalRService/SignalR/auth/clientToken/actionMicrosoft.SignalRService/SignalR/auth/clientToken/action 클라이언트 연결을 시작 하기 위한 ClientToken을 생성 합니다.Generate a ClientToken for starting a client connection.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app access service in serverless mode with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Serverless Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR 서비스 소유자 (미리 보기)SignalR Service Owner (Preview)

Azure SignalR Service REST Api에 대 한 모든 권한Full access to Azure SignalR Service REST APIs

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
SignalRService/SignalR/hub/send/actionMicrosoft.SignalRService/SignalR/hub/send/action 허브의 모든 클라이언트 연결에 메시지를 브로드캐스트합니다.Broadcast messages to all client connections in hub.
SignalRService/SignalR/group/send/actionMicrosoft.SignalRService/SignalR/group/send/action 그룹에 메시지를 브로드캐스트합니다.Broadcast message to group.
SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read 그룹의 존재 여부 또는 그룹의 사용자 유무를 확인 합니다.Check group existence or user existence in group.
SignalRService/SignalR/group/writeMicrosoft.SignalRService/SignalR/group/write 그룹에 참가/탈퇴 합니다.Join / Leave group.
SignalRService/SignalR/clientConnection/send/actionMicrosoft.SignalRService/SignalR/clientConnection/send/action 클라이언트 연결에 직접 메시지를 보냅니다.Send messages directly to a client connection.
SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read 클라이언트 연결 존재를 확인 합니다.Check client connection existence.
SignalRService/SignalR/clientConnection/writeMicrosoft.SignalRService/SignalR/clientConnection/write 클라이언트 연결을 닫습니다.Close client connection.
SignalRService/SignalR/user/send/actionMicrosoft.SignalRService/SignalR/user/send/action 여러 클라이언트 연결로 구성 될 수 있는 사용자에 게 메시지를 보냅니다.Send messages to user, who may consist of multiple client connections.
SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read 사용자 존재를 확인 합니다.Check user existence.
SignalRService/SignalR/user/writeMicrosoft.SignalRService/SignalR/user/write
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SignalR Service Reader (미리 보기)SignalR Service Reader (Preview)

Azure SignalR Service REST Api에 대 한 읽기 전용 액세스Read-only access to Azure SignalR Service REST APIs

동작Actions 설명Description
없음none
NotActionsNotActions
없음none
DataActionsDataActions
SignalRService/SignalR/group/readMicrosoft.SignalRService/SignalR/group/read 그룹의 존재 여부 또는 그룹의 사용자 유무를 확인 합니다.Check group existence or user existence in group.
SignalRService/SignalR/clientConnection/readMicrosoft.SignalRService/SignalR/clientConnection/read 클라이언트 연결 존재를 확인 합니다.Check client connection existence.
SignalRService/SignalR/user/readMicrosoft.SignalRService/SignalR/user/read 사용자 존재를 확인 합니다.Check user existence.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

웹 계획 참가자Web Plan Contributor

웹 사이트의 웹 계획을 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage the web plans for websites, but not access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft 웹/serverFarms/*Microsoft.Web/serverFarms/* 서버 팜 만들기 및 관리Create and manage server farms
Microsoft 웹/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action App Service Environment를 조인합니다.Joins an App Service Environment
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

웹 사이트 참가자Website Contributor

웹 사이트(웹 계획은 제외)를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage websites (not web plans), but not access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft Insights/components/*Microsoft.Insights/components/* Insights 구성 요소 만들기 및 관리Create and manage Insights components
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft. 웹/certificates/*Microsoft.Web/certificates/* 웹 사이트 인증서 만들기 및 관리Create and manage website certificates
Microsoft 웹/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 호스트 이름에 할당된 사이트의 이름을 가져옵니다.Get names of sites assigned to hostname.
Microsoft 웹/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action App Service 계획 조인Joins an App Service Plan
Microsoft 웹/serverFarms/readMicrosoft.Web/serverFarms/read App Service 계획의 속성을 가져옵니다.Get the properties on an App Service Plan
Microsoft 웹/sites/*Microsoft.Web/sites/* 웹 사이트 만들기 및 관리(사이트 만들기도 관련 App Service 계획에 대한 쓰기 권한이 필요)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

컨테이너Containers

AcrDeleteAcrDelete

acr 삭제 자세한 정보acr delete Learn more

동작Actions 설명Description
Microsoft.containerregistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete 컨테이너 레지스트리의 아티팩트를 삭제합니다.Delete artifact in a container registry.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

acr 이미지 서명자 자세히 알아보기acr image signer Learn more

동작Actions 설명Description
Microsoft.containerregistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write 컨테이너 레지스트리에 대한 콘텐츠 신뢰 메타데이터를 푸시/풀합니다.Push/Pull content trust metadata for a container registry.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

acr 풀 자세히 알아보기acr pull Learn more

동작Actions 설명Description
Microsoft.containerregistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 컨테이너 레지스트리에서 이미지를 끌어오거나 가져옵니다.Pull or Get images from a container registry.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

acr 푸시 자세한 정보acr push Learn more

동작Actions 설명Description
Microsoft.containerregistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 컨테이너 레지스트리에서 이미지를 끌어오거나 가져옵니다.Pull or Get images from a container registry.
Microsoft.containerregistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write 컨테이너 레지스트리에 이미지를 푸시하거나 작성합니다.Push or Write images to a container registry.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

acr 격리 데이터 읽기 권한자acr quarantine data reader

동작Actions 설명Description
Microsoft.containerregistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 컨테이너 레지스트리에서 격리된 이미지를 끌어오거나 가져옵니다.Pull or Get quarantined images from container registry
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

acr 격리 데이터 작성자acr quarantine data writer

동작Actions 설명Description
Microsoft.containerregistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 컨테이너 레지스트리에서 격리된 이미지를 끌어오거나 가져옵니다.Pull or Get quarantined images from container registry
Microsoft.containerregistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write 격리된 이미지의 격리 상태를 작성/수정합니다.Write/Modify quarantine state of quarantined images
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 클러스터 관리자 역할Azure Kubernetes Service Cluster Admin Role

클러스터 관리자 자격 증명 작업을 나열합니다.List cluster admin credential action. 자세한 정보Learn more

동작Actions 설명Description
ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 관리되는 클러스터의 clusterAdmin 자격 증명을 나열합니다.List the clusterAdmin credential of a managed cluster
ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action 자격 증명 나열을 사용하여 역할 이름별로 관리되는 클러스터 액세스 프로필을 가져옵니다.Get a managed cluster access profile by role name using list credential
ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read 관리되는 클러스터를 가져옵니다.Get a managed cluster
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 클러스터 사용자 역할Azure Kubernetes Service Cluster User Role

클러스터 사용자 자격 증명 작업을 나열합니다.List cluster user credential action. 자세한 정보Learn more

동작Actions 설명Description
ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 관리되는 클러스터의 clusterUser 자격 증명을 나열합니다.List the clusterUser credential of a managed cluster
ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read 관리되는 클러스터를 가져옵니다.Get a managed cluster
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 기여자 역할Azure Kubernetes Service Contributor Role

Azure Kubernetes 서비스 클러스터에 대 한 읽기 및 쓰기 권한을 부여 합니다. 자세한 정보Grants access to read and write Azure Kubernetes Service clusters Learn more

동작Actions 설명Description
ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/read 관리되는 클러스터를 가져옵니다.Get a managed cluster
ContainerService/managedClusters/writeMicrosoft.ContainerService/managedClusters/write 새 관리되는 클러스터를 만들거나 기존 관리되는 클러스터를 업데이트합니다.Creates a new managed cluster or updates an existing one
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes 서비스 RBAC 관리자Azure Kubernetes Service RBAC Admin

리소스 할당량 및 네임 스페이스 업데이트 또는 삭제를 제외 하 고 클러스터/네임 스페이스 아래의 모든 리소스를 관리할 수 있습니다.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/writeMicrosoft.Resources/deployments/write 배포를 만들거나 업데이트합니다.Creates or updates an deployment.
/Subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 구독 작업 결과를 가져옵니다.Get the subscription operation results.
/Subscriptions/readMicrosoft.Resources/subscriptions/read 구독 목록을 가져옵니다.Gets the list of subscriptions.
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 관리되는 클러스터의 clusterUser 자격 증명을 나열합니다.List the clusterUser credential of a managed cluster
NotActionsNotActions
없음none
DataActionsDataActions
ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
ContainerService/managedClusters/resourcequotas/writeMicrosoft.ContainerService/managedClusters/resourcequotas/write 다음으로 기록Writes resourcequotas
ContainerService/managedClusters/resourcequotas/deleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete Resourc를 삭제 합니다.Deletes resourcequotas
ContainerService/managedClusters/namespaces/writeMicrosoft.ContainerService/managedClusters/namespaces/write 네임 스페이스 쓰기Writes namespaces
ContainerService/managedClusters/namespaces/deleteMicrosoft.ContainerService/managedClusters/namespaces/delete 네임 스페이스 삭제Deletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes 서비스 RBAC 클러스터 관리자Azure Kubernetes Service RBAC Cluster Admin

클러스터의 모든 리소스를 관리할 수 있습니다.Lets you manage all resources in the cluster. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/writeMicrosoft.Resources/deployments/write 배포를 만들거나 업데이트합니다.Creates or updates an deployment.
/Subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 구독 작업 결과를 가져옵니다.Get the subscription operation results.
/Subscriptions/readMicrosoft.Resources/subscriptions/read 구독 목록을 가져옵니다.Gets the list of subscriptions.
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 관리되는 클러스터의 clusterUser 자격 증명을 나열합니다.List the clusterUser credential of a managed cluster
NotActionsNotActions
없음none
DataActionsDataActions
ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes 서비스 RBAC 판독기Azure Kubernetes Service RBAC Reader

읽기 전용 액세스를 허용 하 여 네임 스페이스의 대부분의 개체를 표시 합니다.Allows read-only access to see most objects in a namespace. 역할 또는 역할 바인딩을 볼 수 없습니다.It does not allow viewing roles or role bindings. 비밀의 콘텐츠를 읽으면 네임 스페이스의 ServiceAccount 자격 증명에 액세스할 수 있으므로이 역할은 암호 보기를 허용 하지 않습니다 .이는 네임 스페이스의 모든 ServiceAccount (권한 상승 형태)로 API 액세스를 허용 합니다.This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). 클러스터 범위에서이 역할을 적용 하면 모든 네임 스페이스에 대 한 액세스 권한이 부여 됩니다.Applying this role at cluster scope will give access across all namespaces. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/writeMicrosoft.Resources/deployments/write 배포를 만들거나 업데이트합니다.Creates or updates an deployment.
/Subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 구독 작업 결과를 가져옵니다.Get the subscription operation results.
/Subscriptions/readMicrosoft.Resources/subscriptions/read 구독 목록을 가져옵니다.Gets the list of subscriptions.
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Controllerrevisions 읽습니다.Reads controllerrevisions
ContainerService/managedClusters/apps/daemonsets/readMicrosoft.ContainerService/managedClusters/apps/daemonsets/read Daemonsets 읽기Reads daemonsets
ContainerService/managedClusters/apps/deployments/readMicrosoft.ContainerService/managedClusters/apps/deployments/read 배포 읽기Reads deployments
ContainerService/managedClusters/apps/replicasets/readMicrosoft.ContainerService/managedClusters/apps/replicasets/read Replicasets 읽기Reads replicasets
ContainerService/managedClusters/apps/statefulsets/readMicrosoft.ContainerService/managedClusters/apps/statefulsets/read Statefulsets 읽기Reads statefulsets
ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/readMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read Horizontalpodautoscalers 읽기Reads horizontalpodautoscalers
ContainerService/managedClusters/batch/cronjobs/readMicrosoft.ContainerService/managedClusters/batch/cronjobs/read Cronjobs 읽기Reads cronjobs
ContainerService/managedClusters/batch/jobs/readMicrosoft.ContainerService/managedClusters/batch/jobs/read 작업 읽기Reads jobs
ContainerService/managedClusters/configmaps/readMicrosoft.ContainerService/managedClusters/configmaps/read Configmaps를 읽습니다.Reads configmaps
ContainerService/managedClusters/endpoints/readMicrosoft.ContainerService/managedClusters/endpoints/read 끝점 읽기Reads endpoints
ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read 이벤트 읽기Reads events
ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read 이벤트 읽기Reads events
ContainerService/managedClusters/extensions/daemonsets/readMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read Daemonsets 읽기Reads daemonsets
ContainerService/managedClusters/extensions/deployments/readMicrosoft.ContainerService/managedClusters/extensions/deployments/read 배포 읽기Reads deployments
ContainerService/managedClusters/extensions/ingresses/readMicrosoft.ContainerService/managedClusters/extensions/ingresses/read 조절기 읽기Reads ingresses
ContainerService/managedClusters/extensions/networkpolicies/readMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read Networkpolicies 읽습니다.Reads networkpolicies
ContainerService/managedClusters/extensions/replicasets/readMicrosoft.ContainerService/managedClusters/extensions/replicasets/read Replicasets 읽기Reads replicasets
ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read 대 범위 범위 읽기Reads limitranges
ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read 네임 스페이스 읽기Reads namespaces
ContainerService/managedClusters/networking.k8s.io/ingresses/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read 조절기 읽기Reads ingresses
ContainerService/managedClusters/networking.k8s.io/networkpolicies/readMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read Networkpolicies 읽습니다.Reads networkpolicies
ContainerService/managedClusters/persistentvolumeclaims/readMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read Persistentvolumeclaims 읽기Reads persistentvolumeclaims
ContainerService/managedClusters/pods/readMicrosoft.ContainerService/managedClusters/pods/read Pod 읽기Reads pods
ContainerService/managedClusters/policy/poddisruptionbudgets/readMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read Poddisruptionbudgets 읽기Reads poddisruptionbudgets
ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Replicationcontrollers 읽기Reads replicationcontrollers
ContainerService/managedClusters/replicationcontrollers/readMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Replicationcontrollers 읽기Reads replicationcontrollers
ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Resourc를 다음과 같이 읽습니다.Reads resourcequotas
ContainerService/managedClusters/serviceaccounts/readMicrosoft.ContainerService/managedClusters/serviceaccounts/read Serviceaccounts를 읽습니다.Reads serviceaccounts
ContainerService/managedClusters/services/readMicrosoft.ContainerService/managedClusters/services/read 서비스 읽기Reads services
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes 서비스 RBAC 기록기Azure Kubernetes Service RBAC Writer

네임 스페이스의 대부분의 개체에 대 한 읽기/쓰기 액세스를 허용 합니다. 이 역할은 역할이 나 역할 바인딩을 보거나 수정할 수 없습니다.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. 그러나이 역할을 사용 하 여 네임 스페이스의 ServiceAccount로 Pod를 실행 하 고 암호에 액세스할 수 있으므로 네임 스페이스에 있는 모든 ServiceAccount의 API 액세스 수준을 얻을 수 있습니다.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. 클러스터 범위에서이 역할을 적용 하면 모든 네임 스페이스에 대 한 액세스 권한이 부여 됩니다.Applying this role at cluster scope will give access across all namespaces. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
/Deployments/writeMicrosoft.Resources/deployments/write 배포를 만들거나 업데이트합니다.Creates or updates an deployment.
/Subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 구독 작업 결과를 가져옵니다.Get the subscription operation results.
/Subscriptions/readMicrosoft.Resources/subscriptions/read 구독 목록을 가져옵니다.Gets the list of subscriptions.
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
ContainerService/managedClusters/apps/controllerrevisions/readMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Controllerrevisions 읽습니다.Reads controllerrevisions
ContainerService/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/*
ContainerService/managedClusters/apps/deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/*
ContainerService/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/*
ContainerService/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/*
ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
ContainerService/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/*
ContainerService/managedClusters/batch/jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/*
ContainerService/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/*
ContainerService/managedClusters/endpoints/*Microsoft.ContainerService/managedClusters/endpoints/*
ContainerService/managedClusters/events.k8s.io/events/readMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read 이벤트 읽기Reads events
ContainerService/managedClusters/events/readMicrosoft.ContainerService/managedClusters/events/read 이벤트 읽기Reads events
ContainerService/managedClusters/extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/*
ContainerService/managedClusters/extensions/deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/*
ContainerService/managedClusters/extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/*
ContainerService/managedClusters/extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*
ContainerService/managedClusters/extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/*
ContainerService/managedClusters/limitranges/readMicrosoft.ContainerService/managedClusters/limitranges/read 대 범위 범위 읽기Reads limitranges
ContainerService/managedClusters/namespaces/readMicrosoft.ContainerService/managedClusters/namespaces/read 네임 스페이스 읽기Reads namespaces
ContainerService/managedClusters/networking.k8s.io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
ContainerService/managedClusters/networking.k8s.io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
ContainerService/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
ContainerService/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/*
ContainerService/managedClusters/policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
ContainerService/managedClusters/resourcequotas/readMicrosoft.ContainerService/managedClusters/resourcequotas/read Resourc를 다음과 같이 읽습니다.Reads resourcequotas
ContainerService/managedClusters/secrets/*Microsoft.ContainerService/managedClusters/secrets/*
ContainerService/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/*
ContainerService/managedClusters/services/*Microsoft.ContainerService/managedClusters/services/*
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

데이터베이스Databases

Cosmos DB 계정 독자 역할Cosmos DB Account Reader Role

Azure Cosmos DB 계정 데이터를 읽을 수 있음.Can read Azure Cosmos DB account data. Azure Cosmos DB 계정 관리는 DocumentDB 계정 참가자를 참조하세요.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft.DocumentDB/*/읽기Microsoft.DocumentDB/*/read 컬렉션 읽기Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action 데이터베이스 계정 읽기 전용 키를 읽습니다.Reads the database account readonly keys.
Microsoft Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read 메트릭 정의 읽기Read metric definitions
Microsoft Insights/Metrics/readMicrosoft.Insights/Metrics/read 메트릭 읽기Read metrics
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cosmos DB 운영자Cosmos DB Operator

Azure Cosmos DB 계정을 관리할 수 있지만 계정의 데이터에 액세스할 수는 없습니다.Lets you manage Azure Cosmos DB accounts, but not access data in them. 계정 키 및 연결 문자열에 대한 액세스를 차단합니다.Prevents access to account keys and connection strings. 자세한 정보Learn more

동작Actions 설명Description
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 스토리지 계정 또는 SQL 데이터베이스 같은 리소스를 서브넷에 조인합니다.Joins resource such as storage account or SQL database to a subnet. 경고할 수 없습니다.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

계정에 대 한 Cosmos DB 데이터베이스 또는 컨테이너에 대해 복원 요청을 제출할 수 있습니다. 자세한 정보Can submit restore request for a Cosmos DB database or a container for an account Learn more

동작Actions 설명Description
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action 백업 구성하는 요청 제출Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 복원 요청 제출Submit a restore request
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperatorCosmosRestoreOperator

연속 백업 모드를 사용 하 여 Cosmos DB 데이터베이스 계정에 대 한 복원 작업을 수행할 수 있습니다.Can perform restore action for Cosmos DB database account with continuous backup mode

동작Actions 설명Description
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/actionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action 복원 요청 제출Submit a restore request
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/sreadMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read
Microsoft.DocumentDB/locations/restorableDatabaseAccounts/readMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read 복원 가능한 데이터베이스 계정을 읽거나 모든 복원 가능한 데이터베이스 계정을 나열 합니다.Read a restorable database account or List all the restorable database accounts
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DocumentDB 계정 참가자DocumentDB Account Contributor

Azure Cosmos DB 계정을 관리할 수 있습니다.Can manage Azure Cosmos DB accounts. Azure Cosmos DB는 이전의 DocumentDB입니다.Azure Cosmos DB is formerly known as DocumentDB. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Azure Cosmos DB 계정 만들기 및 관리Create and manage Azure Cosmos DB accounts
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 스토리지 계정 또는 SQL 데이터베이스 같은 리소스를 서브넷에 조인합니다.Joins resource such as storage account or SQL database to a subnet. 경고할 수 없습니다.Not alertable.
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Redis Cache 참가자Redis Cache Contributor

Redis Cache를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage Redis caches, but not access to them.

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
/Register/actionMicrosoft.Cache/register/action ‘Microsoft.Cache’ 리소스 공급자를 구독에 등록합니다.Registers the 'Microsoft.Cache' resource provider with a subscription
/Redis/*Microsoft.Cache/redis/* Redis 캐시 만들기 및 관리Create and manage Redis caches
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL DB 참가자SQL DB Contributor

SQL 데이터베이스를 관리할 수 있지만 액세스할 수는 없습니다.Lets you manage SQL databases, but not access to them. 또한 보안 관련 정책이나 부모 SQL 서버를 관리할 수 없습니다.Also, you can't manage their security-related policies or their parent SQL servers. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft .sql/locations/*/읽기Microsoft.Sql/locations/*/read
Microsoft .sql/servers/databases/*Microsoft.Sql/servers/databases/* SQL 데이터베이스 만들기 및 관리Create and manage SQL databases
Microsoft .sql/servers/readMicrosoft.Sql/servers/read 서버 목록을 가져오거나 지정된 서버에 대한 속성을 가져옵니다.Return the list of servers or gets the properties for the specified server.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 메트릭 읽기Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 메트릭 정의 읽기Read metric definitions
NotActionsNotActions
Microsoft .Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft .Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft .Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft .Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft .Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 감사 설정 편집Edit audit settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 데이터베이스 blob 감사 레코드를 검색합니다.Retrieve the database blob audit records
Microsoft .Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft .Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 데이터 마스킹 정책 편집Edit data masking policies
Microsoft .Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft .Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft .Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 보안 경고 정책 편집Edit security alert policies
Microsoft .Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 보안 메트릭 편집Edit security metrics
Microsoft .Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft .Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft .Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Managed Instance 기여자SQL Managed Instance Contributor

SQL Managed Instances 및 필수 네트워크 구성을 관리할 수 있지만 다른 사용자에게 액세스 권한을 부여할 수는 없습니다.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

동작Actions 설명Description
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft. Network/Pgsecurityggggggg/*Microsoft.Network/networkSecurityGroups/*
Microsoft. Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft .sql/locations/*/읽기Microsoft.Sql/locations/*/read
Microsoft .Sql/locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft .Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft. Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft. Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 메트릭 읽기Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 메트릭 정의 읽기Read metric definitions
NotActionsNotActions
Microsoft .Sql/managedInstances/azureADOnlyAuthentications/deleteMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete 인증 개체만 Azure Active Directory 특정 관리 되는 서버를 삭제 합니다.Deletes a specific managed server Azure Active Directory only authentication object
Microsoft .Sql/managedInstances/azureADOnlyAuthentications/writeMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write 특정 관리 되는 서버 Azure Active Directory 인증 개체만 추가 하거나 업데이트 합니다.Adds or updates a specific managed server Azure Active Directory only authentication object
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL 보안 관리자SQL Security Manager

SQL Server 및 데이터베이스의 보안과 관련된 정책을 관리할 수 있지만 여기에 액세스할 수는 없습니다.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft. Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 스토리지 계정 또는 SQL 데이터베이스 같은 리소스를 서브넷에 조인합니다.Joins resource such as storage account or SQL database to a subnet. 경고할 수 없습니다.Not alertable.
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft .Sql/locations/administratorAzureAsyncOperation/readMicrosoft.Sql/locations/administratorAzureAsyncOperation/read Azure async 관리자 작업 결과의 관리 되는 인스턴스를 가져옵니다.Gets the Managed instance azure async administrator operations result.
Microsoft .Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft .Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft .Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft .Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft .Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft .Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* SQL 서버 감사 설정 만들기 및 관리Create and manage SQL server auditing setting
Microsoft .Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 지정된 서버에 구성된 확장 서버 Blob 감사 정책의 세부 정보를 검색합니다.Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft .Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* SQL 서버 데이터베이스 감사 설정 만들기 및 관리Create and manage SQL server database auditing settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 데이터베이스 blob 감사 레코드를 검색합니다.Retrieve the database blob audit records
Microsoft .Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft .Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* SQL 서버 데이터베이스 데이터 마스킹 정책 만들기 및 관리Create and manage SQL server database data masking policies
Microsoft .Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 지정된 데이터베이스에 구성된 확장 Blob 감사 정책의 세부 정보를 검색합니다.Retrieve details of the extended blob auditing policy configured on a given database
Microsoft .sql/servers/databases/readMicrosoft.Sql/servers/databases/read 데이터베이스 목록을 가져오거나 지정된 데이터베이스에 대한 속성을 가져옵니다.Return the list of databases or gets the properties for the specified database.
Microsoft .Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft .sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 데이터베이스 스키마를 가져옵니다.Get a database schema.
Microsoft .sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 데이터베이스 열을 가져옵니다.Get a database column.
Microsoft .Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 데이터베이스 테이블을 가져옵니다.Get a database table.
Microsoft .Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* SQL 서버 데이터베이스 보안 경고 정책 만들기 및 관리Create and manage SQL server database security alert policies
Microsoft .Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* SQL 서버 데이터베이스 보안 메트릭 만들기 및 관리Create and manage SQL server database security metrics
Microsoft .Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft .Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft .Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft .Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft .sql/servers/readMicrosoft.Sql/servers/read 서버 목록을 가져오거나 지정된 서버에 대한 속성을 가져옵니다.Return the list of servers or gets the properties for the specified server.
Microsoft .Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* SQL 서버 보안 경고 정책 만들기 및 관리Create and manage SQL server security alert policies
Microsoft .Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft .Sql/servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
Microsoft .Sql/managedInstances/readMicrosoft.Sql/managedInstances/read 관리되는 인스턴스 목록을 반환하거나 지정된 관리되는 인스턴스에 대한 속성을 가져옵니다.Return the list of managed instances or gets the properties for the specified managed instance.
Microsoft .Sql/managedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft. Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/*
Microsoft .Sql/managedInstances/administrators/readMicrosoft.Sql/managedInstances/administrators/read 관리되는 인스턴스 관리자 목록을 가져옵니다.Gets a list of managed instance administrators.
Microsoft .sql/servers/administrators/readMicrosoft.Sql/servers/administrators/read 특정 Azure Active Directory 관리자 개체를 가져옵니다.Gets a specific Azure Active Directory administrator object
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/administrators/read",
        "Microsoft.Sql/servers/administrators/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Server 참가자SQL Server Contributor

SQL Server 및 데이터베이스를 관리할 수 있지만 액세스할 수는 없으며, 해당하는 보안 관련 정책에도 액세스할 수 없습니다.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft .sql/locations/*/읽기Microsoft.Sql/locations/*/read
Microsoft .sql/servers/*Microsoft.Sql/servers/* SQL 서버 만들기 및 관리Create and manage SQL servers
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 메트릭 읽기Read metrics
Microsoft Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 메트릭 정의 읽기Read metric definitions
NotActionsNotActions
Microsoft .Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft .Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft .Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft .Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft .Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft .Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft .Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* SQL 서버 감사 설정 편집Edit SQL server auditing settings
Microsoft .Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* SQL 서버 데이터베이스 감사 설정 편집Edit SQL server database auditing settings
Microsoft .Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 데이터베이스 blob 감사 레코드를 검색합니다.Retrieve the database blob audit records
Microsoft .Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft .Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* SQL 서버 데이터베이스 데이터 마스킹 정책 편집Edit SQL server database data masking policies
Microsoft .Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft .Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft .Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft .Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* SQL 서버 데이터베이스 보안 경고 정책 편집Edit SQL server database security alert policies
Microsoft .Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* SQL 서버 데이터베이스 보안 메트릭 편집Edit SQL server database security metrics
Microsoft .Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft .Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft .Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft .Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft .Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* SQL 서버 보안 경고 정책 편집Edit SQL server security alert policies
Microsoft .Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft .Sql/servers/azureADOnlyAuthentications/deleteMicrosoft.Sql/servers/azureADOnlyAuthentications/delete 인증 개체만 Azure Active Directory 특정 서버를 삭제 합니다.Deletes a specific server Azure Active Directory only authentication object
Microsoft .Sql/servers/azureADOnlyAuthentications/writeMicrosoft.Sql/servers/azureADOnlyAuthentications/write 특정 서버 Azure Active Directory 인증 개체만 추가 하거나 업데이트 합니다.Adds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

분석Analytics

Azure Event Hubs 데이터 소유자Azure Event Hubs Data Owner

Azure Event Hubs 리소스에 대한 전체 액세스를 허용합니다.Allows for full access to Azure Event Hubs resources. 자세한 정보Learn more

동작Actions 설명Description
Microsoft EventHub/*Microsoft.EventHub/*
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs 데이터 받는 사람Azure Event Hubs Data Receiver

Azure Event Hubs 리소스에 대한 받기 액세스 권한을 허용합니다.Allows receive access to Azure Event Hubs resources. 자세한 정보Learn more

동작Actions 설명Description
Microsoft EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Event Hubs 데이터 보내는 사람Azure Event Hubs Data Sender

Azure Event Hubs 리소스에 대한 보내기 액세스 권한을 허용합니다.Allows send access to Azure Event Hubs resources. 자세한 정보Learn more

동작Actions 설명Description
Microsoft EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Factory 참가자Data Factory Contributor

데이터 팩터리를 만들고 관리하며 해당 하위 리소스도 만들고 관리합니다.Create and manage data factories, as well as child resources within them. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* 데이터 팩터리 및 그 안에 포함된 자식 리소스를 만들고 관리합니다.Create and manage data factories, and child resources within them.
DataFactory/factories/*Microsoft.DataFactory/factories/* 데이터 팩터리 및 그 안에 포함된 자식 리소스를 만들고 관리합니다.Create and manage data factories, and child resources within them.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
Microsoft EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write eventSubscription을 만들거나 업데이트합니다.Create or update an eventSubscription
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

데이터 제거자Data Purger

분석 데이터를 제거할 수 있습니다. 자세히 알아보세요 .Can purge analytics data Learn more

동작Actions 설명Description
Microsoft Insights/components/*/읽기Microsoft.Insights/components/*/read
Microsoft Insights/components/purge/actionMicrosoft.Insights/components/purge/action Application Insights에서 데이터 삭제Purging data from Application Insights
OperationalInsights/workspaces/*/읽기Microsoft.OperationalInsights/workspaces/*/read 로그 분석 데이터를 봅니다.View log analytics data
OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action 작업 영역에서 지정된 데이터를 삭제합니다.Delete specified data from workspace
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 클러스터 운영자HDInsight Cluster Operator

HDInsight 클러스터 구성을 읽고 수정할 수 있습니다.Lets you read and modify HDInsight cluster configurations. 자세한 정보Learn more

동작Actions 설명Description
Microsoft HDInsight/*/읽기Microsoft.HDInsight/*/read
Microsoft HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action HDInsight 클러스터에 대한 게이트웨이 설정을 가져옵니다.Get gateway settings for HDInsight Cluster
Microsoft HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action HDInsight 클러스터에 대한 게이트웨이 설정을 업데이트합니다.Update gateway settings for HDInsight Cluster
Microsoft HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
/Deployments/operations/readMicrosoft.Resources/deployments/operations/read 배포 작업을 가져오거나 나열합니다.Gets or lists deployment operations.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 도메인 서비스 기여자HDInsight Domain Services Contributor

HDInsight에 필요한 도메인 서비스 관련 작업을 읽고, 만들고, 수정 하 고, 삭제할 수 Enterprise Security Package 자세한 정보Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

동작Actions 설명Description
MICROSOFT AAD/*/읽기Microsoft.AAD/*/read
/DomainServices/*/읽기Microsoft.AAD/domainServices/*/read
/DomainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 참가자Log Analytics Contributor

Log Analytics 참가자는 모든 모니터링 데이터를 읽고 모니터링 설정을 편집할 수 있습니다.Log Analytics Contributor can read all monitoring data and edit monitoring settings. 모니터링 설정 편집에는 VM에 VM 확장 추가, Azure Storage에서 로그 컬렉션을 구성할 수 있는 스토리지 계정 키 읽기, Automation 계정 생성 및 구성, 솔루션 추가 및 모든 Azure 리소스에 대한 Azure 진단을 구성하는 기능도 포함되어 있습니다.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 자세한 정보Learn more

동작Actions 설명Description
*/read*/read 암호를 제외한 모든 유형의 리소스를 읽습니다.Read resources of all types, except secrets.
/AutomationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.classiccompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 스토리지 계정의 액세스 키를 나열합니다.Lists the access keys for the storage accounts.
/VirtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write Azure Arc 확장을 설치 또는 업데이트합니다.Installs or Updates an Azure Arc extensions
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Analysis Server에 대한 진단 설정 생성, 업데이트 및 읽기Creates, updates, or reads the diagnostic setting for Analysis Server
OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.operationsmanagement/*Microsoft.OperationsManagement/*
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 지정된 스토리지 계정에 대한 액세스 키를 반환합니다.Returns the access keys for the specified storage account.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 독자Log Analytics Reader

Log Analytics 독자는 모든 Azure 리소스에 대한 Azure 진단의 구성 보기를 비롯하여 모니터링 설정 보기 및 모든 모니터링 데이터를 보고 검색할 수 있습니다.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 자세한 정보Learn more

동작Actions 설명Description
*/read*/read 암호를 제외한 모든 유형의 리소스를 읽습니다.Read resources of all types, except secrets.
OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 새 엔진을 사용하여 검색합니다.Search using new engine.
OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 검색 쿼리를 실행합니다.Executes a search query
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read 작업 영역에 대한 공유 키를 검색합니다.Retrieves the shared keys for the workspace. 이러한 키는 Microsoft Operational Insights 에이전트를 작업 영역에 연결하는 데 사용됩니다.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

부서의 범위 Data 큐레이터Purview Data Curator

부서의 범위 데이터 큐레이터는 카탈로그 데이터 개체를 만들고, 읽고, 수정 하 고, 삭제 하 고, 개체 간의 관계를 설정할 수 있습니다.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change.

동작Actions 설명Description
부서의 범위/accounts/readMicrosoft.Purview/accounts/read Microsoft 부서의 범위 provider에 대 한 계정 리소스를 읽습니다.Read account resource for Microsoft Purview provider.
NotActionsNotActions
없음none
DataActionsDataActions
부서의 범위/accounts/data/readMicrosoft.Purview/accounts/data/read 데이터 개체를 읽습니다.Read data objects.
부서의 범위/accounts/data/writeMicrosoft.Purview/accounts/data/write 데이터 개체를 만들고, 업데이트 하 고, 삭제 합니다.Create, update and delete data objects.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

부서의 범위 데이터 판독기Purview Data Reader

부서의 범위 데이터 판독기는 카탈로그 데이터 개체를 읽을 수 있습니다.The Microsoft.Purview data reader can read catalog data objects. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change.

동작Actions 설명Description
부서의 범위/accounts/readMicrosoft.Purview/accounts/read Microsoft 부서의 범위 provider에 대 한 계정 리소스를 읽습니다.Read account resource for Microsoft Purview provider.
NotActionsNotActions
없음none
DataActionsDataActions
부서의 범위/accounts/data/readMicrosoft.Purview/accounts/data/read 데이터 개체를 읽습니다.Read data objects.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

부서의 범위 데이터 원본 관리자Purview Data Source Administrator

부서의 범위 데이터 원본 관리자는 데이터 원본 및 데이터 검색을 관리할 수 있습니다.The Microsoft.Purview data source administrator can manage data sources and data scans. 이 역할은 미리 보기 상태 이며 변경 될 수 있습니다.This role is in preview and subject to change.

동작Actions 설명Description
부서의 범위/accounts/readMicrosoft.Purview/accounts/read Microsoft 부서의 범위 provider에 대 한 계정 리소스를 읽습니다.Read account resource for Microsoft Purview provider.
NotActionsNotActions
없음none
DataActionsDataActions
부서의 범위/accounts/scan/readMicrosoft.Purview/accounts/scan/read 데이터 원본 및 검색을 읽습니다.Read data sources and scans.
부서의 범위/accounts/scan/writeMicrosoft.Purview/accounts/scan/write 데이터 원본을 만들고, 업데이트 하 고, 삭제 하며 검색을 관리 합니다.Create, update and delete data sources and manage scans.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

스키마 레지스트리 기여자(미리 보기)Schema Registry Contributor (Preview)

스키마 레지스트리 그룹 및 스키마를 읽고, 쓰고, 삭제합니다.Read, write, and delete Schema Registry groups and schemas.

동작Actions 설명Description
Microsoft. EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft. EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

스키마 레지스트리 판독기(미리 보기)Schema Registry Reader (Preview)

스키마 레지스트리 그룹 및 스키마를 읽고 나열합니다.Read and list Schema Registry groups and schemas.

동작Actions 설명Description
Microsoft EventHub/namespaces/schemagroups/readMicrosoft.EventHub/namespaces/schemagroups/read SchemaGroup 리소스 설명 목록을 가져옵니다.Get list of SchemaGroup Resource Descriptions
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft EventHub/namespaces/schemas/readMicrosoft.EventHub/namespaces/schemas/read 스키마 검색Retrieve schemas
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

블록체인Blockchain

블록체인 멤버 노드 액세스(미리 보기)Blockchain Member Node Access (Preview)

블록 체인 멤버 노드에 대 한 액세스를 허용 합니다.Allows for access to Blockchain Member nodes Learn more

동작Actions 설명Description
Microsoft Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read 기존 블록체인 멤버 트랜잭션 노드를 가져오거나 나열합니다.Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
없음none
DataActionsDataActions
Microsoft Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action 블록체인 멤버 트랜잭션 노드에 연결합니다.Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AI + 기계 학습AI + machine learning

Cognitive Services 기여자Cognitive Services Contributor

Cognitive Services의 키를 만들고, 읽고, 업데이트하고, 삭제 및 관리할 수 있습니다.Lets you create, read, update, delete and manage keys of Cognitive Services. 자세한 정보Learn more

동작Actions 설명Description
Microsoft 권한 부여/*/읽기Microsoft.Authorization/*/read 역할 및 역할 할당 읽기Read roles and role assignments
Cognitiveservices account/*Microsoft.CognitiveServices/*
/Features/readMicrosoft.Features/features/read 구독 기능을 가져옵니다.Gets the features of a subscription.
/Providers/features/readMicrosoft.Features/providers/features/read 지정된 리소스 공급자에서 구독의 기능을 가져옵니다.Gets the feature of a subscription in a given resource provider.
Microsoft Insights/alertRules/*Microsoft.Insights/alertRules/* 클래식 메트릭 경고를 만들고 관리합니다.Create and manage a classic metric alert
Microsoft Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Analysis Server에 대한 진단 설정 생성, 업데이트 및 읽기Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 로그 정의 읽기Read log definitions
Microsoft Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 메트릭 정의 읽기Read metric definitions
Microsoft Insights/metrics/readMicrosoft.Insights/metrics/read 메트릭 읽기Read metrics
Microsoft ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 지정된 범위의 모든 리소스에 대한 가용성 상태를 가져옵니다.Gets the availability statuses for all resources in the specified scope
/Deployments/*Microsoft.Resources/deployments/* 배포를 만들고 관리합니다.Create and manage a deployment
/Deployments/operations/readMicrosoft.Resources/deployments/operations/read 배포 작업을 가져오거나 나열합니다.Gets or lists deployment operations.
/Subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 구독 작업 결과를 가져옵니다.Get the subscription operation results.
/Subscriptions/readMicrosoft.Resources/subscriptions/read 구독 목록을 가져옵니다.Gets the list of subscriptions.
/Subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
/Subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 리소스 그룹을 가져오거나 나열합니다.Gets or lists resource groups.
Microsoft 지원/*Microsoft.Support/* 지원 티켓을 만들거나 업데이트합니다.Create and update a support ticket
NotActionsNotActions
없음none
DataActionsDataActions
없음none
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Custom Vision 기여자Cognitive Services Custom Vision Contributor

프로젝트를 보거나, 만들거나, 편집 하거나, 삭제할 수 있는 기능을 포함 하 여 프로젝트에 대 한 모든 권한을 제공 합니다.Full access to the project, including the ability to view, create, edit, or delete projects. 자세한 정보Learn more

동작Actions 설명Description
Cognitiveservices account/*/읽기Microsoft.CognitiveServices/*/read
NotActionsNotActions
없음none
DataActionsDataActions
Cognitiveservices account/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActionsNotDataActions
없음none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Custom Vision 배포Cognitive Services Custom Vision Deployment

모델 게시, 게시 취소 또는 내보내기Publish, unpublish or export models. 배포에서 프로젝트를 볼 수는 있지만 업데이트할 수는 없습니다.Deployment can view the project but can't update. 자세한 정보Learn more

동작Actions 설명Description
Cognitiveservices account/*/읽기Microsoft.CognitiveServices/*/read
NotActionsNotActions
없음none
DataActionsDataActions
Cognitiveservices account/accounts/CustomVision/*/읽기Microsoft.CognitiveServices/accounts/CustomVision/*/read
Cognitiveservices account/accounts/CustomVision/projects/predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Cognitiveservices account/accounts/CustomVision/projects/iterations/publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Cognitiveservices account/accounts/CustomVision/projects/iterations/export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Cognitiveservices account/accounts/CustomVision/projects/quicktest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Cognitiveservices account/accounts/CustomVision/classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Cognitiveservices account/accounts/CustomVision/detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActionsNotDataActions
Cognitiveservices account/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read 프로젝트를 내보냅니다.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Custom Vision LabelerCognitive Services Custom Vision Labeler

이미지 태그를 보고 편집 하며 이미지 태그를 만들거나 추가, 제거 또는 삭제 합니다.View, edit training images and create, add, remove, or delete the image tags. Labelers는 프로젝트를 볼 수 있지만 학습 이미지 및 태그 이외의 항목을 업데이트할 수 없습니다.Labelers can view the project but can't update anything other than training images and tags. 자세한 정보Learn more

동작Actions 설명Description
Cognitiveservices account/*/읽기Microsoft.CognitiveServices/*/read
NotActionsNotActions
없음none
DataActionsDataActions
Cognitiveservices account/accounts/CustomVision/*/읽기Microsoft.CognitiveServices/accounts/CustomVision/*/read
Cognitiveservices account/accounts/CustomVision/projects/predictions/query/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 예측 끝점으로 전송 된 이미지를 가져옵니다.Get images that were sent to your prediction endpoint.
Cognitiveservices account/accounts/CustomVision/projects/images/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*
Cognitiveservices account/accounts/CustomVision/projects/tags/*Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*
Cognitiveservices account/accounts/CustomVision/projects/images/suggested/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*
Cognitiveservices account/accounts/CustomVision/projects/tagsandregions/suggestions/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action 이 API는 태그에 대 한 confidences와 함께 태그가 없는 이미지의 배열/일괄 처리에 대 한 제안 된 태그 및 영역을 가져옵니다.This API will get suggested tags and regions for an array/batch of untagged images along with confidences for the tags. 태그를 찾을 수 없는 경우 빈 배열을 반환 합니다.It returns an empty array if no tags are found.
NotDataActionsNotDataActions
Cognitiveservices account/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read 프로젝트를 내보냅니다.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Custom Vision 판독기Cognitive Services Custom Vision Reader

프로젝트의 읽기 전용 작업입니다.Read-only actions in the project. 판독기에서 프로젝트를 만들거나 업데이트할 수 없습니다.Readers can't create or update the project. 자세한 정보Learn more

동작Actions 설명Description
Cognitiveservices account/*/읽기Microsoft.CognitiveServices/*/read
NotActionsNotActions
없음none
DataActionsDataActions
Cognitiveservices account/accounts/CustomVision/*/읽기Microsoft.CognitiveServices/accounts/CustomVision/*/read
Cognitiveservices account/accounts/CustomVision/projects/predictions/query/actionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action 예측 끝점으로 전송 된 이미지를 가져옵니다.Get images that were sent to your prediction endpoint.
NotDataActionsNotDataActions
Cognitiveservices account/accounts/CustomVision/projects/export/readMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read 프로젝트를 내보냅니다.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only actions in the project. Readers can't create or update the project.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "name": "93586559-c37d-4a6b-ba08-b9f0940c2d73",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cognitive Services Custom Vision 교육 담당자Cognitive Services Custom Vision Trainer

모델을 게시, 게시 취소, 내보내는 기능을 포함 하 여 프로젝트를 보고 편집 하 고 모델을 학습 합니다.View, edit projects and train the models, including the ability to publish, unpublish, export the models. 강사는 프로젝트를 만들거나 삭제할 수 없습니다.Trainers can't create or delete the project. 자세한 정보