Funções internas do AzureAzure built-in roles

O controle de acesso baseado em função do Azure (RBAC do Azure) tem várias funções internas do Azure que você pode atribuir a usuários, grupos, entidades de serviço e identidades gerenciadas.Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. Atribuições de função são a maneira de controlar o acesso aos recursos do Azure.Role assignments are the way you control access to Azure resources. Se as funções internas não atenderem às necessidades específicas de sua organização, você poderá criar funções personalizadas do Azure próprias.If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

Este artigo lista as funções internas do Azure, que estão sempre em evolução.This article lists the Azure built-in roles, which are always evolving. Para obter as funções mais recentes, use Get-AzRoleDefinition ou az role definition list.To get the latest roles, use Get-AzRoleDefinition or az role definition list. Se você estiver procurando por funções de administrador para Azure Active Directory (AD do Azure), confira Permissões de função de administrador no Azure Active Directory.If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

A tabela a seguir fornece uma breve descrição e a ID exclusiva de cada função interna.The following table provides a brief description and the unique ID of each built-in role. Clique no nome de função para ver a lista de Actions, NotActions, DataActions e NotDataActions para cada função.Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. Para obter informações sobre o que essas ações significam e como elas se aplicam aos planos de gerenciamento e de dados, consulte Entender as definições de função do Azure.For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

TodosAll

Função internaBuilt-in role DescriçãoDescription IDID
GeralGeneral
ColaboradorContributor Concede acesso completo para gerenciar todos os recursos, mas não permite que você atribua funções no RBAC do Azure, gerencie atribuições em plantas do Azure ou compartilhe galerias de imagens.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
ProprietárioOwner Concede acesso completo para gerenciar todos os recursos, incluindo a capacidade de atribuir funções no RBAC do Azure.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
LeitorReader Exibir todos os recursos, mas não permite que você faça nenhuma alteração.View all resources, but does not allow you to make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
Administrador de Acesso do UsuárioUser Access Administrator Permite que você gerencie o acesso do usuário aos recursos do Azure.Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
ComputaçãoCompute
Colaborador de Máquina Virtual ClássicaClassic Virtual Machine Contributor Permite gerenciar máquinas virtuais clássicas, mas não o acesso a elas, nem à rede virtual ou conta de armazenamento à qual estão conectadas.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
Logon de administrador da Máquina VirtualVirtual Machine Administrator Login Máquinas Virtuais do Microsoft Azure no portal e logon como administradorView Virtual Machines in the portal and login as administrator 1c0163c0-47E6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
Colaborador de Máquina VirtualVirtual Machine Contributor Permite gerenciar máquinas virtuais, mas não o acesso a elas, nem à rede virtual ou conta de armazenamento à qual estão conectadas.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
Logon de usuário da Máquina VirtualVirtual Machine User Login Visualize as Máquinas Virtuais do Microsoft Azure no portal e faça logon como usuário.View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
RedeNetworking
Colaborador de ponto de extremidade de CDNCDN Endpoint Contributor Pode gerenciar os pontos de extremidade de CDN, mas não pode conceder acesso a outros usuários.Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
Leitor de ponto de extremidade de CDNCDN Endpoint Reader Pode exibir os pontos de extremidade de CDN, mas não pode fazer alterações.Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
Colaborador de perfil de CDNCDN Profile Contributor Pode gerenciar os perfis de CDN e os respectivos pontos de extremidade, mas não pode conceder acesso a outros usuários.Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830C-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
Leitor de perfis de CDNCDN Profile Reader Pode exibir os perfis de CDN e os respectivos pontos de extremidade, mas não pode fazer alterações.Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
Colaborador de rede clássicaClassic Network Contributor Permite que você gerencie redes clássicas, mas não acessá-las.Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
Colaborador de zona DNSDNS Zone Contributor Permite gerenciar zonas DNS e conjuntos de registros no DNS do Azure, mas não permite controlar quem tem acesso a eles.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
Colaborador de redeNetwork Contributor Permite gerenciar redes, mas não acessá-las.Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
Colaborador de zona de DNS privadoPrivate DNS Zone Contributor Permite que você gerencie recursos de zona DNS privada, mas não as redes virtuais às quais eles estão vinculados.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. b12aa53e-6015-4669-85d0-8515ebb3ae7fb12aa53e-6015-4669-85d0-8515ebb3ae7f
Colaborador do Gerenciador de TráfegoTraffic Manager Contributor Permite gerenciar perfis do Gerenciador de Tráfego, mas não permite controlar quem tem acesso a eles.Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Colaborador do AvereAvere Contributor Pode criar e gerenciar um cluster do Avere vFXT.Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Operador do AvereAvere Operator Usado pelo cluster do Avere vFXT para gerenciar o clusterUsed by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Colaborador de BackupBackup Contributor Permite que você gerencie o serviço de backup, mas não pode criar cofres e fornecer acesso a outras pessoasLets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
Operador de BackupBackup Operator Permite que você gerencie serviços de backup, exceto a remoção de backup, a criação de cofres e o fornecimento de acesso a outras pessoasLets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815C-10b084fb932400c29273-979b-4161-815c-10b084fb9324
Leitor de BackupBackup Reader Pode exibir serviços de backup, mas não pode fazer alteraçõesCan view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
Colaborador da conta de armazenamento clássicaClassic Storage Account Contributor Permite que você gerencie contas de armazenamento clássico, mas não acessá-las.Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
Função do Serviço de Operador da Chave da Conta de Armazenamento ClássicaClassic Storage Account Key Operator Service Role Os Operadores da Chave da Conta de Armazenamento Clássica têm permissão para listar e regenerar chaves nas Contas de Armazenamento ClássicasClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
Colaborador do Data BoxData Box Contributor Permite que você gerencie tudo sob o serviço Data Box exceto fornecer acesso a outras pessoas.Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Leitor do Data BoxData Box Reader Permite que você gerencie o serviço do Azure Data Box, exceto a ordem de criação ou edição de detalhes do pedido e fornecer acesso a outras pessoas.Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Desenvolvedor do Data Lake AnalyticsData Lake Analytics Developer Permite enviar, monitorar e gerenciar seus próprios trabalhos, mas não criar nem excluir contas do Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
Acesso a Dados e LeitorReader and Data Access Permite que você exiba tudo, mas não permitirá que exclua ou crie uma conta de armazenamento ou um recurso contido.Lets you view everything but will not let you delete or create a storage account or contained resource. Ele também permitirá o acesso de leitura/gravação a todos os dados contidos em uma conta de armazenamento por meio de acesso às chaves de conta de armazenamento.It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Colaborador da Conta de ArmazenamentoStorage Account Contributor Permite o gerenciamento de contas de armazenamento.Permits management of storage accounts. Fornece acesso à chave de conta, que pode ser usada para acessar dados por meio de autorização de chave compartilhada.Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
Função do Serviço de Operador da Chave da Conta de ArmazenamentoStorage Account Key Operator Service Role Permite listar e regenerar chaves de acesso da conta de armazenamento.Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
Colaborador de dados de blob de armazenamentoStorage Blob Data Contributor Ler, gravar e excluir contêineres e blobs de Armazenamento do Azure.Read, write, and delete Azure Storage containers and blobs. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
Proprietário de Dados do Blob de ArmazenamentoStorage Blob Data Owner Fornece acesso completo aos dados e contêineres de blob do Armazenamento do Azure, incluindo a atribuição de controle de acesso POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
Leitor de Dados do Blob de ArmazenamentoStorage Blob Data Reader Leia e liste contêineres e blobs do Armazenamento do Azure.Read and list Azure Storage containers and blobs. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
Delegador de blob de armazenamentoStorage Blob Delegator Obtenha uma chave de delegação de usuário, que pode ser usada para criar uma assinatura de acesso compartilhado para um contêiner ou blob que é assinado com as credenciais do Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Para obter mais informações, consulte Criar uma SAS de delegação de usuário.For more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
Colaborador de compartilhamento SMB de dados de arquivo de armazenamentoStorage File Data SMB Share Contributor Permite o acesso de leitura, gravação e exclusão em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Essa função não tem equivalente interno nos servidores de arquivos do Windows.This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
Colaborador elevado de compartilhamento SMB de dados de arquivo de armazenamentoStorage File Data SMB Share Elevated Contributor Permite ler, gravar, excluir e modificar ACLs em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Essa função é equivalente a uma ACL de compartilhamento de arquivos de alteração em servidores de arquivos do Windows.This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
Leitor de compartilhamento SMB de dados de arquivo de armazenamentoStorage File Data SMB Share Reader Permite acesso de leitura em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read access on files/directories in Azure file shares. Essa função é equivalente a uma ACL de compartilhamento de arquivos de leitura em servidores de arquivos do Windows.This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
Colaborador de dados da fila de armazenamentoStorage Queue Data Contributor Lê, grava e exclui filas do Armazenamento do Azure e mensagens da fila.Read, write, and delete Azure Storage queues and queue messages. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
Processador de mensagens de dados da fila de armazenamentoStorage Queue Data Message Processor Espia, recupera e exclui uma mensagem de uma fila de armazenamento do Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
Remetente da mensagem de dados da fila de armazenamentoStorage Queue Data Message Sender Adiciona mensagens a uma fila de Armazenamento do Azure.Add messages to an Azure Storage queue. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
Leitor de dados da fila de armazenamentoStorage Queue Data Reader Lê e lista as filas do armazenamento do Azure e as mensagens da fila.Read and list Azure Storage queues and queue messages. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Colaborador de dados do Azure MapsAzure Maps Data Contributor Concede acesso ao acesso de leitura, gravação e exclusão para mapear dados relacionados de uma conta do Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. 8f5e0ce6-4f7b-4dcf-bddf-e6f48634a2048f5e0ce6-4f7b-4dcf-bddf-e6f48634a204
Leitor de dados do Azure MapasAzure Maps Data Reader Concede acesso para ler dados relacionados ao mapa de uma conta do Azure Mapas.Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Colaborador do Serviço de PesquisaSearch Service Contributor Permite gerenciar serviços de pesquisa, mas não acessá-las.Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Leitor de AccessKey do signalrSignalR AccessKey Reader Ler chaves de acesso do serviço SignalrRead SignalR Service Access Keys 04165923-9d83-45d5-8227-78b77b0a687e04165923-9d83-45d5-8227-78b77b0a687e
Servidor de aplicativo signalr (visualização)SignalR App Server (Preview) Permite que o servidor de aplicativos acesse o serviço de Signaler com opções de autenticação do AAD.Lets your app server access SignalR Service with AAD auth options. 420fcaa2-552c-430f-98ca-3264be4806c7420fcaa2-552c-430f-98ca-3264be4806c7
Colaborador do signalrSignalR Contributor Criar, ler, atualizar e excluir recursos do serviço SignalrCreate, Read, Update, and Delete SignalR service resources 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c27618cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761
Colaborador sem servidor do signalr (versão prévia)SignalR Serverless Contributor (Preview) Permite que seu aplicativo acesse o serviço no modo sem servidor com opções de autenticação do AAD.Lets your app access service in serverless mode with AAD auth options. fd53cd77-2268-407a-8f46-7e7863d0f521fd53cd77-2268-407a-8f46-7e7863d0f521
Proprietário do serviço signalr (versão prévia)SignalR Service Owner (Preview) Acesso completo às APIs REST do serviço de Signaler do AzureFull access to Azure SignalR Service REST APIs 7e4f1700-ea5a-4f59-8f37-079cfe29dce37e4f1700-ea5a-4f59-8f37-079cfe29dce3
Leitor de serviço do signalr (visualização)SignalR Service Reader (Preview) Acesso somente leitura às APIs REST do serviço de Signaler do AzureRead-only access to Azure SignalR Service REST APIs ddde6b66-c0df-4114-a159-3618637b3035ddde6b66-c0df-4114-a159-3618637b3035
Colaborador do Plano de WebWeb Plan Contributor Permite gerenciar os planos da Web para sites, mas não o acesso a eles.Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
Colaborador do SiteWebsite Contributor Permite gerenciar sites (não planos da Web), mas não acessá-los.Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
ContêineresContainers
AcrDeleteAcrDelete acr deleteacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner signatário de imagem ACRacr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull acr pullacr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush acr pushacr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader leitor de dados de quarentena acracr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter gravador de dados de quarentena acracr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Função de Administrador do Cluster do Serviço de Kubernetes do AzureAzure Kubernetes Service Cluster Admin Role Liste a ação de credencial de administrador de cluster.List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Função de Usuário do Cluster do Serviço de Kubernetes do AzureAzure Kubernetes Service Cluster User Role Liste a ação de credencial de usuário de cluster.List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Função colaborador do serviço kubernetes do AzureAzure Kubernetes Service Contributor Role Concede acesso para ler e gravar clusters do serviço kubernetes do AzureGrants access to read and write Azure Kubernetes Service clusters ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8
Administrador de RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Admin Permite que você gerencie todos os recursos em cluster/namespace, exceto atualizar ou excluir cotas de recursos e namespaces.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. 3498e952-d568-435e-9b2c-8d77e338d7f73498e952-d568-435e-9b2c-8d77e338d7f7
Administrador de cluster do RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Cluster Admin Permite que você gerencie todos os recursos no cluster.Lets you manage all resources in the cluster. b1ff04bb-8a4e-4dc4-8eb5-8693973ce19bb1ff04bb-8a4e-4dc4-8eb5-8693973ce19b
Leitor de RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Reader Permite acesso somente leitura para ver a maioria dos objetos em um namespace.Allows read-only access to see most objects in a namespace. Ele não permite a exibição de funções ou associações de função.It does not allow viewing roles or role bindings. Essa função não permite a exibição de segredos, pois a leitura do conteúdo de segredos permite o acesso a credenciais de uma conta no namespace, o que permitiria o acesso à API como qualquer uma das contas no namespace (uma forma de elevação de privilégio).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). A aplicação dessa função no escopo do cluster fornecerá acesso em todos os namespaces.Applying this role at cluster scope will give access across all namespaces. 7f6c6a51-bcf8-42ba-9220-52d62157d7db7f6c6a51-bcf8-42ba-9220-52d62157d7db
Gravador RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Writer Permite acesso de leitura/gravação à maioria dos objetos em um namespace. Essa função não permite exibir ou modificar funções ou associações de função.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. No entanto, essa função permite acessar segredos e executar pods como qualquer uma das contas no namespace, para que possa ser usada para obter os níveis de acesso de API de qualquer conta no namespace.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. A aplicação dessa função no escopo do cluster fornecerá acesso em todos os namespaces.Applying this role at cluster scope will give access across all namespaces. a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eba7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb
Bancos de dadosDatabases
Função de leitor de conta do Cosmos DBCosmos DB Account Reader Role Pode ler dados de contas do Azure Cosmos DB.Can read Azure Cosmos DB account data. Consulte Colaborador de conta do DocumentDB para gerenciar contas do Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Operador de Cosmos DBCosmos DB Operator Permite que você gerencie contas do Azure Cosmos DB, mas não acesse os dados nelas.Lets you manage Azure Cosmos DB accounts, but not access data in them. Impede o acesso a chaves de conta e cadeias de conexão.Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator Pode enviar solicitação de restauração de um banco de dados Cosmos DB ou de um contêiner em uma contaCan submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
CosmosRestoreOperatorCosmosRestoreOperator É possível executar a ação de restauração para Cosmos DB conta de banco de dados com o modo de backup contínuoCan perform restore action for Cosmos DB database account with continuous backup mode 5432c526-bc82-444a-b7ba-57c5b0b5b34f5432c526-bc82-444a-b7ba-57c5b0b5b34f
Colaborador de Conta do DocumentDBDocumentDB Account Contributor Pode gerenciar contas do Azure Cosmos DB.Can manage Azure Cosmos DB accounts. O Azure Cosmos DB era anteriormente conhecido como DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Colaborador do Cache RedisRedis Cache Contributor Permite gerenciar caches Redis, mas não acessá-los.Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ED-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
Colaborador do banco de dados SQLSQL DB Contributor Permite gerenciar Bancos de Dados SQL, mas não acessá-los.Lets you manage SQL databases, but not access to them. Além disso, não é possível gerenciar as políticas relacionadas à segurança ou respectivos servidores SQL pai.Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
Colaborador da instância gerenciada do SQLSQL Managed Instance Contributor Permite que você gerencie instâncias gerenciadas do SQL e a configuração de rede necessária, mas não pode conceder acesso a outras pessoas.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
Gerenciador de Segurança do SQLSQL Security Manager Permite você gerenciar as políticas relacionadas à segurança de servidores e bancos de dados SQL, mas não acessá-los.Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
Colaborador do SQL ServerSQL Server Contributor Permite gerenciar servidores e bancos de dados SQL, mas não acessá-los, nem as políticas relacionadas à segurança.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
AnalyticsAnalytics
Proprietário de dados dos Hubs de Eventos do AzureAzure Event Hubs Data Owner Permite acesso completo aos recursos dos Hubs de Eventos do Azure.Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Receptor de dados dos Hubs de Eventos do AzureAzure Event Hubs Data Receiver Permite acesso de recebimento aos recursos dos Hubs de Eventos do Azure.Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Remetente de dados dos Hubs de Eventos do AzureAzure Event Hubs Data Sender Permite acesso de envio aos recursos dos Hubs de Eventos do Azure.Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Colaborador da fábrica de dadosData Factory Contributor Cria e gerencia data factories, assim como os recursos filhos neles.Create and manage data factories, as well as child resources within them. 673868aa-7521-48A0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Limpador de DadosData Purger Exclua dados privados de um espaço de trabalho Log Analytics.Delete private data from a Log Analytics workspace. 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
Operador de Cluster do HDInsightHDInsight Cluster Operator Permite que você leia e modifique as configurações de cluster do HDInsight.Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
Colaborador dos serviços de domínio do HDInsightHDInsight Domain Services Contributor Pode ler, criar, modificar e excluir operações relacionadas aos serviços de domínio necessárias para o Enterprise Security Package do HDInsightCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Colaborador do Log AnalyticsLog Analytics Contributor O Colaborador do Log Analytics pode ler todos os dados de monitoramento e editar as configurações de monitoramento.Log Analytics Contributor can read all monitoring data and edit monitoring settings. A edição das configurações de monitoramento inclui a adição da extensão da VM às VMs, leitura das chaves da conta de armazenamento para poder configurar a coleção de logs do Armazenamento do Microsoft Azure, criação e configuração de contas de Automação, adição de soluções e configuração do diagnóstico do Azure em todos os recursos do Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Leitor do Log AnalyticsLog Analytics Reader Um Leitor do Log Analytics pode exibir e pesquisar todos os dados de monitoramento além de exibir as configurações de monitoramento, incluindo a exibição da configuração do diagnóstico do Azure em todos os recursos do Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
Curador de dados alcancePurview Data Curator O curador de dados Microsoft. alcance pode criar, ler, modificar e excluir objetos de dados de catálogo e estabelecer relações entre objetos.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change. 8a3c2885-9b38-4fd2-9d99-91af537c13478a3c2885-9b38-4fd2-9d99-91af537c1347
Leitor de dados do alcancePurview Data Reader O leitor de dados Microsoft. alcance pode ler objetos de dados do catálogo.The Microsoft.Purview data reader can read catalog data objects. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change. ff100721-1b9d-43d8-af52-42b69c1272dbff100721-1b9d-43d8-af52-42b69c1272db
Administrador de fonte de dados alcancePurview Data Source Administrator O administrador da fonte de dados Microsoft. alcance pode gerenciar fontes de dados e verificações de dados.The Microsoft.Purview data source administrator can manage data sources and data scans. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change. 200bba9e-f0c8-430f-892b-6f0794863803200bba9e-f0c8-430f-892b-6f0794863803
Colaborador do Registro de Esquema (Versão Prévia)Schema Registry Contributor (Preview) Ler, gravar e excluir grupos e esquemas do Registro de Esquema.Read, write, and delete Schema Registry groups and schemas. 5dffeca3-4936-4216-b2bc-10343a5abb255dffeca3-4936-4216-b2bc-10343a5abb25
Leitor do Registro de Esquema (Versão Prévia)Schema Registry Reader (Preview) Ler e listar os grupos e os esquemas do Registro de Esquema.Read and list Schema Registry groups and schemas. 2c56ea50-c6b3-40a6-83c0-9d98858bc7d22c56ea50-c6b3-40a6-83c0-9d98858bc7d2
BlockchainBlockchain
Acesso ao nó de membro Blockchain (versão prévia)Blockchain Member Node Access (Preview) Permite acesso a nós de Membro do BlockchainAllows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
IA + aprendizado de máquinaAI + machine learning
Colaborador dos Serviços CognitivosCognitive Services Contributor Permite criar, ler, atualizar, excluir e gerenciar chaves dos Serviços Cognitivos.Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
Visão Personalizada colaborador de serviços cognitivasCognitive Services Custom Vision Contributor Acesso completo ao projeto, incluindo a capacidade de exibir, criar, editar ou excluir projetos.Full access to the project, including the ability to view, create, edit, or delete projects. c1ff6cc2-C111-46fe-8896-e0ef812ad9f3c1ff6cc2-c111-46fe-8896-e0ef812ad9f3
Serviços cognitivas Visão Personalizada implantaçãoCognitive Services Custom Vision Deployment Publicar, cancelar publicação ou exportar modelos.Publish, unpublish or export models. A implantação pode exibir o projeto, mas não pode atualizar.Deployment can view the project but can't update. 5c4089e1-6d96-4d2f-b296-c1bc7137275f5c4089e1-6d96-4d2f-b296-c1bc7137275f
Serviços cognitivas Visão Personalizada LabelerCognitive Services Custom Vision Labeler Exiba, Edite imagens de treinamento e crie, adicione, remova ou exclua as marcas de imagem.View, edit training images and create, add, remove, or delete the image tags. Rotuladores podem exibir o projeto, mas não podem atualizar nada além de imagens e marcas de treinamento.Labelers can view the project but can't update anything other than training images and tags. 88424f51-ebe7-446f-bc41-7fa16989e96c88424f51-ebe7-446f-bc41-7fa16989e96c
Visão Personalizada leitor de serviços cognitivasCognitive Services Custom Vision Reader Ações somente leitura no projeto.Read-only actions in the project. Os leitores não podem criar nem atualizar o projeto.Readers can't create or update the project. 93586559-c37d-4a6b-BA08-b9f0940c2d7393586559-c37d-4a6b-ba08-b9f0940c2d73
Serviços cognitivas Visão Personalizada treinadorCognitive Services Custom Vision Trainer Exiba, edite projetos e treine os modelos, incluindo a capacidade de publicar, cancelar a publicação e exportar os modelos.View, edit projects and train the models, including the ability to publish, unpublish, export the models. Os treinadores não podem criar ou excluir o projeto.Trainers can't create or delete the project. 0a5ae4ab-0d65-4eeb-be61-29fc9b54394b0a5ae4ab-0d65-4eeb-be61-29fc9b54394b
Leitor de Dados de Serviços Cognitivos (Versão Prévia)Cognitive Services Data Reader (Preview) Permite que você leia os dados dos Serviços Cognitivos.Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
Administrador do Orientador de métricas de serviços cognitivasCognitive Services Metrics Advisor Administrator Acesso completo ao projeto, incluindo a configuração no nível do sistema.Full access to the project, including the system level configuration. cb43c632-a144-4ec5-977c-e80c4affc34acb43c632-a144-4ec5-977c-e80c4affc34a
Editor de QnA Maker de serviços cognitivasCognitive Services QnA Maker Editor Permite criar, editar, importar e exportar um KB.Let's you create, edit, import and export a KB. Não é possível publicar ou excluir um KB.You cannot publish or delete a KB. f4cc2bf9-21be-47a1-bdf1-5c5804381025f4cc2bf9-21be-47a1-bdf1-5c5804381025
QnA Maker leitor de serviços cognitivasCognitive Services QnA Maker Reader Vamos ler e testar apenas um KB.Let's you read and test a KB only. 466ccd10-b268-4a11-b098-b4849f024126466ccd10-b268-4a11-b098-b4849f024126
Usuário dos Serviços CognitivosCognitive Services User Permite ler e listar as chaves dos Serviços Cognitivos.Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Realidade misturadaMixed reality
Administrador de renderização remotoRemote Rendering Administrator Fornece ao usuário recursos de conversão, gerenciamento de sessão, renderização e diagnóstico para renderização remota do AzureProvides user with conversion, manage session, rendering and diagnostics capabilities for Azure Remote Rendering 3df8b902-2a6f-47c7-8cc5-360e9b272a7e3df8b902-2a6f-47c7-8cc5-360e9b272a7e
Cliente de renderização remotaRemote Rendering Client Fornece ao usuário recursos de gerenciamento de sessão, renderização e diagnóstico para a renderização remota do Azure.Provides user with manage session, rendering and diagnostics capabilities for Azure Remote Rendering. d39065c4-c120-43c9-ab0a-63eed9795f0ad39065c4-c120-43c9-ab0a-63eed9795f0a
Colaborador da conta de âncoras espaciaisSpatial Anchors Account Contributor Permite que você gerencie âncoras espaciais em sua conta, exceto excluí-lasLets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
Proprietário da conta das âncoras espaciaisSpatial Anchors Account Owner Permite gerenciar âncoras espaciais em sua conta, inclusive excluí-lasLets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
Leitor de conta de âncoras espaciaisSpatial Anchors Account Reader Permite localizar e ler propriedades de âncoras espaciais em sua contaLets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
IntegraçãoIntegration
Colaborador de serviço de gerenciamento de APIAPI Management Service Contributor Pode gerenciar o serviço e as APIsCan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
Função do operador de serviço de gerenciamento da APIAPI Management Service Operator Role Pode gerenciar serviços, mas não as APIsCan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
Função do leitor do serviço de gerenciamento da APIAPI Management Service Reader Role Acesso somente leitura ao serviço e APIsRead-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
Proprietário de dados da configuração de aplicativosApp Configuration Data Owner Permite o acesso completo aos dados de Configuração de Aplicativos.Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
Leitor de dados da configuração de aplicativosApp Configuration Data Reader Permite o acesso de leitura aos dados de Configuração de Aplicativos.Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Proprietário de dados do Barramento de Serviço do AzureAzure Service Bus Data Owner Permite acesso completo aos recursos do Barramento de Serviço do Azure.Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Receptor de dados do Barramento de Serviço do AzureAzure Service Bus Data Receiver Permite acesso de recebimento aos recursos do Barramento de Serviço do Azure.Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Remetente de dados do Barramento de Serviço do AzureAzure Service Bus Data Sender Permite o acesso de envio aos recursos do Barramento de Serviço do Azure.Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Proprietário de registro do Microsoft Azure StackAzure Stack Registration Owner Permite que você gerencie registros do Microsoft Azure Stack.Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
Colaborador de EventGrid EventSubscriptionEventGrid EventSubscription Contributor Permite que você gerencie operações de assinatura de evento EventGrid.Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
Leitor de EventGrid EventSubscriptionEventGrid EventSubscription Reader Permite que você gerencie operações de assinatura de evento EventGrid.Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Colaborador de dados do FHIRFHIR Data Contributor A função permite o acesso completo do usuário ou principal aos dados do FHIRRole allows user or principal full access to FHIR Data 5a1fc7df-4bf1-4951-a576-89034ee01acd5a1fc7df-4bf1-4951-a576-89034ee01acd
Exportador de dados FHIRFHIR Data Exporter A função permite que o usuário ou entidade de segurança Leia e exporte dados do FHIRRole allows user or principal to read and export FHIR Data 3db33094-8700-4567-8da5-1501d4e7e8433db33094-8700-4567-8da5-1501d4e7e843
Leitor de dados do FHIRFHIR Data Reader A função permite que o usuário ou a entidade de segurança Leia dados do FHIRRole allows user or principal to read FHIR Data 4c8d0bbc-75d3-4935-991f-5f3c56d815084c8d0bbc-75d3-4935-991f-5f3c56d81508
Gravador de dados FHIRFHIR Data Writer A função permite que o usuário ou a entidade de segurança Leia e grave dados do FHIRRole allows user or principal to read and write FHIR Data 3f88fce4-5892-4214-ae73-ba52945599133f88fce4-5892-4214-ae73-ba5294559913
Colaborador de Ambiente de Serviço de IntegraçãoIntegration Service Environment Contributor Permite que você gerencie ambientes de serviço de integração, mas não tem acesso a eles.Lets you manage integration service environments, but not access to them. a41e2c5b-bd99-4a07-88f4-9bf657a760b8a41e2c5b-bd99-4a07-88f4-9bf657a760b8
Ambiente de Serviço de Integração DeveloperIntegration Service Environment Developer Permite que os desenvolvedores criem e atualizem fluxos de trabalho, contas de integração e conexões de API em ambientes de serviço de integração.Allows developers to create and update workflows, integration accounts and API connections in integration service environments. c7aa55d3-1abb-444a-a5ca-5e51e485d6ecc7aa55d3-1abb-444a-a5ca-5e51e485d6ec
Colaborador de conta do sistemas inteligentesIntelligent Systems Account Contributor Permite gerenciar contas do Intelligent Systems, mas não acessá-las.Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
Colaborador de Aplicativo LógicoLogic App Contributor Permite o gerenciamento de aplicativos lógicos, mas você não pode alterar o acesso a eles.Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
Operador de Aplicativo LógicoLogic App Operator Permite a leitura, habilitação e desabilitação de aplicativos lógicos, mas você não pode editá-los ou atualizá-los.Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
IdentidadeIdentity
Colaborador de Identidade GerenciadaManaged Identity Contributor Criar, ler, atualizar e excluir a identidade atribuída pelo usuárioCreate, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
Operador de Identidade GerenciadaManaged Identity Operator Ler e atribuir identidade atribuída pelo usuárioRead and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
SegurançaSecurity
Colaborador de atestadoAttestation Contributor Pode ler gravar ou excluir a instância do provedor de atestadoCan read write or delete the attestation provider instance bbf86eb8-f7b4-4cce-96e4-18cddf81d86ebbf86eb8-f7b4-4cce-96e4-18cddf81d86e
Leitor de atestadoAttestation Reader Pode ler as propriedades do provedor de atestadoCan read the attestation provider properties fd1bd22b-8476-40bc-a0bc-69b95687b9f3fd1bd22b-8476-40bc-a0bc-69b95687b9f3
Colaborador do Azure SentinelAzure Sentinel Contributor Colaborador do Azure SentinelAzure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Leitor do Azure SentinelAzure Sentinel Reader Leitor do Azure SentinelAzure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Respondente do Azure SentinelAzure Sentinel Responder Respondente do Azure SentinelAzure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Administrador de Key VaultKey Vault Administrator Execute todas as operações de plano de dados em um cofre de chaves e todos os objetos nela, incluindo certificados, chaves e segredos.Perform all data plane operations on a key vault and all objects in it, including certificates, keys, and secrets. Não é possível gerenciar os recursos do cofre de chaves nem gerenciar atribuições de função.Cannot manage key vault resources or manage role assignments. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. 00482a5a-887f-4fb3-b363-3b7fe8e7448300482a5a-887f-4fb3-b363-3b7fe8e74483
Diretor de certificados Key VaultKey Vault Certificates Officer Execute qualquer ação nos certificados de um cofre de chaves, exceto gerenciar permissões.Perform any action on the certificates of a key vault, except manage permissions. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. a4417e6f-fecd-4de8-b567-7b0420556985a4417e6f-fecd-4de8-b567-7b0420556985
Colaborador do Key VaultKey Vault Contributor Gerencie cofres de chaves, mas não permite que você atribua funções no RBAC do Azure e não permite que você acesse segredos, chaves ou certificados.Manage key vaults, but does not allow you to assign roles in Azure RBAC, and does not allow you to access secrets, keys, or certificates. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
Key Vault o analista de criptografiaKey Vault Crypto Officer Execute qualquer ação nas chaves de um cofre de chaves, exceto gerenciar permissões.Perform any action on the keys of a key vault, except manage permissions. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. 14b46e9e-c2b7-41b4-b07b-48a6ebf6060314b46e9e-c2b7-41b4-b07b-48a6ebf60603
Key Vault usuário de criptografia do serviço de criptografiaKey Vault Crypto Service Encryption User Ler metadados de chaves e executar operações de encapsulamento/desencapsulamento.Read metadata of keys and perform wrap/unwrap operations. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. e147488a-f6f5-4113-8e2d-b22465e65bf6e147488a-f6f5-4113-8e2d-b22465e65bf6
Key Vault usuário de criptografiaKey Vault Crypto User Executar operações criptográficas usando chaves.Perform cryptographic operations using keys. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. 12338af0-0e69-4776-bea7-57ae8d29742412338af0-0e69-4776-bea7-57ae8d297424
Leitor de Key VaultKey Vault Reader Ler metadados de cofres de chaves e seus certificados, chaves e segredos.Read metadata of key vaults and its certificates, keys, and secrets. Não é possível ler valores confidenciais, como conteúdo secreto ou material de chave.Cannot read sensitive values such as secret contents or key material. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. 21090545-7ca7-4776-b22c-e363652d74d221090545-7ca7-4776-b22c-e363652d74d2
Diretor de segredos Key VaultKey Vault Secrets Officer Execute qualquer ação nos segredos de um cofre de chaves, exceto gerenciar permissões.Perform any action on the secrets of a key vault, except manage permissions. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. b86a8fe4-44ce-4948-aee5-eccb2c155cd7b86a8fe4-44ce-4948-aee5-eccb2c155cd7
Usuário de Key Vault segredosKey Vault Secrets User Ler conteúdo secreto.Read secret contents. Funciona somente para cofres de chaves que usam o modelo de permissão ' controle de acesso baseado em função do Azure '.Only works for key vaults that use the 'Azure role-based access control' permission model. 4633458b-17de-408a-b874-0445c86b69e64633458b-17de-408a-b874-0445c86b69e6
Colaborador de HSM gerenciadoManaged HSM contributor Permite que você gerencie pools HSM gerenciados, mas não tem acesso a eles.Lets you manage managed HSM pools, but not access to them. 18500a29-7fe2-46b2-a342-b16a415e101d18500a29-7fe2-46b2-a342-b16a415e101d
Administrador de SegurançaSecurity Admin Visualiza e atualiza permissões para a Central de Segurança.View and update permissions for Security Center. Mesmas permissões que a função de leitor de segurança e também podem atualizar a política de segurança e ignorar alertas e recomendações.Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
Colaborador de avaliação de segurançaSecurity Assessment Contributor Permite enviar avaliações por push para a Central de SegurançaLets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
Gerenciador de Segurança (Herdado)Security Manager (Legacy) Esta é uma função herdada.This is a legacy role. Em vez disso, use o Administrador de Segurança.Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
Leitor de SegurançaSecurity Reader Visualiza permissões para a Central de Segurança.View permissions for Security Center. Pode exibir recomendações, alertas, uma política de segurança e estados de segurança, mas não pode fazer alterações.Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
Usuário do DevTest LabsDevTest Labs User Permite conectar, iniciar, reiniciar e encerrar as máquinas virtuais no Azure DevTest Labs.Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
Criador de laboratórioLab Creator Permite criar novos laboratórios em suas contas de laboratório do Azure.Lets you create new labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
MonitorarMonitor
Colaborador de componente do Application InsightsApplication Insights Component Contributor Pode gerenciar os componentes do Application InsightsCan manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Depurador de Instantâneos do Application InsightsApplication Insights Snapshot Debugger Concede permissão ao usuário para exibir e baixar os instantâneos de depuração coletados com o Depurador de Instantâneos do Application Insights.Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. Observe que essas permissões não estão incluídas nas funções Proprietário ou Colaborador.Note that these permissions are not included in the Owner or Contributor roles. Quando você concede aos usuários a função de Depurador de Instantâneos do Application Insights, deve conceder a função diretamente ao usuário.When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. A função não é reconhecida quando adicionada a uma função personalizada.The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
Colaborador de monitoramentoMonitoring Contributor Pode ler todos os dados de monitoramento e editar configurações de monitoramento.Can read all monitoring data and edit monitoring settings. Consulte também Introdução às funções, permissões e segurança com o Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
Publicador de Métricas de MonitoramentoMonitoring Metrics Publisher Habilita a publicação de métricas com base nos recursos do AzureEnables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
Leitor de monitoramentoMonitoring Reader Pode ler todos os dados de monitoramento (métricas, logs, etc).Can read all monitoring data (metrics, logs, etc.). Consulte também Introdução às funções, permissões e segurança com o Azure Monitor.See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
Colaborador da pasta de trabalhoWorkbook Contributor Pode salvar as pastas de trabalho compartilhadas.Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
Leitor de pasta de trabalhoWorkbook Reader Pode ler as pastas de trabalho.Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
Gerenciamento + governançaManagement + governance
Operador do Trabalho de AutomaçãoAutomation Job Operator Criar e gerenciar trabalhos usando runbooks de Automação.Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
Operador de automaçãoAutomation Operator Os Operadores de Automação podem iniciar, interromper, suspender e retomar trabalhosAutomation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
Operador de runbook de AutomaçãoAutomation Runbook Operator Ler propriedades do Runbook - para poder criar Trabalhos do runbook.Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Integração de Azure Connected MachineAzure Connected Machine Onboarding Pode integrar Azure Connected Machines.Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Administrador de recursos de Azure Connected MachineAzure Connected Machine Resource Administrator Pode ler, gravar, excluir e reintegrar Azure Connected Machines.Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
Leitor de cobrançaBilling Reader Permite o acesso de leitura aos dados de cobrançaAllows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
Colaborador do BlueprintBlueprint Contributor Pode gerenciar definições de blueprint, mas não as atribuir.Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
Operador do BlueprintBlueprint Operator Pode atribuir blueprints publicados existentes, mas não pode criar novos blueprints.Can assign existing published blueprints, but cannot create new blueprints. Observe que isso só funcionará se a atribuição for feita com uma identidade gerenciada atribuída pelo usuário.Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
Colaborador do Gerenciamento de CustosCost Management Contributor Pode exibir os custos e gerenciar a configuração de custo (por exemplo, orçamentos, exportações)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
Leitor do Gerenciamento de CustosCost Management Reader Pode exibir dados e configuração de custos (por exemplo, orçamentos, exportações)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Administrador de configurações de hierarquiaHierarchy Settings Administrator Permite que os usuários editem e excluam Configurações de hierarquiaAllows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
Cluster kubernetes – integração do arco do AzureKubernetes Cluster - Azure Arc Onboarding Definição de função para autorizar qualquer usuário/serviço a criar o recurso connectedClustersRole definition to authorize any user/service to create connectedClusters resource 34e09817-6cbe-4d01-b1a2-e0eac5743d4134e09817-6cbe-4d01-b1a2-e0eac5743d41
Função de Colaborador de Aplicativos GerenciadosManaged Application Contributor Role Permite a criação de recursos de aplicativos gerenciados.Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
Função do Operador de Aplicativos GerenciadoManaged Application Operator Role Permite que você leia e execute as ações nos recursos de aplicativo gerenciadoLets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
Leitor de aplicativos gerenciadosManaged Applications Reader Permite ler os recursos de um aplicativo gerenciado e solicitar acesso JIT.Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
Função de Exclusão de Atribuição de Registro de Serviços GerenciadosManaged Services Registration assignment Delete Role A Função de Exclusão de Atribuição de Registro de Serviços Gerenciados permite que os usuários do locatário de gerenciamento excluam a atribuição de registro atribuída aos locatários.Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
Colaborador do Grupo de GerenciamentoManagement Group Contributor Função de Colaborador do Grupo de GerenciamentoManagement Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
Leitor do Grupo de GerenciamentoManagement Group Reader Função de Leitor do Grupo de GerenciamentoManagement Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
Colaborador de Conta APM do New RelicNew Relic APM Account Contributor Permite que você gerencie contas e aplicativos do Gerenciamento de desempenho de aplicativos da New Relic, mas não tem acesso a eles.Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
Gravador de Dados de Insights de Política (Versão Prévia)Policy Insights Data Writer (Preview) Permite o acesso de leitura às políticas de recurso e o acesso de gravação aos eventos de política de componente de recurso.Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
Comprador de reservaReservation Purchaser Permite que você compre reservasLets you purchase reservations f7b75c60-3036-4b75-91c3-6b41c27c1689f7b75c60-3036-4b75-91c3-6b41c27c1689
Colaborador da Política de RecursoResource Policy Contributor Usuários com direitos para criar ou modificar a política de recursos, criar tíquete de suporte e ler recursos ou hierarquias.Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Colaborador do Site RecoverySite Recovery Contributor Permite gerenciar o serviço do Azure Site Recovery, exceto a criação de cofre e atribuição de funçãoLets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Operador do Site RecoverySite Recovery Operator Permite failover e failback, mas não executa outras operações de gerenciamento do Azure Site RecoveryLets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Leitor do Site RecoverySite Recovery Reader Permite visualizar o status do Azure Site Recovery, mas não executar outras operações de gerenciamentoLets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
Colaborador de solicitação de suporteSupport Request Contributor Permite criar e gerenciar Solicitações de SuporteLets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
Colaborador de MarcaTag Contributor Permite que você gerencie marcas em entidades, sem fornecer acesso às entidades propriamente ditas.Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
OutrosOther
Proprietário de Dados dos Gêmeos Digitais do AzureAzure Digital Twins Data Owner Função de acesso completo para o plano de dados gêmeos digitalFull access role for Digital Twins data-plane bcd981a7-7f74-457b-83e1-cceb9e632ffebcd981a7-7f74-457b-83e1-cceb9e632ffe
Leitor de dados do Azure digital gêmeosAzure Digital Twins Data Reader Função somente leitura para propriedades do plano de dados gêmeos digitalRead-only role for Digital Twins data-plane properties d57506d4-4c8d-48b1-8587-93c323f6a5a3d57506d4-4c8d-48b1-8587-93c323f6a5a3
Colaborador do BizTalkBizTalk Contributor Permite gerenciar serviços do BizTalk, mas não acessá-los.Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
Colaborador do grupo de aplicativos de virtualização de desktopDesktop Virtualization Application Group Contributor Colaborador do grupo de aplicativos de virtualização de desktop.Contributor of the Desktop Virtualization Application Group. 86240b0e-9422-4c43-887b-b61143f32ba886240b0e-9422-4c43-887b-b61143f32ba8
Leitor do grupo de aplicativos de virtualização de desktopDesktop Virtualization Application Group Reader Leitor do grupo de aplicativos de virtualização de desktop.Reader of the Desktop Virtualization Application Group. aebf23d0-b568-4e86-b8f9-fe83a2c6ab55aebf23d0-b568-4e86-b8f9-fe83a2c6ab55
Colaborador de virtualização de desktopDesktop Virtualization Contributor Colaborador da virtualização de desktops.Contributor of Desktop Virtualization. 082f0a83-3be5-4ba1-904c-961cca79b387082f0a83-3be5-4ba1-904c-961cca79b387
Colaborador do pool de hosts de virtualização de desktopDesktop Virtualization Host Pool Contributor Colaborador do pool de hosts de virtualização de desktop.Contributor of the Desktop Virtualization Host Pool. e307426c-f9b6-4e81-87de-d99efb3c32bce307426c-f9b6-4e81-87de-d99efb3c32bc
Leitor do pool de hosts de virtualização de desktopDesktop Virtualization Host Pool Reader Leitor do pool de hosts de virtualização de desktop.Reader of the Desktop Virtualization Host Pool. ceadfde2-b300-400a-ab7b-6143895aa822ceadfde2-b300-400a-ab7b-6143895aa822
Leitor de virtualização de desktopDesktop Virtualization Reader Leitor de virtualização de desktop.Reader of Desktop Virtualization. 49a72310-ab8d-41df-bbb0-79b64920386849a72310-ab8d-41df-bbb0-79b649203868
Operador de host de sessão de virtualização de desktopDesktop Virtualization Session Host Operator Operador do host da sessão de virtualização de desktop.Operator of the Desktop Virtualization Session Host. 2ad6aaab-ead9-4eaa-8ac5-da422f5624082ad6aaab-ead9-4eaa-8ac5-da422f562408
Usuário de virtualização de desktopDesktop Virtualization User Permite que o usuário use os aplicativos em um grupo de aplicativos.Allows user to use the applications in an application group. 1d18fff3-a72a-46b5-b4a9-0b38a3cd7e631d18fff3-a72a-46b5-b4a9-0b38a3cd7e63
Operador de sessão de usuário de virtualização de desktopDesktop Virtualization User Session Operator Operador da sessão uesr de virtualização de desktop.Operator of the Desktop Virtualization Uesr Session. ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6
Colaborador do espaço de trabalho do Desktop VirtualizationDesktop Virtualization Workspace Contributor Colaborador do espaço de trabalho de virtualização de desktop.Contributor of the Desktop Virtualization Workspace. 21efdde3-836f-432b-bf3d-3e8e734d4b2b21efdde3-836f-432b-bf3d-3e8e734d4b2b
Leitor de espaço de trabalho do Desktop VirtualizationDesktop Virtualization Workspace Reader Leitor do espaço de trabalho de virtualização de desktop.Reader of the Desktop Virtualization Workspace. 0fa44ee9-7a7d-466b-9bb2-2bf446b1204d0fa44ee9-7a7d-466b-9bb2-2bf446b1204d
Leitor de backup em discoDisk Backup Reader Fornece permissão para o cofre de backup para executar o backup em disco.Provides permission to backup vault to perform disk backup. 3e5e47e6-65f7-47ef-90b5-e5dd4d455f243e5e47e6-65f7-47ef-90b5-e5dd4d455f24
Operador de restauração de discoDisk Restore Operator Fornece permissão para o cofre de backup para executar a restauração do disco.Provides permission to backup vault to perform disk restore. b50d9833-a0cb-478e-945f-707fcc997c13b50d9833-a0cb-478e-945f-707fcc997c13
Colaborador de instantâneo de discoDisk Snapshot Contributor Fornece permissão para o cofre de backup para gerenciar instantâneos de disco.Provides permission to backup vault to manage disk snapshots. 7efff54f-a5b4-42b5-a1c5-5411624893ce7efff54f-a5b4-42b5-a1c5-5411624893ce
Colaborador de Coleções de Trabalho do AgendadorScheduler Job Collections Contributor Permite gerenciar as coleções de trabalhos do Agendador, mas não acessá-las.Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
Operador de Hub de serviçosServices Hub Operator Operador de Hub de serviços permite que você execute todas as operações de leitura, gravação e exclusão relacionadas aos conectores do hub de serviços.Services Hub Operator allows you to perform all read, write, and deletion operations related to Services Hub Connectors. 82200a5b-e217-47a5-b665-6d8765ee745b82200a5b-e217-47a5-b665-6d8765ee745b

GeralGeneral

ColaboradorContributor

Concede acesso completo para gerenciar todos os recursos, mas não permite que você atribua funções no RBAC do Azure, gerencie atribuições em plantas do Azure ou compartilhe galerias de imagens.Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries. Saiba maisLearn more

AçõesActions DescriçãoDescription
* Criar e gerenciar recursos de todos os tiposCreate and manage resources of all types
NotActionsNotActions
Microsoft. Authorization/*/DeleteMicrosoft.Authorization/*/Delete Excluir funções, atribuições de política, definições de política e definições de conjunto de políticasDelete roles, policy assignments, policy definitions and policy set definitions
Microsoft. Authorization/*/WriteMicrosoft.Authorization/*/Write Criar funções, atribuições de função, atribuições de política, definições de política e definições de conjunto de políticasCreate roles, role assignments, policy assignments, policy definitions and policy set definitions
/ElevateAccess/Action Microsoft. AuthorizationMicrosoft.Authorization/elevateAccess/Action Concede ao chamador o acesso de Administrador de Acesso do Usuário no escopo do locatárioGrants the caller User Access Administrator access at the tenant scope
/BlueprintAssignments/Write Microsoft. BlueprintMicrosoft.Blueprint/blueprintAssignments/write Criar ou atualizar quaisquer atribuições de blueprintCreate or update any blueprint assignments
/BlueprintAssignments/Delete Microsoft. BlueprintMicrosoft.Blueprint/blueprintAssignments/delete Excluir quaisquer atribuições de blueprintDelete any blueprint assignments
/Galleries/share/Action Microsoft. ComputeMicrosoft.Compute/galleries/share/action Compartilha uma galeria com escopos diferentesShares a Gallery to different scopes
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete",
        "Microsoft.Compute/galleries/share/action"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ProprietárioOwner

Concede acesso completo para gerenciar todos os recursos, incluindo a capacidade de atribuir funções no RBAC do Azure.Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. Saiba maisLearn more

AçõesActions DescriçãoDescription
* Criar e gerenciar recursos de todos os tiposCreate and manage resources of all types
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants full access to manage all resources, including the ability to assign roles in Azure RBAC.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

LeitorReader

Exibir todos os recursos, mas não permite que você faça nenhuma alteração.View all resources, but does not allow you to make any changes. Saiba maisLearn more

AçõesActions DescriçãoDescription
*/leitura*/read Ler recursos de todos os tipos, exceto segredos.Read resources of all types, except secrets.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View all resources, but does not allow you to make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de Acesso do UsuárioUser Access Administrator

Permite que você gerencie o acesso do usuário aos recursos do Azure.Lets you manage user access to Azure resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
*/leitura*/read Ler recursos de todos os tipos, exceto segredos.Read resources of all types, except secrets.
Microsoft. Authorization/*Microsoft.Authorization/* Gerenciar autorizaçãoManage authorization
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ComputaçãoCompute

Colaborador de Máquina Virtual ClássicaClassic Virtual Machine Contributor

Permite gerenciar máquinas virtuais clássicas, mas não o acesso a elas, nem à rede virtual ou conta de armazenamento à qual estão conectadas.Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* Criar e gerenciar nomes de domínio de computação clássicaCreate and manage classic compute domain names
Microsoft. ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* Criar e gerenciar máquinas virtuaisCreate and manage virtual machines
Microsoft. ClassicNetwork/networkSecurityGroups/Join/ActionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft. ClassicNetwork/reservedIps/link/ActionMicrosoft.ClassicNetwork/reservedIps/link/action Vincular um IP reservadoLink a reserved Ip
Microsoft. ClassicNetwork/reservedIps/ReadMicrosoft.ClassicNetwork/reservedIps/read Obter os IPs reservadosGets the reserved Ips
Microsoft. ClassicNetwork/virtualNetworks/Join/ActionMicrosoft.ClassicNetwork/virtualNetworks/join/action Ingressar na rede virtual.Joins the virtual network.
Microsoft. ClassicNetwork/virtualNetworks/ReadMicrosoft.ClassicNetwork/virtualNetworks/read Obter a rede virtual.Get the virtual network.
Microsoft. ClassicStorage/storageAccounts/disks/ReadMicrosoft.ClassicStorage/storageAccounts/disks/read Retornar o disco da conta de armazenamento.Returns the storage account disk.
Microsoft. ClassicStorage/storageAccounts/images/ReadMicrosoft.ClassicStorage/storageAccounts/images/read Retornar a imagem da conta de armazenamento.Returns the storage account image. (Preterido.(Deprecated. Usar 'Microsoft.ClassicStorage/storageAccounts/vmImages')Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft. ClassicStorage/storageAccounts/listKeys/ActionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Listar as chaves de acesso das contas de armazenamento.Lists the access keys for the storage accounts.
Microsoft. ClassicStorage/storageAccounts/ReadMicrosoft.ClassicStorage/storageAccounts/read Retornar a conta de armazenamento com a conta fornecida.Return the storage account with the given account.
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logon de administrador da Máquina VirtualVirtual Machine Administrator Login

Exibir máquinas virtuais no portal e fazer logon como administrador saiba maisView Virtual Machines in the portal and login as administrator Learn more

AçõesActions DescriçãoDescription
/PublicIPAddresses/Read Microsoft. NetworkMicrosoft.Network/publicIPAddresses/read Obter uma definição de endereço IP público.Gets a public ip address definition.
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/LoadBalancers/Read Microsoft. NetworkMicrosoft.Network/loadBalancers/read Obter uma definição de balanceador de cargaGets a load balancer definition
/NetworkInterfaces/Read Microsoft. NetworkMicrosoft.Network/networkInterfaces/read Obter uma definição de adaptador de rede.Gets a network interface definition.
Microsoft. Compute/virtualMachines/*/ReadMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
/VirtualMachines/login/Action Microsoft. ComputeMicrosoft.Compute/virtualMachines/login/action Faça logon em uma máquina virtual como um usuário normalLog in to a virtual machine as a regular user
/VirtualMachines/loginAsAdmin/Action Microsoft. ComputeMicrosoft.Compute/virtualMachines/loginAsAdmin/action Faça logon em uma máquina virtual com os privilégios de administrador do Windows ou de usuário raiz do LinuxLog in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Máquina VirtualVirtual Machine Contributor

Permite gerenciar máquinas virtuais, mas não o acesso a elas, nem à rede virtual ou conta de armazenamento à qual estão conectadas.Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* Criar e gerenciar conjuntos de disponibilidade de computaçãoCreate and manage compute availability sets
Microsoft. Compute/Locations/*Microsoft.Compute/locations/* Criar e gerenciar locais de computaçãoCreate and manage compute locations
Microsoft. Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* Execute todas as ações de máquina virtual, incluindo criar, atualizar, excluir, iniciar, reiniciar e desligar máquinas virtuais.Perform all virtual machine actions including create, update, delete, start, restart, and power off virtual machines. Executar scripts predefinidos em máquinas virtuais.Execute predefined scripts on virtual machines.
Microsoft. Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* Criar e gerenciar conjuntos de dimensionamento de máquinas virtuaisCreate and manage virtual machine scale sets
/Disks/Write Microsoft. ComputeMicrosoft.Compute/disks/write Criar um novo disco ou atualizar um existenteCreates a new Disk or updates an existing one
/Disks/Read Microsoft. ComputeMicrosoft.Compute/disks/read Obter as propriedades de um discoGet the properties of a Disk
/Disks/Delete Microsoft. ComputeMicrosoft.Compute/disks/delete Excluir o discoDeletes the Disk
Microsoft. DevTestLab/Schedules/*Microsoft.DevTestLab/schedules/*
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/ApplicationGateways/backendAddressPools/Join/Action Microsoft. NetworkMicrosoft.Network/applicationGateways/backendAddressPools/join/action Ingressar em um pool de endereços de back-end do gateway de aplicativo.Joins an application gateway backend address pool. Não é possível alertá-lo.Not Alertable.
/LoadBalancers/backendAddressPools/Join/Action Microsoft. NetworkMicrosoft.Network/loadBalancers/backendAddressPools/join/action Ingressar em um pool de endereços de back-end do balanceador de carga.Joins a load balancer backend address pool. Não é possível alertá-lo.Not Alertable.
/LoadBalancers/inboundNatPools/Join/Action Microsoft. NetworkMicrosoft.Network/loadBalancers/inboundNatPools/join/action Ingressar em um pool NAT de entrada do balanceador de carga.Joins a load balancer inbound NAT pool. Não é possível alertá-lo.Not alertable.
/LoadBalancers/inboundNatRules/Join/Action Microsoft. NetworkMicrosoft.Network/loadBalancers/inboundNatRules/join/action Adicionar uma regra NAT de entrada do balanceador de carga.Joins a load balancer inbound nat rule. Não é possível alertá-lo.Not Alertable.
/LoadBalancers/Probes/Join/Action Microsoft. NetworkMicrosoft.Network/loadBalancers/probes/join/action Permitir o uso de investigações de um balanceador de carga.Allows using probes of a load balancer. Por exemplo, com essa permissão, a propriedade healthProbe do conjunto de dimensionamento de VM pode referenciar a investigação.For example, with this permission healthProbe property of VM scale set can reference the probe. Não é possível alertá-lo.Not alertable.
/LoadBalancers/Read Microsoft. NetworkMicrosoft.Network/loadBalancers/read Obter uma definição de balanceador de cargaGets a load balancer definition
Microsoft. Network/Locations/*Microsoft.Network/locations/* Criar e gerenciar locais de redeCreate and manage network locations
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* Criar e gerenciar as interfaces de redeCreate and manage network interfaces
/NetworkSecurityGroups/Join/Action Microsoft. NetworkMicrosoft.Network/networkSecurityGroups/join/action Ingressar em um grupo de segurança de rede.Joins a network security group. Não é possível alertá-lo.Not Alertable.
/NetworkSecurityGroups/Read Microsoft. NetworkMicrosoft.Network/networkSecurityGroups/read Obter uma definição de um grupo de segurança de redeGets a network security group definition
/PublicIPAddresses/Join/Action Microsoft. NetworkMicrosoft.Network/publicIPAddresses/join/action Ingressar em um endereço IP público.Joins a public ip address. Não é possível alertá-lo.Not Alertable.
/PublicIPAddresses/Read Microsoft. NetworkMicrosoft.Network/publicIPAddresses/read Obter uma definição de endereço IP público.Gets a public ip address definition.
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/VirtualNetworks/Subnets/Join/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/join/action Ingressar em uma rede virtual.Joins a virtual network. Não é possível alertá-lo.Not Alertable.
Microsoft. recoveryservices/Locations/*Microsoft.RecoveryServices/locations/*
Microsoft. recoveryservices/Vaults/backupFabrics/backupProtectionIntent/WriteMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Criar uma Intenção de Proteção de backupCreate a backup Protection Intent
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/*/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Retornar detalhes do objeto do item protegidoReturns object details of the Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/WriteMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Criar um item protegido de backupCreate a backup Protected Item
Microsoft. recoveryservices/Vaults/backupPolicies/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/read Retornar todas as políticas de proteçãoReturns all Protection Policies
Microsoft. recoveryservices/Vaults/backupPolicies/WriteMicrosoft.RecoveryServices/Vaults/backupPolicies/write Criar uma política de proteçãoCreates Protection Policy
Microsoft. recoveryservices/Vaults/ReadMicrosoft.RecoveryServices/Vaults/read A operação Obter cofre obtém um objeto que representa o recurso do Azure do tipo 'cofre'The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. recoveryservices/Vaults/Usages/ReadMicrosoft.RecoveryServices/Vaults/usages/read Retornar os detalhes de uso para um cofre dos Serviços de Recuperação.Returns usage details for a Recovery Services Vault.
Microsoft. recoveryservices/Vaults/WriteMicrosoft.RecoveryServices/Vaults/write A operação Criar cofre cria um recurso do Azure do tipo 'cofre'Create Vault operation creates an Azure resource of type 'vault'
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
/StorageAccounts/listKeys/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/listKeys/action Retornar as chaves de acesso da conta de armazenamento especificada.Returns the access keys for the specified storage account.
/StorageAccounts/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/read Retornar a lista de contas de armazenamento ou obter as propriedades da conta de armazenamento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Logon de usuário da Máquina VirtualVirtual Machine User Login

Visualize as Máquinas Virtuais do Microsoft Azure no portal e faça logon como usuário.View Virtual Machines in the portal and login as a regular user. Saiba maisLearn more

AçõesActions DescriçãoDescription
/PublicIPAddresses/Read Microsoft. NetworkMicrosoft.Network/publicIPAddresses/read Obter uma definição de endereço IP público.Gets a public ip address definition.
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/LoadBalancers/Read Microsoft. NetworkMicrosoft.Network/loadBalancers/read Obter uma definição de balanceador de cargaGets a load balancer definition
/NetworkInterfaces/Read Microsoft. NetworkMicrosoft.Network/networkInterfaces/read Obter uma definição de adaptador de rede.Gets a network interface definition.
Microsoft. Compute/virtualMachines/*/ReadMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
/VirtualMachines/login/Action Microsoft. ComputeMicrosoft.Compute/virtualMachines/login/action Faça logon em uma máquina virtual como um usuário normalLog in to a virtual machine as a regular user
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

RedeNetworking

Colaborador de ponto de extremidade de CDNCDN Endpoint Contributor

Pode gerenciar os pontos de extremidade de CDN, mas não pode conceder acesso a outros usuários.Can manage CDN endpoints, but can't grant access to other users.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Edgenodes/Read Microsoft. CDNMicrosoft.Cdn/edgenodes/read
Microsoft. CDN/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft. CDN/Profiles/Endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de ponto de extremidade de CDNCDN Endpoint Reader

Pode exibir os pontos de extremidade de CDN, mas não pode fazer alterações.Can view CDN endpoints, but can't make changes.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Edgenodes/Read Microsoft. CDNMicrosoft.Cdn/edgenodes/read
Microsoft. CDN/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft. CDN/Profiles/Endpoints/*/ReadMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de perfil de CDNCDN Profile Contributor

Pode gerenciar os perfis de CDN e os respectivos pontos de extremidade, mas não pode conceder acesso a outros usuários.Can manage CDN profiles and their endpoints, but can't grant access to other users. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Edgenodes/Read Microsoft. CDNMicrosoft.Cdn/edgenodes/read
Microsoft. CDN/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft. CDN/Profiles/*Microsoft.Cdn/profiles/*
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de perfil de CDNCDN Profile Reader

Pode exibir os perfis de CDN e os respectivos pontos de extremidade, mas não pode fazer alterações.Can view CDN profiles and their endpoints, but can't make changes.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Edgenodes/Read Microsoft. CDNMicrosoft.Cdn/edgenodes/read
Microsoft. CDN/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft. CDN/Profiles/*/ReadMicrosoft.Cdn/profiles/*/read
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de rede clássicaClassic Network Contributor

Permite que você gerencie redes clássicas, mas não acessá-las.Lets you manage classic networks, but not access to them. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. ClassicNetwork/*Microsoft.ClassicNetwork/* Criar e gerenciar redes clássicasCreate and manage classic networks
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de zona DNSDNS Zone Contributor

Permite gerenciar zonas DNS e conjuntos de registros no DNS do Azure, mas não permite controlar quem tem acesso a eles.Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Network/dnsZones/*Microsoft.Network/dnsZones/* Criar e gerenciar zonas e registros DNSCreate and manage DNS zones and records
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de redeNetwork Contributor

Permite gerenciar redes, mas não acessá-las.Lets you manage networks, but not access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Network/*Microsoft.Network/* Criar e gerenciar redesCreate and manage networks
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de zona de DNS privadoPrivate DNS Zone Contributor

Permite que você gerencie recursos de zona DNS privada, mas não as redes virtuais às quais eles estão vinculados.Lets you manage private DNS zone resources, but not the virtual networks they are linked to. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. Network/privateDnsZones/*Microsoft.Network/privateDnsZones/*
Microsoft. Network/privateDnsOperationResults/*Microsoft.Network/privateDnsOperationResults/*
Microsoft. Network/privateDnsOperationStatuses/*Microsoft.Network/privateDnsOperationStatuses/*
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/VirtualNetworks/Join/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/join/action Ingressar em uma rede virtual.Joins a virtual network. Não é possível alertá-lo.Not Alertable.
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage private DNS zone resources, but not the virtual networks they are linked to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "name": "b12aa53e-6015-4669-85d0-8515ebb3ae7f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/privateDnsZones/*",
        "Microsoft.Network/privateDnsOperationResults/*",
        "Microsoft.Network/privateDnsOperationStatuses/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/join/action",
        "Microsoft.Authorization/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Private DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Gerenciador de TráfegoTraffic Manager Contributor

Permite gerenciar perfis do Gerenciador de Tráfego, mas não permite controlar quem tem acesso a eles.Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ArmazenamentoStorage

Colaborador do AvereAvere Contributor

Pode criar e gerenciar um cluster do Avere vFXT.Can create and manage an Avere vFXT cluster. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. Compute/*/ReadMicrosoft.Compute/*/read
Microsoft. Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft. Compute/proximityPlacementGroups/*Microsoft.Compute/proximityPlacementGroups/*
Microsoft. Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft. Compute/disks/*Microsoft.Compute/disks/*
Microsoft. Network/*/ReadMicrosoft.Network/*/read
Microsoft. Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/VirtualNetworks/Subnets/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/read Obter uma definição de sub-rede da rede virtualGets a virtual network subnet definition
/VirtualNetworks/Subnets/Join/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/join/action Ingressar em uma rede virtual.Joins a virtual network. Não é possível alertá-lo.Not Alertable.
/VirtualNetworks/Subnets/joinViaServiceEndpoint/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Adicionar recursos como conta de armazenamento ou banco de dados SQL a uma sub-rede.Joins resource such as storage account or SQL database to a subnet. Não é possível alertá-lo.Not alertable.
/NetworkSecurityGroups/Join/Action Microsoft. NetworkMicrosoft.Network/networkSecurityGroups/join/action Ingressar em um grupo de segurança de rede.Joins a network security group. Não é possível alertá-lo.Not Alertable.
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. Storage/*/ReadMicrosoft.Storage/*/read
Microsoft. Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Criar e gerenciar contas de armazenamentoCreate and manage storage accounts
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
/Subscriptions/resourceGroups/Resources/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/resources/read Obter os recursos do grupo de recursos.Gets the resources for the resource group.
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/blobServices/containers/BLOBs/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retorna o resultado da exclusão de um blobReturns the result of deleting a blob
/StorageAccounts/blobServices/containers/BLOBs/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retorna um blob ou uma lista de blobsReturns a blob or a list of blobs
/StorageAccounts/blobServices/containers/BLOBs/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retorna o resultado da gravação de um blobReturns the result of writing a blob
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/proximityPlacementGroups/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador do AvereAvere Operator

Usado pelo cluster avere vFXT para gerenciar o cluster saiba maisUsed by the Avere vFXT cluster to manage the cluster Learn more

AçõesActions DescriçãoDescription
/VirtualMachines/Read Microsoft. ComputeMicrosoft.Compute/virtualMachines/read Obter as propriedades de uma máquina virtualGet the properties of a virtual machine
/NetworkInterfaces/Read Microsoft. NetworkMicrosoft.Network/networkInterfaces/read Obter uma definição de adaptador de rede.Gets a network interface definition.
/NetworkInterfaces/Write Microsoft. NetworkMicrosoft.Network/networkInterfaces/write Criar uma interface de rede ou atualizar uma interface de rede existente.Creates a network interface or updates an existing network interface.
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
/VirtualNetworks/Subnets/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/read Obter uma definição de sub-rede da rede virtualGets a virtual network subnet definition
/VirtualNetworks/Subnets/Join/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/join/action Ingressar em uma rede virtual.Joins a virtual network. Não é possível alertá-lo.Not Alertable.
/NetworkSecurityGroups/Join/Action Microsoft. NetworkMicrosoft.Network/networkSecurityGroups/join/action Ingressar em um grupo de segurança de rede.Joins a network security group. Não é possível alertá-lo.Not Alertable.
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
/StorageAccounts/blobServices/containers/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/delete Retornar o resultado da exclusão de um contêinerReturns the result of deleting a container
/StorageAccounts/blobServices/containers/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/read Retorna a lista de contêineresReturns list of containers
/StorageAccounts/blobServices/containers/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/write Retorna o resultado do contêiner de put blobReturns the result of put blob container
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/blobServices/containers/BLOBs/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Retorna o resultado da exclusão de um blobReturns the result of deleting a blob
/StorageAccounts/blobServices/containers/BLOBs/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retorna um blob ou uma lista de blobsReturns a blob or a list of blobs
/StorageAccounts/blobServices/containers/BLOBs/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Retorna o resultado da gravação de um blobReturns the result of writing a blob
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de BackupBackup Contributor

Permite que você gerencie o serviço de backup, mas não pode criar cofres e conceder acesso a outras pessoas saiba maisLets you manage backup service, but can't create vaults and give access to others Learn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
Microsoft. recoveryservices/Locations/*Microsoft.RecoveryServices/locations/*
Microsoft. recoveryservices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* Gerenciar os resultados da operação no gerenciamento de backupManage results of operation on backup management
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* Criar e gerenciar contêineres de backup em malhas de backup do cofre de Serviços de RecuperaçãoCreate and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft. recoveryservices/Vaults/backupFabrics/refreshContainers/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Atualizar a lista de contêineresRefreshes the container list
Microsoft. recoveryservices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Criar e gerenciar trabalhos de backupCreate and manage backup jobs
Microsoft. recoveryservices/Vaults/backupJobsExport/ActionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exportar trabalhosExport Jobs
Microsoft. recoveryservices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Criar e gerenciar os Resultados das operações de gerenciamento de backupCreate and manage Results of backup management operations
Microsoft. recoveryservices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* Criar e gerenciar políticas de backupCreate and manage backup policies
Microsoft. recoveryservices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Criar e gerenciar itens para backupCreate and manage items which can be backed up
Microsoft. recoveryservices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* Criar e gerenciar itens submetidos a backupCreate and manage backed up items
Microsoft. recoveryservices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* Criar e gerenciar contêineres que armazenam itens de backupCreate and manage containers holding backup items
Microsoft. recoveryservices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft. recoveryservices/Vaults/backupUsageSummaries/ReadMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Retornar resumos de itens protegidos e servidores protegidos para os Serviços de Recuperação.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. recoveryservices/Vaults/Certificates/*Microsoft.RecoveryServices/Vaults/certificates/* Criar e gerenciar certificados relacionados a backup em um cofre de Serviços de RecuperaçãoCreate and manage certificates related to backup in Recovery Services vault
Microsoft. recoveryservices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* Criar e gerenciar informações estendidas relacionadas ao cofreCreate and manage extended info related to vault
Microsoft. recoveryservices/Vaults/monitoringAlerts/ReadMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obter os alertas para o cofre dos Serviços de Recuperação.Gets the alerts for the Recovery services vault.
Microsoft. recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. recoveryservices/Vaults/ReadMicrosoft.RecoveryServices/Vaults/read A operação Obter cofre obtém um objeto que representa o recurso do Azure do tipo 'cofre'The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. recoveryservices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* Criar e gerenciar identidades registradasCreate and manage registered identities
Microsoft. recoveryservices/Vaults/Usages/*Microsoft.RecoveryServices/Vaults/usages/* Criar e gerenciar o uso do cofre dos Serviços de RecuperaçãoCreate and manage usage of Recovery Services vault
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
/StorageAccounts/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/read Retornar a lista de contas de armazenamento ou obter as propriedades da conta de armazenamento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft. recoveryservices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft. recoveryservices/Vaults/BackupConfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft. recoveryservices/Vaults/backupValidateOperation/ActionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Validar operação no Item protegidoValidate Operation on Protected Item
Microsoft. recoveryservices/Vaults/WriteMicrosoft.RecoveryServices/Vaults/write A operação Criar cofre cria um recurso do Azure do tipo 'cofre'Create Vault operation creates an Azure resource of type 'vault'
Microsoft. recoveryservices/Vaults/backupOperations/ReadMicrosoft.RecoveryServices/Vaults/backupOperations/read Retornar o status da operação de backup para o cofre dos Serviços de Recuperação.Returns Backup Operation Status for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/backupEngines/ReadMicrosoft.RecoveryServices/Vaults/backupEngines/read Retornar todos os servidores de gerenciamento de backup registrados com cofre.Returns all the backup management servers registered with vault.
Microsoft. recoveryservices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft. recoveryservices/Vaults/backupFabrics/protectableContainers/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obter todos os contêineres protegidosGet all protectable containers
Microsoft. recoveryservices/Locations/backupStatus/ActionMicrosoft.RecoveryServices/locations/backupStatus/action Verificar o status de backup para os Cofres dos Serviços de RecuperaçãoCheck Backup Status for Recovery Services Vaults
Microsoft. recoveryservices/Locations/backupPreValidateProtection/ActionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft. recoveryservices/Locations/backupValidateFeatures/ActionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Validar recursosValidate Features
Microsoft. recoveryservices/Vaults/monitoringAlerts/WriteMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resolver o alerta.Resolves the alert.
Microsoft. recoveryservices/Operations/ReadMicrosoft.RecoveryServices/operations/read Operação retorna a lista de operações para um provedor de recursosOperation returns the list of Operations for a Resource Provider
Microsoft. recoveryservices/Locations/operationStatus/ReadMicrosoft.RecoveryServices/locations/operationStatus/read Obtém o Status da operação para uma determinada operaçãoGets Operation Status for a given Operation
Microsoft. recoveryservices/Vaults/backupProtectionIntents/ReadMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listar todas as Intenções de Proteção de backupList all backup Protection Intents
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de BackupBackup Operator

Permite que você gerencie serviços de backup, exceto remoção de backup, criação de cofre e acesso a outros saiba maisLets you manage backup services, except removal of backup, vault creation and giving access to others Learn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/VirtualNetworks/Read Microsoft. NetworkMicrosoft.Network/virtualNetworks/read Obter a definição de rede virtualGet the virtual network definition
Microsoft. recoveryservices/Vaults/backupFabrics/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Retornar o status da operaçãoReturns status of the operation
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obter o resultado da operação executada no contêiner de proteção.Gets result of Operation performed on Protection Container.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action Executar um backup para um item protegido.Performs Backup for Protected Item.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obter o resultado da operação executada em itens protegidos.Gets Result of Operation Performed on Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Retornar o status da operação executada em itens protegidos.Returns the status of Operation performed on Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Retornar detalhes do objeto do item protegidoReturns object details of the Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action Provisionar recuperação de item instantânea para item protegidoProvision Instant Item Recovery for Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/ActionMicrosoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action Obter AccessToken para a restauração entre regiões.Get AccessToken for Cross Region Restore.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obter pontos de recuperação para itens protegidos.Get Recovery Points for Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/Restore/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action Restaurar pontos de recuperação para itens protegidos.Restore Recovery Points for Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action Revogar a recuperação de item instantânea para item protegidoRevoke Instant Item Recovery for Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/WriteMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write Criar um item protegido de backupCreate a backup Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Retornar todos os contêineres registradosReturns all registered containers
Microsoft. recoveryservices/Vaults/backupFabrics/refreshContainers/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action Atualizar a lista de contêineresRefreshes the container list
Microsoft. recoveryservices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* Criar e gerenciar trabalhos de backupCreate and manage backup jobs
Microsoft. recoveryservices/Vaults/backupJobsExport/ActionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exportar trabalhosExport Jobs
Microsoft. recoveryservices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* Criar e gerenciar os Resultados das operações de gerenciamento de backupCreate and manage Results of backup management operations
Microsoft. recoveryservices/Vaults/backupPolicies/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obter os resultados da operação de política.Get Results of Policy Operation.
Microsoft. recoveryservices/Vaults/backupPolicies/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/read Retornar todas as políticas de proteçãoReturns all Protection Policies
Microsoft. recoveryservices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* Criar e gerenciar itens para backupCreate and manage items which can be backed up
Microsoft. recoveryservices/Vaults/backupProtectedItems/ReadMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Retornar a lista de todos os itens protegidos.Returns the list of all Protected Items.
Microsoft. recoveryservices/Vaults/backupProtectionContainers/ReadMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Retornar todos os contêineres pertencentes à assinaturaReturns all containers belonging to the subscription
Microsoft. recoveryservices/Vaults/backupUsageSummaries/ReadMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Retornar resumos de itens protegidos e servidores protegidos para os Serviços de Recuperação.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. recoveryservices/Vaults/Certificates/WriteMicrosoft.RecoveryServices/Vaults/certificates/write A operação Atualizar certificado do recurso atualiza o certificado de credencial de cofre/recurso.The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft. recoveryservices/Vaults/extendedInformation/ReadMicrosoft.RecoveryServices/Vaults/extendedInformation/read A operação Obter Informações Estendidas obtém informações estendidas de um objeto que representa o recurso do Azure do tipo ?vault?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. recoveryservices/Vaults/extendedInformation/WriteMicrosoft.RecoveryServices/Vaults/extendedInformation/write A operação Obter Informações Estendidas obtém informações estendidas de um objeto que representa o recurso do Azure do tipo ?vault?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. recoveryservices/Vaults/monitoringAlerts/ReadMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obter os alertas para o cofre dos Serviços de Recuperação.Gets the alerts for the Recovery services vault.
Microsoft. recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. recoveryservices/Vaults/ReadMicrosoft.RecoveryServices/Vaults/read A operação Obter cofre obtém um objeto que representa o recurso do Azure do tipo 'cofre'The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. recoveryservices/Vaults/registeredIdentities/operationResults/ReadMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read A operação Obter resultados da operação pode ser usada para obter o status da operação e o resultado da operação enviada de forma assíncronaThe Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft. recoveryservices/Vaults/registeredIdentities/ReadMicrosoft.RecoveryServices/Vaults/registeredIdentities/read A operação Obter contêineres pode ser usada para obter os contêineres registrados para um recurso.The Get Containers operation can be used get the containers registered for a resource.
Microsoft. recoveryservices/Vaults/registeredIdentities/WriteMicrosoft.RecoveryServices/Vaults/registeredIdentities/write A operação Registrar o contêiner de serviço pode ser usada para registrar um contêiner com o Serviço de Recuperação.The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft. recoveryservices/Vaults/Usages/ReadMicrosoft.RecoveryServices/Vaults/usages/read Retornar os detalhes de uso para um cofre dos Serviços de Recuperação.Returns usage details for a Recovery Services Vault.
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
/StorageAccounts/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/read Retornar a lista de contas de armazenamento ou obter as propriedades da conta de armazenamento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft. recoveryservices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft. recoveryservices/Vaults/backupValidateOperation/ActionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action Validar operação no Item protegidoValidate Operation on Protected Item
Microsoft. recoveryservices/Vaults/backupOperations/ReadMicrosoft.RecoveryServices/Vaults/backupOperations/read Retornar o status da operação de backup para o cofre dos Serviços de Recuperação.Returns Backup Operation Status for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/backupPolicies/Operations/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obter o status da operação de política.Get Status of Policy Operation.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/WriteMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write Criar um contêiner registradoCreates a registered container
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/inquire/ActionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action Consultar cargas de trabalho em um contêinerDo inquiry for workloads within a container
Microsoft. recoveryservices/Vaults/backupEngines/ReadMicrosoft.RecoveryServices/Vaults/backupEngines/read Retornar todos os servidores de gerenciamento de backup registrados com cofre.Returns all the backup management servers registered with vault.
Microsoft. recoveryservices/Vaults/backupFabrics/backupProtectionIntent/WriteMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write Criar uma Intenção de Proteção de backupCreate a backup Protection Intent
Microsoft. recoveryservices/Vaults/backupFabrics/backupProtectionIntent/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Obter uma Intenção de Proteção de backupGet a backup Protection Intent
Microsoft. recoveryservices/Vaults/backupFabrics/protectableContainers/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read Obter todos os contêineres protegidosGet all protectable containers
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/Items/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obter todos os itens em um contêinerGet all items in a container
Microsoft. recoveryservices/Locations/backupStatus/ActionMicrosoft.RecoveryServices/locations/backupStatus/action Verificar o status de backup para os Cofres dos Serviços de RecuperaçãoCheck Backup Status for Recovery Services Vaults
Microsoft. recoveryservices/Locations/backupPreValidateProtection/ActionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft. recoveryservices/Locations/backupValidateFeatures/ActionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Validar recursosValidate Features
Microsoft. recoveryservices/Locations/backupAadProperties/ReadMicrosoft.RecoveryServices/locations/backupAadProperties/read Obtenha as propriedades do AAD para autenticação na terceira região para a restauração entre regiões.Get AAD Properties for authentication in the third region for Cross Region Restore.
Microsoft. recoveryservices/Locations/backupCrrJobs/ActionMicrosoft.RecoveryServices/locations/backupCrrJobs/action Listar trabalhos de restauração entre regiões na região secundária para o cofre dos serviços de recuperação.List Cross Region Restore Jobs in the secondary region for Recovery Services Vault.
Microsoft. recoveryservices/Locations/backupCrrJob/ActionMicrosoft.RecoveryServices/locations/backupCrrJob/action Obter detalhes do trabalho de restauração entre regiões na região secundária para o cofre dos serviços de recuperação.Get Cross Region Restore Job Details in the secondary region for Recovery Services Vault.
Microsoft. recoveryservices/Locations/backupCrossRegionRestore/ActionMicrosoft.RecoveryServices/locations/backupCrossRegionRestore/action Disparar a restauração entre regiões.Trigger Cross region restore.
Microsoft. recoveryservices/Locations/backupCrrOperationResults/ReadMicrosoft.RecoveryServices/locations/backupCrrOperationResults/read Retorna o resultado da operação de CRR para o cofre dos serviços de recuperação.Returns CRR Operation Result for Recovery Services Vault.
Microsoft. recoveryservices/Locations/backupCrrOperationsStatus/ReadMicrosoft.RecoveryServices/locations/backupCrrOperationsStatus/read Retorna o status da operação de CRR para o cofre dos serviços de recuperação.Returns CRR Operation Status for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/monitoringAlerts/WriteMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resolver o alerta.Resolves the alert.
Microsoft. recoveryservices/Operations/ReadMicrosoft.RecoveryServices/operations/read Operação retorna a lista de operações para um provedor de recursosOperation returns the list of Operations for a Resource Provider
Microsoft. recoveryservices/Locations/operationStatus/ReadMicrosoft.RecoveryServices/locations/operationStatus/read Obtém o Status da operação para uma determinada operaçãoGets Operation Status for a given Operation
Microsoft. recoveryservices/Vaults/backupProtectionIntents/ReadMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listar todas as Intenções de Proteção de backupList all backup Protection Intents
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/accessToken/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/locations/backupAadProperties/read",
        "Microsoft.RecoveryServices/locations/backupCrrJobs/action",
        "Microsoft.RecoveryServices/locations/backupCrrJob/action",
        "Microsoft.RecoveryServices/locations/backupCrossRegionRestore/action",
        "Microsoft.RecoveryServices/locations/backupCrrOperationResults/read",
        "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de BackupBackup Reader

Pode exibir serviços de backup, mas não pode fazer alterações saiba maisCan view backup services, but can't make changes Learn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. recoveryservices/Locations/allocatedStamp/ReadMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp é uma operação interna usada pelo serviçoGetAllocatedStamp is internal operation used by service
Microsoft. recoveryservices/Vaults/backupFabrics/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read Retornar o status da operaçãoReturns status of the operation
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read Obter o resultado da operação executada no contêiner de proteção.Gets result of Operation performed on Protection Container.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read Obter o resultado da operação executada em itens protegidos.Gets Result of Operation Performed on Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read Retornar o status da operação executada em itens protegidos.Returns the status of Operation performed on Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read Retornar detalhes do objeto do item protegidoReturns object details of the Protected Item
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read Obter pontos de recuperação para itens protegidos.Get Recovery Points for Protected Items.
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read Retornar todos os contêineres registradosReturns all registered containers
Microsoft. recoveryservices/Vaults/backupJobs/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read Retornar o resultado da operação do trabalho.Returns the Result of Job Operation.
Microsoft. recoveryservices/Vaults/backupJobs/ReadMicrosoft.RecoveryServices/Vaults/backupJobs/read Retornar todos os objetos de trabalhoReturns all Job Objects
Microsoft. recoveryservices/Vaults/backupJobsExport/ActionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action Exportar trabalhosExport Jobs
Microsoft. recoveryservices/Vaults/backupOperationResults/ReadMicrosoft.RecoveryServices/Vaults/backupOperationResults/read Retornar o resultado da operação de backup para o cofre dos Serviços de Recuperação.Returns Backup Operation Result for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/backupPolicies/operationResults/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read Obter os resultados da operação de política.Get Results of Policy Operation.
Microsoft. recoveryservices/Vaults/backupPolicies/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/read Retornar todas as políticas de proteçãoReturns all Protection Policies
Microsoft. recoveryservices/Vaults/backupProtectedItems/ReadMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read Retornar a lista de todos os itens protegidos.Returns the list of all Protected Items.
Microsoft. recoveryservices/Vaults/backupProtectionContainers/ReadMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read Retornar todos os contêineres pertencentes à assinaturaReturns all containers belonging to the subscription
Microsoft. recoveryservices/Vaults/backupUsageSummaries/ReadMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read Retornar resumos de itens protegidos e servidores protegidos para os Serviços de Recuperação.Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft. recoveryservices/Vaults/extendedInformation/ReadMicrosoft.RecoveryServices/Vaults/extendedInformation/read A operação Obter Informações Estendidas obtém informações estendidas de um objeto que representa o recurso do Azure do tipo ?vault?The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft. recoveryservices/Vaults/monitoringAlerts/ReadMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read Obter os alertas para o cofre dos Serviços de Recuperação.Gets the alerts for the Recovery services vault.
Microsoft. recoveryservices/Vaults/ReadMicrosoft.RecoveryServices/Vaults/read A operação Obter cofre obtém um objeto que representa o recurso do Azure do tipo 'cofre'The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft. recoveryservices/Vaults/registeredIdentities/operationResults/ReadMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read A operação Obter resultados da operação pode ser usada para obter o status da operação e o resultado da operação enviada de forma assíncronaThe Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft. recoveryservices/Vaults/registeredIdentities/ReadMicrosoft.RecoveryServices/Vaults/registeredIdentities/read A operação Obter contêineres pode ser usada para obter os contêineres registrados para um recurso.The Get Containers operation can be used get the containers registered for a resource.
Microsoft. recoveryservices/Vaults/backupstorageconfig/ReadMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read Retornar cofre de armazenamento para o cofre dos Serviços de Recuperação.Returns Storage Configuration for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/BackupConfig/ReadMicrosoft.RecoveryServices/Vaults/backupconfig/read Retornar a configuração para cofre dos Serviços de Recuperação.Returns Configuration for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/backupOperations/ReadMicrosoft.RecoveryServices/Vaults/backupOperations/read Retornar o status da operação de backup para o cofre dos Serviços de Recuperação.Returns Backup Operation Status for Recovery Services Vault.
Microsoft. recoveryservices/Vaults/backupPolicies/Operations/ReadMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read Obter o status da operação de política.Get Status of Policy Operation.
Microsoft. recoveryservices/Vaults/backupEngines/ReadMicrosoft.RecoveryServices/Vaults/backupEngines/read Retornar todos os servidores de gerenciamento de backup registrados com cofre.Returns all the backup management servers registered with vault.
Microsoft. recoveryservices/Vaults/backupFabrics/backupProtectionIntent/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read Obter uma Intenção de Proteção de backupGet a backup Protection Intent
Microsoft. recoveryservices/Vaults/backupFabrics/protectionContainers/Items/ReadMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read Obter todos os itens em um contêinerGet all items in a container
Microsoft. recoveryservices/Locations/backupStatus/ActionMicrosoft.RecoveryServices/locations/backupStatus/action Verificar o status de backup para os Cofres dos Serviços de RecuperaçãoCheck Backup Status for Recovery Services Vaults
Microsoft. recoveryservices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft. recoveryservices/Vaults/monitoringAlerts/WriteMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write Resolver o alerta.Resolves the alert.
Microsoft. recoveryservices/Operations/ReadMicrosoft.RecoveryServices/operations/read Operação retorna a lista de operações para um provedor de recursosOperation returns the list of Operations for a Resource Provider
Microsoft. recoveryservices/Locations/operationStatus/ReadMicrosoft.RecoveryServices/locations/operationStatus/read Obtém o Status da operação para uma determinada operaçãoGets Operation Status for a given Operation
Microsoft. recoveryservices/Vaults/backupProtectionIntents/ReadMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read Listar todas as Intenções de Proteção de backupList all backup Protection Intents
Microsoft. recoveryservices/Vaults/Usages/ReadMicrosoft.RecoveryServices/Vaults/usages/read Retornar os detalhes de uso para um cofre dos Serviços de Recuperação.Returns usage details for a Recovery Services Vault.
Microsoft. recoveryservices/Locations/backupValidateFeatures/ActionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action Validar recursosValidate Features
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador da conta de armazenamento clássicaClassic Storage Account Contributor

Permite que você gerencie contas de armazenamento clássico, mas não acessá-las.Lets you manage classic storage accounts, but not access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* Criar e gerenciar contas de armazenamentoCreate and manage storage accounts
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Função do Serviço de Operador da Chave da Conta de Armazenamento ClássicaClassic Storage Account Key Operator Service Role

Os operadores de chave de conta de armazenamento clássico têm permissão para listar e regenerar chaves em contas de armazenamento clássicas saiba maisClassic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts Learn more

AçõesActions DescriçãoDescription
Microsoft. ClassicStorage/storageAccounts/listkeys/ActionMicrosoft.ClassicStorage/storageAccounts/listkeys/action Listar as chaves de acesso das contas de armazenamento.Lists the access keys for the storage accounts.
Microsoft. ClassicStorage/storageAccounts/regeneratekey/ActionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action Regenera as chaves de acesso existentes da conta de armazenamento.Regenerates the existing access keys for the storage account.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Data BoxData Box Contributor

Permite que você gerencie tudo sob o serviço Data Box exceto fornecer acesso a outras pessoas.Lets you manage everything under Data Box Service except giving access to others. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. Data Box/*Microsoft.Databox/*
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor do Data BoxData Box Reader

Permite que você gerencie o serviço do Azure Data Box, exceto a ordem de criação ou edição de detalhes do pedido e fornecer acesso a outras pessoas.Lets you manage Data Box Service except creating order or editing order details and giving access to others. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. Data Box/*/ReadMicrosoft.Databox/*/read
Microsoft. Data Box/Jobs/listsecrets/ActionMicrosoft.Databox/jobs/listsecrets/action
Microsoft. Data Box/Jobs/listcredentials/ActionMicrosoft.Databox/jobs/listcredentials/action Lista as credenciais não criptografadas relacionadas ao pedido.Lists the unencrypted credentials related to the order.
Microsoft. Data Box/Locations/availableSkus/ActionMicrosoft.Databox/locations/availableSkus/action Este método retorna a lista de SKUs disponíveis.This method returns the list of available skus.
Microsoft. Data Box/Locations/validateInputs/ActionMicrosoft.Databox/locations/validateInputs/action Este método faz todos os tipos de validações.This method does all type of validations.
Microsoft. Data Box/Locations/regionConfiguration/ActionMicrosoft.Databox/locations/regionConfiguration/action Este método retorna as configurações da região.This method returns the configurations for the region.
Microsoft. Data Box/Locations/validateAddress/ActionMicrosoft.Databox/locations/validateAddress/action Validará o endereço de entrega e fornecerá endereços alternativos, se houver algum.Validates the shipping address and provides alternate addresses if any.
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Desenvolvedor do Data Lake AnalyticsData Lake Analytics Developer

Permite enviar, monitorar e gerenciar seus próprios trabalhos, mas não criar nem excluir contas do Data Lake Analytics.Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft. DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft. DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete Excluir uma conta DataLakeAnalytics.Delete a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/TakeOwnership/ActionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action Conceder permissões para cancelar trabalhos enviados por outros usuários.Grant permissions to cancel jobs submitted by other users.
Microsoft. DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write Criar ou atualizar uma conta DataLakeAnalytics.Create or update a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write Criar ou atualizar uma conta DataLakeStore vinculada de uma conta DataLakeAnalytics.Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete Desvincular uma conta do Data Lake Store de uma conta do Data Lake Analytics.Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write Criar ou atualizar uma conta de armazenamento vinculada de uma conta DataLakeAnalytics.Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete Desvincular uma conta de armazenamento de uma conta DataLakeAnalytics.Unlink a Storage account from a DataLakeAnalytics account.
Microsoft. DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write Criar ou atualizar uma regra de firewall.Create or update a firewall rule.
Microsoft. DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete Excluir uma regra de firewall.Delete a firewall rule.
Microsoft. DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write Criar ou atualizar uma política de computação.Create or update a compute policy.
Microsoft. DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete Excluir uma política de computação.Delete a compute policy.
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Acesso a Dados e LeitorReader and Data Access

Permite que você exiba tudo, mas não permitirá que exclua ou crie uma conta de armazenamento ou um recurso contido.Lets you view everything but will not let you delete or create a storage account or contained resource. Ele também permitirá o acesso de leitura/gravação a todos os dados contidos em uma conta de armazenamento por meio de acesso às chaves de conta de armazenamento.It will also allow read/write access to all data contained in a storage account via access to storage account keys.

AçõesActions DescriçãoDescription
/StorageAccounts/listKeys/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/listKeys/action Retornar as chaves de acesso da conta de armazenamento especificada.Returns the access keys for the specified storage account.
/StorageAccounts/ListAccountSas/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/ListAccountSas/action Retornar o token SAS da conta para a conta de armazenamento especificada.Returns the Account SAS token for the specified storage account.
/StorageAccounts/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/read Retornar a lista de contas de armazenamento ou obter as propriedades da conta de armazenamento especificada.Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador da Conta de ArmazenamentoStorage Account Contributor

Permite o gerenciamento de contas de armazenamento.Permits management of storage accounts. Fornece acesso à chave de conta, que pode ser usada para acessar dados por meio de autorização de chave compartilhada.Provides access to the account key, which can be used to access data via Shared Key authorization. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Criar, atualizar ou ler a configuração de diagnóstico do Analysis ServerCreates, updates, or reads the diagnostic setting for Analysis Server
/VirtualNetworks/Subnets/joinViaServiceEndpoint/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Adicionar recursos como conta de armazenamento ou banco de dados SQL a uma sub-rede.Joins resource such as storage account or SQL database to a subnet. Não é possível alertá-lo.Not alertable.
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* Criar e gerenciar contas de armazenamentoCreate and manage storage accounts
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Função do Serviço de Operador da Chave da Conta de ArmazenamentoStorage Account Key Operator Service Role

Permite listar e regenerar chaves de acesso da conta de armazenamento.Permits listing and regenerating storage account access keys. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/listkeys/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/listkeys/action Retornar as chaves de acesso da conta de armazenamento especificada.Returns the access keys for the specified storage account.
/StorageAccounts/regeneratekey/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/regeneratekey/action Regenerar as chaves de acesso da conta de armazenamento especificada.Regenerates the access keys for the specified storage account.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de dados de blob de armazenamentoStorage Blob Data Contributor

Ler, gravar e excluir contêineres e blobs de Armazenamento do Azure.Read, write, and delete Azure Storage containers and blobs. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/blobServices/containers/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/delete Excluir um contêiner.Delete a container.
/StorageAccounts/blobServices/containers/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/read Retornar um contêiner ou uma lista de contêineres.Return a container or a list of containers.
/StorageAccounts/blobServices/containers/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/write Modificar os metadados ou as propriedades de um contêiner.Modify a container's metadata or properties.
/StorageAccounts/blobServices/generateUserDelegationKey/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retorna uma chave de delegação de usuário para o serviço Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/blobServices/containers/BLOBs/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete Excluir um blob.Delete a blob.
/StorageAccounts/blobServices/containers/BLOBs/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retornar um blob ou uma lista de blobs.Return a blob or a list of blobs.
/StorageAccounts/blobServices/containers/BLOBs/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write Gravar em um blob.Write to a blob.
/StorageAccounts/blobServices/containers/BLOBs/move/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action Move o blob de um caminho para outroMoves the blob from one path to another
/StorageAccounts/blobServices/containers/BLOBs/Add/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/add/action Retorna o resultado da adição de conteúdo do blobReturns the result of adding blob content
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Proprietário de Dados do Blob de ArmazenamentoStorage Blob Data Owner

Fornece acesso completo aos dados e contêineres de blob do Armazenamento do Azure, incluindo a atribuição de controle de acesso POSIX.Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* Permissões completas em contêineres.Full permissions on containers.
/StorageAccounts/blobServices/generateUserDelegationKey/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retorna uma chave de delegação de usuário para o serviço Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. Storage/storageAccounts/blobServices/containers/BLOBs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Permissões completas em blobs.Full permissions on blobs.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de Dados do Blob de ArmazenamentoStorage Blob Data Reader

Leia e liste contêineres e blobs do Armazenamento do Azure.Read and list Azure Storage containers and blobs. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/blobServices/containers/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/read Retornar um contêiner ou uma lista de contêineres.Return a container or a list of containers.
/StorageAccounts/blobServices/generateUserDelegationKey/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retorna uma chave de delegação de usuário para o serviço Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/blobServices/containers/BLOBs/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read Retornar um blob ou uma lista de blobs.Return a blob or a list of blobs.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Delegador do Blob de ArmazenamentoStorage Blob Delegator

Obtenha uma chave de delegação de usuário, que pode ser usada para criar uma assinatura de acesso compartilhado para um contêiner ou blob que é assinado com as credenciais do Azure AD.Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. Para obter mais informações, consulte Criar uma SAS de delegação de usuário.For more information, see Create a user delegation SAS. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/blobServices/generateUserDelegationKey/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action Retorna uma chave de delegação de usuário para o serviço Blob.Returns a user delegation key for the Blob service.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Compartilhamento SMB de Dados do Arquivo de ArmazenamentoStorage File Data SMB Share Contributor

Permite o acesso de leitura, gravação e exclusão em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read, write, and delete access on files/directories in Azure file shares. Essa função não tem equivalente interno nos servidores de arquivos do Windows.This role has no built-in equivalent on Windows file servers. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/fileServices/fileshares/files/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retorna um arquivo, uma pasta ou uma lista de arquivos/pastas.Returns a file/folder or a list of files/folders.
/StorageAccounts/fileServices/fileshares/files/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retorna o resultado da gravação em um arquivo ou da criação de uma pasta.Returns the result of writing a file or creating a folder.
/StorageAccounts/fileServices/fileshares/files/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retorna o resultado da exclusão de um arquivo ou uma pasta.Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador elevado de compartilhamento SMB de dados de arquivo de armazenamentoStorage File Data SMB Share Elevated Contributor

Permite ler, gravar, excluir e modificar ACLs em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. Essa função é equivalente a uma ACL de compartilhamento de arquivos de alteração em servidores de arquivos do Windows.This role is equivalent to a file share ACL of change on Windows file servers. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/fileServices/fileshares/files/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retorna um arquivo, uma pasta ou uma lista de arquivos/pastas.Returns a file/folder or a list of files/folders.
/StorageAccounts/fileServices/fileshares/files/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write Retorna o resultado da gravação em um arquivo ou da criação de uma pasta.Returns the result of writing a file or creating a folder.
/StorageAccounts/fileServices/fileshares/files/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete Retorna o resultado da exclusão de um arquivo ou uma pasta.Returns the result of deleting a file/folder.
/StorageAccounts/fileServices/fileshares/files/modifypermissions/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action Retorna o resultado da modificação da permissão em um arquivo ou uma pasta.Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de Compartilhamento SMB de Dados do Arquivo de ArmazenamentoStorage File Data SMB Share Reader

Permite acesso de leitura em arquivos/diretórios nos compartilhamentos de arquivos do Azure.Allows for read access on files/directories in Azure file shares. Essa função é equivalente a uma ACL de compartilhamento de arquivos de leitura em servidores de arquivos do Windows.This role is equivalent to a file share ACL of read on Windows file servers. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/fileServices/fileshares/files/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read Retorna um arquivo, uma pasta ou uma lista de arquivos/pastas.Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Dados da Fila de ArmazenamentoStorage Queue Data Contributor

Lê, grava e exclui filas do Armazenamento do Azure e mensagens da fila.Read, write, and delete Azure Storage queues and queue messages. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/queueServices/Queues/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/delete Excluir uma fila.Delete a queue.
/StorageAccounts/queueServices/Queues/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/read Retornar uma fila ou uma lista de filas.Return a queue or a list of queues.
/StorageAccounts/queueServices/Queues/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/write Modificar metadados ou propriedades da fila.Modify queue metadata or properties.
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/queueServices/Queues/messages/Delete Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete Excluir uma ou mais mensagens de uma fila.Delete one or more messages from a queue.
/StorageAccounts/queueServices/Queues/messages/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Espiar ou recuperar uma ou mais mensagens de uma fila.Peek or retrieve one or more messages from a queue.
/StorageAccounts/queueServices/Queues/messages/Write Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write Adicionar uma mensagem a uma fila.Add a message to a queue.
/StorageAccounts/queueServices/Queues/messages/Process/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Retorna o resultado do processamento de uma mensagemReturns the result of processing a message
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Processador de Mensagens de Dados da Fila de ArmazenamentoStorage Queue Data Message Processor

Espia, recupera e exclui uma mensagem de uma fila de armazenamento do Azure.Peek, retrieve, and delete a message from an Azure Storage queue. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/queueServices/Queues/messages/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Espiar uma mensagem.Peek a message.
/StorageAccounts/queueServices/Queues/messages/Process/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action Recuperar e excluir uma mensagem.Retrieve and delete a message.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Remetente da Mensagem de Dados da Fila de ArmazenamentoStorage Queue Data Message Sender

Adiciona mensagens a uma fila de Armazenamento do Azure.Add messages to an Azure Storage queue. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/queueServices/Queues/messages/Add/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action Adicionar uma mensagem a uma fila.Add a message to a queue.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de Dados da Fila de ArmazenamentoStorage Queue Data Reader

Lê e lista as filas do armazenamento do Azure e as mensagens da fila.Read and list Azure Storage queues and queue messages. Para saber quais ações são necessárias para uma determinada operação de dados, consulte Permissões para chamar blob e operações de dados de fila.To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. Saiba maisLearn more

AçõesActions DescriçãoDescription
/StorageAccounts/queueServices/Queues/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/read Retornar uma fila ou uma lista de filas.Returns a queue or a list of queues.
NotActionsNotActions
nenhumnone
DataActionsDataActions
/StorageAccounts/queueServices/Queues/messages/Read Microsoft. StorageMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read Espiar ou recuperar uma ou mais mensagens de uma fila.Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Colaborador de dados do Azure MapsAzure Maps Data Contributor

Concede acesso ao acesso de leitura, gravação e exclusão para mapear dados relacionados de uma conta do Azure Maps.Grants access to read, write, and delete access to map related data from an Azure maps account. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. Maps/accounts/*/ReadMicrosoft.Maps/accounts/*/read
Microsoft. Maps/accounts/*/WriteMicrosoft.Maps/accounts/*/write
Microsoft. Maps/accounts/*/DeleteMicrosoft.Maps/accounts/*/delete
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read, write, and delete access to map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "name": "8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read",
        "Microsoft.Maps/accounts/*/write",
        "Microsoft.Maps/accounts/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de Dados do Azure MapasAzure Maps Data Reader

Concede acesso para ler dados relacionados ao mapa de uma conta do Azure Mapas.Grants access to read map related data from an Azure maps account. Saiba maisLearn more

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. Maps/accounts/*/ReadMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Serviço de PesquisaSearch Service Contributor

Permite gerenciar serviços de pesquisa, mas não acessá-las.Lets you manage Search services, but not access to them. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. Search/searchServices/*Microsoft.Search/searchServices/* Criar e gerenciar serviços de pesquisaCreate and manage search services
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de AccessKey do signalrSignalR AccessKey Reader

Ler chaves de acesso do serviço SignalrRead SignalR Service Access Keys

AçõesActions DescriçãoDescription
Microsoft. SignalRService/*/ReadMicrosoft.SignalRService/*/read
Microsoft. SignalRService/SignalR/listkeys/ActionMicrosoft.SignalRService/SignalR/listkeys/action Exibe o valor das chaves de acesso do SignalR no portal de gerenciamento ou por meio da APIView the value of SignalR access keys in the management portal or through API
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read SignalR Service Access Keys",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e",
  "name": "04165923-9d83-45d5-8227-78b77b0a687e",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*/read",
        "Microsoft.SignalRService/SignalR/listkeys/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR AccessKey Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Servidor de aplicativo signalr (visualização)SignalR App Server (Preview)

Permite que o servidor de aplicativos acesse o serviço de Signaler com opções de autenticação do AAD.Lets your app server access SignalR Service with AAD auth options.

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. SignalRService/SignalR/auth/AccessKey/ActionMicrosoft.SignalRService/SignalR/auth/accessKey/action Gere um AccessKey temporário para a assinatura de ClientTokens.Generate a temporary AccessKey for signing ClientTokens.
Microsoft. SignalRService/SignalR/serverConnection/WriteMicrosoft.SignalRService/SignalR/serverConnection/write Inicie uma conexão de servidor.Start a server connection.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app server access SignalR Service with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7",
  "name": "420fcaa2-552c-430f-98ca-3264be4806c7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/accessKey/action",
        "Microsoft.SignalRService/SignalR/serverConnection/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR App Server (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do signalrSignalR Contributor

Criar, ler, atualizar e excluir recursos do serviço SignalrCreate, Read, Update, and Delete SignalR service resources

AçõesActions DescriçãoDescription
Microsoft. SignalRService/*Microsoft.SignalRService/*
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete SignalR service resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "name": "8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761",
  "permissions": [
    {
      "actions": [
        "Microsoft.SignalRService/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador sem servidor do signalr (versão prévia)SignalR Serverless Contributor (Preview)

Permite que seu aplicativo acesse o serviço no modo sem servidor com opções de autenticação do AAD.Lets your app access service in serverless mode with AAD auth options.

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. SignalRService/SignalR/auth/clientToken/ActionMicrosoft.SignalRService/SignalR/auth/clientToken/action Gere um ClientToken para iniciar uma conexão de cliente.Generate a ClientToken for starting a client connection.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets your app access service in serverless mode with AAD auth options.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521",
  "name": "fd53cd77-2268-407a-8f46-7e7863d0f521",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/auth/clientToken/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Serverless Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Proprietário do serviço signalr (versão prévia)SignalR Service Owner (Preview)

Acesso completo às APIs REST do serviço de Signaler do AzureFull access to Azure SignalR Service REST APIs

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. SignalRService/SignalR/Hub/Send/ActionMicrosoft.SignalRService/SignalR/hub/send/action Transmita mensagens para todas as conexões de cliente no Hub.Broadcast messages to all client connections in hub.
Microsoft. SignalRService/SignalR/Group/Send/ActionMicrosoft.SignalRService/SignalR/group/send/action Transmitir mensagem para o grupo.Broadcast message to group.
Microsoft. SignalRService/SignalR/Group/ReadMicrosoft.SignalRService/SignalR/group/read Verifique a existência do grupo ou a existência do usuário no grupo.Check group existence or user existence in group.
Microsoft. SignalRService/SignalR/Group/WriteMicrosoft.SignalRService/SignalR/group/write Grupo de junção/saída.Join / Leave group.
Microsoft. SignalRService/SignalR/clientConnection/Send/ActionMicrosoft.SignalRService/SignalR/clientConnection/send/action Enviar mensagens diretamente para uma conexão de cliente.Send messages directly to a client connection.
Microsoft. SignalRService/SignalR/clientConnection/ReadMicrosoft.SignalRService/SignalR/clientConnection/read Verifique a existência da conexão do cliente.Check client connection existence.
Microsoft. SignalRService/SignalR/clientConnection/WriteMicrosoft.SignalRService/SignalR/clientConnection/write Feche a conexão do cliente.Close client connection.
Microsoft. SignalRService/SignalR/User/Send/ActionMicrosoft.SignalRService/SignalR/user/send/action Envie mensagens para o usuário, que podem consistir em várias conexões de cliente.Send messages to user, who may consist of multiple client connections.
Microsoft. SignalRService/SignalR/User/ReadMicrosoft.SignalRService/SignalR/user/read Verifique a existência do usuário.Check user existence.
Microsoft. SignalRService/SignalR/User/WriteMicrosoft.SignalRService/SignalR/user/write
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "name": "7e4f1700-ea5a-4f59-8f37-079cfe29dce3",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/hub/send/action",
        "Microsoft.SignalRService/SignalR/group/send/action",
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/group/write",
        "Microsoft.SignalRService/SignalR/clientConnection/send/action",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/clientConnection/write",
        "Microsoft.SignalRService/SignalR/user/send/action",
        "Microsoft.SignalRService/SignalR/user/read",
        "Microsoft.SignalRService/SignalR/user/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Owner (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de serviço do signalr (visualização)SignalR Service Reader (Preview)

Acesso somente leitura às APIs REST do serviço de Signaler do AzureRead-only access to Azure SignalR Service REST APIs

AçõesActions DescriçãoDescription
nenhumnone
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. SignalRService/SignalR/Group/ReadMicrosoft.SignalRService/SignalR/group/read Verifique a existência do grupo ou a existência do usuário no grupo.Check group existence or user existence in group.
Microsoft. SignalRService/SignalR/clientConnection/ReadMicrosoft.SignalRService/SignalR/clientConnection/read Verifique a existência da conexão do cliente.Check client connection existence.
Microsoft. SignalRService/SignalR/User/ReadMicrosoft.SignalRService/SignalR/user/read Verifique a existência do usuário.Check user existence.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to Azure SignalR Service REST APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035",
  "name": "ddde6b66-c0df-4114-a159-3618637b3035",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.SignalRService/SignalR/group/read",
        "Microsoft.SignalRService/SignalR/clientConnection/read",
        "Microsoft.SignalRService/SignalR/user/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "SignalR Service Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Plano de WebWeb Plan Contributor

Permite gerenciar os planos da Web para sites, mas não o acesso a eles.Lets you manage the web plans for websites, but not access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. Web/serverFarms/*Microsoft.Web/serverFarms/* Criar e gerenciar farms de servidoresCreate and manage server farms
/HostingEnvironments/Join/Action Microsoft. WebMicrosoft.Web/hostingEnvironments/Join/Action Unir um Ambiente do Serviço de AplicativoJoins an App Service Environment
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do SiteWebsite Contributor

Permite gerenciar sites (não planos da Web), mas não acessá-los.Lets you manage websites (not web plans), but not access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. insights/Components/*Microsoft.Insights/components/* Criar e gerenciar componentes do InsightsCreate and manage Insights components
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. Web/Certificates/*Microsoft.Web/certificates/* Criar e gerenciar certificados de site da WebCreate and manage website certificates
/ListSitesAssignedToHostName/Read Microsoft. WebMicrosoft.Web/listSitesAssignedToHostName/read Obter nomes dos sites atribuídos ao nome de host.Get names of sites assigned to hostname.
/ServerFarms/Join/Action Microsoft. WebMicrosoft.Web/serverFarms/join/action Une um plano do serviço de aplicativoJoins an App Service Plan
/ServerFarms/Read Microsoft. WebMicrosoft.Web/serverFarms/read Obter as propriedades em um Plano do Serviço de AplicativoGet the properties on an App Service Plan
Microsoft. Web/sites/*Microsoft.Web/sites/* Criar e gerenciar sites (a criação de sites também requer permissões de gravação para o Plano do Serviço de Aplicativo associado)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

ContêineresContainers

AcrDeleteAcrDelete

exclusão de ACR saiba maisacr delete Learn more

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/Artifacts/DeleteMicrosoft.ContainerRegistry/registries/artifacts/delete Excluir o artefato em um registro de contêiner.Delete artifact in a container registry.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

signatário de imagem ACR saiba maisacr image signer Learn more

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/Sign/WriteMicrosoft.ContainerRegistry/registries/sign/write Efetuar push/pull de metadados de conteúdo confiável para um registro de contêiner.Push/Pull content trust metadata for a container registry.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

extração de ACR saiba maisacr pull Learn more

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/pull/ReadMicrosoft.ContainerRegistry/registries/pull/read Efetuar pull ou Obter imagens de um registro de contêiner.Pull or Get images from a container registry.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

Informações sobre o ACR Push saiba maisacr push Learn more

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/pull/ReadMicrosoft.ContainerRegistry/registries/pull/read Efetuar pull ou Obter imagens de um registro de contêiner.Pull or Get images from a container registry.
Microsoft. ContainerRegistry/Registries/Push/WriteMicrosoft.ContainerRegistry/registries/push/write Efetuar push ou Gravar imagens para um registro de contêiner.Push or Write images to a container registry.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

leitor de dados de quarentena acracr quarantine data reader

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/Quarantine/ReadMicrosoft.ContainerRegistry/registries/quarantine/read Efetuar pull ou Obter imagens em quarentena do registro de contêinerPull or Get quarantined images from container registry
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

gravador de dados de quarentena acracr quarantine data writer

AçõesActions DescriçãoDescription
Microsoft. ContainerRegistry/Registries/Quarantine/ReadMicrosoft.ContainerRegistry/registries/quarantine/read Efetuar pull ou Obter imagens em quarentena do registro de contêinerPull or Get quarantined images from container registry
Microsoft. ContainerRegistry/Registries/Quarantine/WriteMicrosoft.ContainerRegistry/registries/quarantine/write Gravar/Modificar o estado de quarentena das imagens em quarentenaWrite/Modify quarantine state of quarantined images
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Função de Administrador do Cluster do Serviço de Kubernetes do AzureAzure Kubernetes Service Cluster Admin Role

Liste a ação de credencial de administrador de cluster.List cluster admin credential action. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. ContainerService/managedClusters/listClusterAdminCredential/ActionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action Listar a credencial clusterAdmin de um cluster gerenciadoList the clusterAdmin credential of a managed cluster
Microsoft. ContainerService/managedClusters/accessProfiles/listCredential/ActionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action Obtém um perfil de acesso do cluster gerenciado por nome de função usando a credencial de listaGet a managed cluster access profile by role name using list credential
Microsoft. ContainerService/managedClusters/ReadMicrosoft.ContainerService/managedClusters/read Obtém um cluster gerenciadoGet a managed cluster
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Função de Usuário do Cluster do Serviço de Kubernetes do AzureAzure Kubernetes Service Cluster User Role

Liste a ação de credencial de usuário de cluster.List cluster user credential action. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. ContainerService/managedClusters/listClusterUserCredential/ActionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listar a credencial clusterUser de um cluster gerenciadoList the clusterUser credential of a managed cluster
Microsoft. ContainerService/managedClusters/ReadMicrosoft.ContainerService/managedClusters/read Obtém um cluster gerenciadoGet a managed cluster
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action",
        "Microsoft.ContainerService/managedClusters/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Função colaborador do serviço kubernetes do AzureAzure Kubernetes Service Contributor Role

Concede acesso para ler e gravar clusters do serviço kubernetes do Azure saiba maisGrants access to read and write Azure Kubernetes Service clusters Learn more

AçõesActions DescriçãoDescription
Microsoft. ContainerService/managedClusters/ReadMicrosoft.ContainerService/managedClusters/read Obtém um cluster gerenciadoGet a managed cluster
Microsoft. ContainerService/managedClusters/WriteMicrosoft.ContainerService/managedClusters/write Cria um novo cluster gerenciado ou atualiza um existenteCreates a new managed cluster or updates an existing one
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read and write Azure Kubernetes Service clusters",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "name": "ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/read",
        "Microsoft.ContainerService/managedClusters/write",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Admin

Permite que você gerencie todos os recursos em cluster/namespace, exceto atualizar ou excluir cotas de recursos e namespaces.Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Deployments/Write Microsoft. ResourcesMicrosoft.Resources/deployments/write Criar ou atualizar uma implantação.Creates or updates an deployment.
/Subscriptions/operationresults/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/operationresults/read Obter os resultados da operação da assinatura.Get the subscription operation results.
/Subscriptions/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/read Obter a lista de assinaturas.Gets the list of subscriptions.
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. ContainerService/managedClusters/listClusterUserCredential/ActionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listar a credencial clusterUser de um cluster gerenciadoList the clusterUser credential of a managed cluster
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
Microsoft. ContainerService/managedClusters/resourcequotas/WriteMicrosoft.ContainerService/managedClusters/resourcequotas/write Grava resourcequotasWrites resourcequotas
Microsoft. ContainerService/managedClusters/resourcequotas/DeleteMicrosoft.ContainerService/managedClusters/resourcequotas/delete Exclui resourcequotasDeletes resourcequotas
Microsoft. ContainerService/managedClusters/namespaces/WriteMicrosoft.ContainerService/managedClusters/namespaces/write Grava namespacesWrites namespaces
Microsoft. ContainerService/managedClusters/namespaces/DeleteMicrosoft.ContainerService/managedClusters/namespaces/delete Exclui namespacesDeletes namespaces
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources under cluster/namespace, except update or delete resource quotas and namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7",
  "name": "3498e952-d568-435e-9b2c-8d77e338d7f7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": [
        "Microsoft.ContainerService/managedClusters/resourcequotas/write",
        "Microsoft.ContainerService/managedClusters/resourcequotas/delete",
        "Microsoft.ContainerService/managedClusters/namespaces/write",
        "Microsoft.ContainerService/managedClusters/namespaces/delete"
      ]
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de cluster do RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Cluster Admin

Permite que você gerencie todos os recursos no cluster.Lets you manage all resources in the cluster. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Deployments/Write Microsoft. ResourcesMicrosoft.Resources/deployments/write Criar ou atualizar uma implantação.Creates or updates an deployment.
/Subscriptions/operationresults/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/operationresults/read Obter os resultados da operação da assinatura.Get the subscription operation results.
/Subscriptions/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/read Obter a lista de assinaturas.Gets the list of subscriptions.
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. ContainerService/managedClusters/listClusterUserCredential/ActionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action Listar a credencial clusterUser de um cluster gerenciadoList the clusterUser credential of a managed cluster
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. ContainerService/managedClusters/*Microsoft.ContainerService/managedClusters/*
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage all resources in the cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "name": "b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Cluster Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Reader

Permite acesso somente leitura para ver a maioria dos objetos em um namespace.Allows read-only access to see most objects in a namespace. Ele não permite a exibição de funções ou associações de função.It does not allow viewing roles or role bindings. Essa função não permite a exibição de segredos, pois a leitura do conteúdo de segredos permite o acesso a credenciais de uma conta no namespace, o que permitiria o acesso à API como qualquer uma das contas no namespace (uma forma de elevação de privilégio).This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). A aplicação dessa função no escopo do cluster fornecerá acesso em todos os namespaces.Applying this role at cluster scope will give access across all namespaces. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Deployments/Write Microsoft. ResourcesMicrosoft.Resources/deployments/write Criar ou atualizar uma implantação.Creates or updates an deployment.
/Subscriptions/operationresults/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/operationresults/read Obter os resultados da operação da assinatura.Get the subscription operation results.
/Subscriptions/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/read Obter a lista de assinaturas.Gets the list of subscriptions.
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. ContainerService/managedClusters/apps/controllerrevisions/ReadMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lê controllerrevisionsReads controllerrevisions
Microsoft. ContainerService/managedClusters/apps/daemonsets/ReadMicrosoft.ContainerService/managedClusters/apps/daemonsets/read Lê daemonsetsReads daemonsets
Microsoft. ContainerService/managedClusters/apps/Deployments/ReadMicrosoft.ContainerService/managedClusters/apps/deployments/read Lê implantaçõesReads deployments
Microsoft. ContainerService/managedClusters/apps/replicasets/ReadMicrosoft.ContainerService/managedClusters/apps/replicasets/read Lê replicasetsReads replicasets
Microsoft. ContainerService/managedClusters/apps/statefulsets/ReadMicrosoft.ContainerService/managedClusters/apps/statefulsets/read Lê statefulsetsReads statefulsets
Microsoft. ContainerService/managedClusters/AutoScaling/horizontalpodautoscalers/ReadMicrosoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read Lê horizontalpodautoscalersReads horizontalpodautoscalers
Microsoft. ContainerService/managedClusters/batch/cronjobs/ReadMicrosoft.ContainerService/managedClusters/batch/cronjobs/read Lê cronjobsReads cronjobs
Microsoft. ContainerService/managedClusters/batch/Jobs/ReadMicrosoft.ContainerService/managedClusters/batch/jobs/read Lê os trabalhosReads jobs
Microsoft. ContainerService/managedClusters/configmaps/ReadMicrosoft.ContainerService/managedClusters/configmaps/read Lê configmapsReads configmaps
Microsoft. ContainerService/managedClusters/Endpoints/ReadMicrosoft.ContainerService/managedClusters/endpoints/read Lê pontos de extremidadeReads endpoints
Microsoft. ContainerService/managedClusters/Events.K8S.Io/Events/ReadMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lê eventosReads events
Microsoft. ContainerService/managedClusters/Events/ReadMicrosoft.ContainerService/managedClusters/events/read Lê eventosReads events
Microsoft. ContainerService/managedClusters/Extensions/daemonsets/ReadMicrosoft.ContainerService/managedClusters/extensions/daemonsets/read Lê daemonsetsReads daemonsets
Microsoft. ContainerService/managedClusters/Extensions/Deployments/ReadMicrosoft.ContainerService/managedClusters/extensions/deployments/read Lê implantaçõesReads deployments
Microsoft. ContainerService/managedClusters/Extensions/ingresses/ReadMicrosoft.ContainerService/managedClusters/extensions/ingresses/read Lê insereReads ingresses
Microsoft. ContainerService/managedClusters/Extensions/networkpolicies/ReadMicrosoft.ContainerService/managedClusters/extensions/networkpolicies/read Lê networkpoliciesReads networkpolicies
Microsoft. ContainerService/managedClusters/Extensions/replicasets/ReadMicrosoft.ContainerService/managedClusters/extensions/replicasets/read Lê replicasetsReads replicasets
Microsoft. ContainerService/managedClusters/limitranges/ReadMicrosoft.ContainerService/managedClusters/limitranges/read Lê limitrangesReads limitranges
Microsoft. ContainerService/managedClusters/namespaces/ReadMicrosoft.ContainerService/managedClusters/namespaces/read Lê namespacesReads namespaces
Microsoft. ContainerService/managedClusters/Networking.K8S.Io/ingresses/ReadMicrosoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read Lê insereReads ingresses
Microsoft. ContainerService/managedClusters/Networking.K8S.Io/networkpolicies/ReadMicrosoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read Lê networkpoliciesReads networkpolicies
Microsoft. ContainerService/managedClusters/persistentvolumeclaims/ReadMicrosoft.ContainerService/managedClusters/persistentvolumeclaims/read Lê persistentvolumeclaimsReads persistentvolumeclaims
Microsoft. ContainerService/managedClusters/pods/ReadMicrosoft.ContainerService/managedClusters/pods/read Ler podsReads pods
Microsoft. ContainerService/managedClusters/Policy/poddisruptionbudgets/ReadMicrosoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read Lê poddisruptionbudgetsReads poddisruptionbudgets
Microsoft. ContainerService/managedClusters/replicationcontrollers/ReadMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lê replicationcontrollersReads replicationcontrollers
Microsoft. ContainerService/managedClusters/replicationcontrollers/ReadMicrosoft.ContainerService/managedClusters/replicationcontrollers/read Lê replicationcontrollersReads replicationcontrollers
Microsoft. ContainerService/managedClusters/resourcequotas/ReadMicrosoft.ContainerService/managedClusters/resourcequotas/read Lê resourcequotasReads resourcequotas
Microsoft. ContainerService/managedClusters/serviceaccounts/ReadMicrosoft.ContainerService/managedClusters/serviceaccounts/read Lê as contasReads serviceaccounts
Microsoft. ContainerService/managedClusters/Services/ReadMicrosoft.ContainerService/managedClusters/services/read Lê serviçosReads services
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read-only access to see most objects in a namespace. It does not allow viewing roles or role bindings. This role does not allow viewing Secrets, since reading the contents of Secrets enables access to ServiceAccount credentials in the namespace, which would allow API access as any ServiceAccount in the namespace (a form of privilege escalation). Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "name": "7f6c6a51-bcf8-42ba-9220-52d62157d7db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/apps/deployments/read",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/read",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/read",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/read",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/read",
        "Microsoft.ContainerService/managedClusters/batch/jobs/read",
        "Microsoft.ContainerService/managedClusters/configmaps/read",
        "Microsoft.ContainerService/managedClusters/endpoints/read",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/read",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/read",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/read",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/read",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/read",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/read",
        "Microsoft.ContainerService/managedClusters/pods/read",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/read",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/read",
        "Microsoft.ContainerService/managedClusters/services/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gravador RBAC do serviço kubernetes do AzureAzure Kubernetes Service RBAC Writer

Permite acesso de leitura/gravação à maioria dos objetos em um namespace. Essa função não permite exibir ou modificar funções ou associações de função.Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. No entanto, essa função permite acessar segredos e executar pods como qualquer uma das contas no namespace, para que possa ser usada para obter os níveis de acesso de API de qualquer conta no namespace.However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. A aplicação dessa função no escopo do cluster fornecerá acesso em todos os namespaces.Applying this role at cluster scope will give access across all namespaces. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/Deployments/Write Microsoft. ResourcesMicrosoft.Resources/deployments/write Criar ou atualizar uma implantação.Creates or updates an deployment.
/Subscriptions/operationresults/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/operationresults/read Obter os resultados da operação da assinatura.Get the subscription operation results.
/Subscriptions/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/read Obter a lista de assinaturas.Gets the list of subscriptions.
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. ContainerService/managedClusters/apps/controllerrevisions/ReadMicrosoft.ContainerService/managedClusters/apps/controllerrevisions/read Lê controllerrevisionsReads controllerrevisions
Microsoft. ContainerService/managedClusters/apps/daemonsets/*Microsoft.ContainerService/managedClusters/apps/daemonsets/*
Microsoft. ContainerService/managedClusters/apps/Deployments/*Microsoft.ContainerService/managedClusters/apps/deployments/*
Microsoft. ContainerService/managedClusters/apps/replicasets/*Microsoft.ContainerService/managedClusters/apps/replicasets/*
Microsoft. ContainerService/managedClusters/apps/statefulsets/*Microsoft.ContainerService/managedClusters/apps/statefulsets/*
Microsoft. ContainerService/managedClusters/AutoScaling/horizontalpodautoscalers/*Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*
Microsoft. ContainerService/managedClusters/batch/cronjobs/*Microsoft.ContainerService/managedClusters/batch/cronjobs/*
Microsoft. ContainerService/managedClusters/batch/Jobs/*Microsoft.ContainerService/managedClusters/batch/jobs/*
Microsoft. ContainerService/managedClusters/configmaps/*Microsoft.ContainerService/managedClusters/configmaps/*
Microsoft. ContainerService/managedClusters/Endpoints/*Microsoft.ContainerService/managedClusters/endpoints/*
Microsoft. ContainerService/managedClusters/Events.K8S.Io/Events/ReadMicrosoft.ContainerService/managedClusters/events.k8s.io/events/read Lê eventosReads events
Microsoft. ContainerService/managedClusters/Events/ReadMicrosoft.ContainerService/managedClusters/events/read Lê eventosReads events
Microsoft. ContainerService/managedClusters/Extensions/daemonsets/*Microsoft.ContainerService/managedClusters/extensions/daemonsets/*
Microsoft. ContainerService/managedClusters/Extensions/Deployments/*Microsoft.ContainerService/managedClusters/extensions/deployments/*
Microsoft. ContainerService/managedClusters/Extensions/ingresses/*Microsoft.ContainerService/managedClusters/extensions/ingresses/*
Microsoft. ContainerService/managedClusters/Extensions/networkpolicies/*Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*
Microsoft. ContainerService/managedClusters/Extensions/replicasets/*Microsoft.ContainerService/managedClusters/extensions/replicasets/*
Microsoft. ContainerService/managedClusters/limitranges/ReadMicrosoft.ContainerService/managedClusters/limitranges/read Lê limitrangesReads limitranges
Microsoft. ContainerService/managedClusters/namespaces/ReadMicrosoft.ContainerService/managedClusters/namespaces/read Lê namespacesReads namespaces
Microsoft. ContainerService/managedClusters/Networking.K8S.Io/ingresses/*Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*
Microsoft. ContainerService/managedClusters/Networking.K8S.Io/networkpolicies/*Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*
Microsoft. ContainerService/managedClusters/persistentvolumeclaims/*Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*
Microsoft. ContainerService/managedClusters/pods/*Microsoft.ContainerService/managedClusters/pods/*
Microsoft. ContainerService/managedClusters/Policy/poddisruptionbudgets/*Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*
Microsoft. ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft. ContainerService/managedClusters/replicationcontrollers/*Microsoft.ContainerService/managedClusters/replicationcontrollers/*
Microsoft. ContainerService/managedClusters/resourcequotas/ReadMicrosoft.ContainerService/managedClusters/resourcequotas/read Lê resourcequotasReads resourcequotas
Microsoft. ContainerService/managedClusters/Secrets/*Microsoft.ContainerService/managedClusters/secrets/*
Microsoft. ContainerService/managedClusters/serviceaccounts/*Microsoft.ContainerService/managedClusters/serviceaccounts/*
Microsoft. ContainerService/managedClusters/Services/*Microsoft.ContainerService/managedClusters/services/*
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read/write access to most objects in a namespace.This role does not allow viewing or modifying roles or role bindings. However, this role allows accessing Secrets and running Pods as any ServiceAccount in the namespace, so it can be used to gain the API access levels of any ServiceAccount in the namespace. Applying this role at cluster scope will give access across all namespaces.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "name": "a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/write",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ContainerService/managedClusters/apps/controllerrevisions/read",
        "Microsoft.ContainerService/managedClusters/apps/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/apps/deployments/*",
        "Microsoft.ContainerService/managedClusters/apps/replicasets/*",
        "Microsoft.ContainerService/managedClusters/apps/statefulsets/*",
        "Microsoft.ContainerService/managedClusters/autoscaling/horizontalpodautoscalers/*",
        "Microsoft.ContainerService/managedClusters/batch/cronjobs/*",
        "Microsoft.ContainerService/managedClusters/batch/jobs/*",
        "Microsoft.ContainerService/managedClusters/configmaps/*",
        "Microsoft.ContainerService/managedClusters/endpoints/*",
        "Microsoft.ContainerService/managedClusters/events.k8s.io/events/read",
        "Microsoft.ContainerService/managedClusters/events/read",
        "Microsoft.ContainerService/managedClusters/extensions/daemonsets/*",
        "Microsoft.ContainerService/managedClusters/extensions/deployments/*",
        "Microsoft.ContainerService/managedClusters/extensions/ingresses/*",
        "Microsoft.ContainerService/managedClusters/extensions/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/extensions/replicasets/*",
        "Microsoft.ContainerService/managedClusters/limitranges/read",
        "Microsoft.ContainerService/managedClusters/namespaces/read",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/ingresses/*",
        "Microsoft.ContainerService/managedClusters/networking.k8s.io/networkpolicies/*",
        "Microsoft.ContainerService/managedClusters/persistentvolumeclaims/*",
        "Microsoft.ContainerService/managedClusters/pods/*",
        "Microsoft.ContainerService/managedClusters/policy/poddisruptionbudgets/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/replicationcontrollers/*",
        "Microsoft.ContainerService/managedClusters/resourcequotas/read",
        "Microsoft.ContainerService/managedClusters/secrets/*",
        "Microsoft.ContainerService/managedClusters/serviceaccounts/*",
        "Microsoft.ContainerService/managedClusters/services/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service RBAC Writer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Bancos de dadosDatabases

Função de leitor de conta do Cosmos DBCosmos DB Account Reader Role

Pode ler dados de contas do Azure Cosmos DB.Can read Azure Cosmos DB account data. Consulte Colaborador de conta do DocumentDB para gerenciar contas do Azure Cosmos DB.See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft.DocumentDB/*/ReadMicrosoft.DocumentDB/*/read Ler qualquer coleçãoRead any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/ActionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action Ler as chaves somente leitura da conta do banco de dados.Reads the database account readonly keys.
Microsoft. insights/MetricDefinitions/ReadMicrosoft.Insights/MetricDefinitions/read Ler definições de métricaRead metric definitions
Microsoft. insights/Metrics/ReadMicrosoft.Insights/Metrics/read Ler métricaRead metrics
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador do Cosmos DBCosmos DB Operator

Permite que você gerencie contas do Azure Cosmos DB, mas não acesse os dados nelas.Lets you manage Azure Cosmos DB accounts, but not access data in them. Impede o acesso a chaves de conta e cadeias de conexão.Prevents access to account keys and connection strings. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
/VirtualNetworks/Subnets/joinViaServiceEndpoint/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Adicionar recursos como conta de armazenamento ou banco de dados SQL a uma sub-rede.Joins resource such as storage account or SQL database to a subnet. Não é possível alertá-lo.Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/WriteMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write Criar ou atualizar uma definição de função SQLCreate or update a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/DeleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete Excluir uma definição de função SQLDelete a SQL Role Definition
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/WriteMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write Criar ou atualizar uma atribuição de função SQLCreate or update a SQL Role Assignment
Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/DeleteMicrosoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete Excluir uma atribuição de função SQLDelete a SQL Role Assignment
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleDefinitions/delete",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/write",
        "Microsoft.DocumentDB/databaseAccounts/sqlRoleAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

Pode enviar solicitação de restauração para um banco de dados Cosmos DB ou um contêiner para uma conta saiba maisCan submit restore request for a Cosmos DB database or a container for an account Learn more

AçõesActions DescriçãoDescription
Microsoft.DocumentDB/databaseAccounts/backup/ActionMicrosoft.DocumentDB/databaseAccounts/backup/action Envie uma solicitação para configurar o backupSubmit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/Restore/ActionMicrosoft.DocumentDB/databaseAccounts/restore/action Enviar uma solicitação de restauraçãoSubmit a restore request
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosRestoreOperatorCosmosRestoreOperator

É possível executar a ação de restauração para Cosmos DB conta de banco de dados com o modo de backup contínuoCan perform restore action for Cosmos DB database account with continuous backup mode

AçõesActions DescriçãoDescription
Microsoft.DocumentDB/Locations/restorableDatabaseAccounts/Restore/ActionMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action Enviar uma solicitação de restauraçãoSubmit a restore request
Microsoft.DocumentDB/Locations/restorableDatabaseAccounts/*/ReadMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/*/read
Microsoft.DocumentDB/Locations/restorableDatabaseAccounts/ReadMicrosoft.DocumentDB/locations/restorableDatabaseAccounts/read Ler uma conta de banco de dados restaurável ou listar todas as contas de banco de dados restauráveisRead a restorable database account or List all the restorable database accounts
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can perform restore action for Cosmos DB database account with continuous backup mode",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "name": "5432c526-bc82-444a-b7ba-57c5b0b5b34f",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/restore/action",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/*/read",
        "Microsoft.DocumentDB/locations/restorableDatabaseAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosRestoreOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador de Conta do DocumentDBDocumentDB Account Contributor

Pode gerenciar contas do Azure Cosmos DB.Can manage Azure Cosmos DB accounts. O Azure Cosmos DB era anteriormente conhecido como DocumentDB.Azure Cosmos DB is formerly known as DocumentDB. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* Criar e gerenciar contas do Azure Cosmos DBCreate and manage Azure Cosmos DB accounts
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
/VirtualNetworks/Subnets/joinViaServiceEndpoint/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Adicionar recursos como conta de armazenamento ou banco de dados SQL a uma sub-rede.Joins resource such as storage account or SQL database to a subnet. Não é possível alertá-lo.Not alertable.
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Cache RedisRedis Cache Contributor

Permite gerenciar caches Redis, mas não acessá-los.Lets you manage Redis caches, but not access to them.

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
/Register/Action Microsoft. cacheMicrosoft.Cache/register/action Registra o provedor de recursos 'Microsoft.Cache' com uma assinaturaRegisters the 'Microsoft.Cache' resource provider with a subscription
/Redis/ do Microsoft. cache*Microsoft.Cache/redis/* Criar e gerenciar caches RedisCreate and manage Redis caches
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/register/action",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do banco de dados SQLSQL DB Contributor

Permite gerenciar Bancos de Dados SQL, mas não acessá-los.Lets you manage SQL databases, but not access to them. Além disso, não é possível gerenciar as políticas relacionadas à segurança ou respectivos servidores SQL pai.Also, you can't manage their security-related policies or their parent SQL servers. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. SQL/Locations/*/ReadMicrosoft.Sql/locations/*/read
Microsoft. SQL/Servers/databases/*Microsoft.Sql/servers/databases/* Criar e gerenciar bancos de dados SQLCreate and manage SQL databases
/Servers/Read Microsoft. SQLMicrosoft.Sql/servers/read Retornar a lista de servidores ou obter as propriedades para o servidor especificado.Return the list of servers or gets the properties for the specified server.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. insights/Metrics/ReadMicrosoft.Insights/metrics/read Ler métricaRead metrics
Microsoft. insights/metricDefinitions/ReadMicrosoft.Insights/metricDefinitions/read Ler definições de métricaRead metric definitions
NotActionsNotActions
Microsoft. SQL/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft. SQL/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft. SQL/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft. SQL/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft. SQL/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Editar configurações de auditoriaEdit audit settings
/Servers/databases/auditRecords/Read Microsoft. SQLMicrosoft.Sql/servers/databases/auditRecords/read Recuperar os registros de auditoria do blob do banco de dadosRetrieve the database blob audit records
Microsoft. SQL/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft. SQL/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Editar políticas de mascaramento dos dadosEdit data masking policies
Microsoft. SQL/Servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft. SQL/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft. SQL/Servers/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft. SQL/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Editar políticas de alerta de segurançaEdit security alert policies
Microsoft. SQL/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Editar métricas de segurançaEdit security metrics
Microsoft. SQL/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft. SQL/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador da Instância Gerenciada do SQLSQL Managed Instance Contributor

Permite que você gerencie instâncias gerenciadas do SQL e a configuração de rede necessária, mas não pode conceder acesso a outras pessoas.Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

AçõesActions DescriçãoDescription
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft. Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft. SQL/Locations/*/ReadMicrosoft.Sql/locations/*/read
Microsoft. SQL/Locations/instanceFailoverGroups/*Microsoft.Sql/locations/instanceFailoverGroups/*
Microsoft. SQL/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. Network/virtualNetworks/Subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft. Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. insights/Metrics/ReadMicrosoft.Insights/metrics/read Ler métricaRead metrics
Microsoft. insights/metricDefinitions/ReadMicrosoft.Insights/metricDefinitions/read Ler definições de métricaRead metric definitions
NotActionsNotActions
/ManagedInstances/azureADOnlyAuthentications/Delete Microsoft. SQLMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/delete Exclui um servidor gerenciado específico Azure Active Directory somente o objeto de autenticaçãoDeletes a specific managed server Azure Active Directory only authentication object
/ManagedInstances/azureADOnlyAuthentications/Write Microsoft. SQLMicrosoft.Sql/managedInstances/azureADOnlyAuthentications/write Adiciona ou atualiza um servidor gerenciado específico Azure Active Directory apenas objeto de autenticaçãoAdds or updates a specific managed server Azure Active Directory only authentication object
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/locations/instanceFailoverGroups/*",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Gerenciador de Segurança do SQLSQL Security Manager

Permite você gerenciar as políticas relacionadas à segurança de servidores e bancos de dados SQL, mas não acessá-los.Lets you manage the security-related policies of SQL servers and databases, but not access to them. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
/VirtualNetworks/Subnets/joinViaServiceEndpoint/Action Microsoft. NetworkMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action Adicionar recursos como conta de armazenamento ou banco de dados SQL a uma sub-rede.Joins resource such as storage account or SQL database to a subnet. Não é possível alertá-lo.Not alertable.
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
/Locations/administratorAzureAsyncOperation/Read Microsoft. SQLMicrosoft.Sql/locations/administratorAzureAsyncOperation/read Obtém a instância gerenciada resultado de operações do administrador assíncrono do Azure.Gets the Managed instance azure async administrator operations result.
Microsoft. SQL/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft. SQL/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft. SQL/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft. SQL/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft. SQL/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft. SQL/Servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Criar e gerenciar a configuração de auditoria do servidor SQLCreate and manage SQL server auditing setting
/Servers/extendedAuditingSettings/Read Microsoft. SQLMicrosoft.Sql/servers/extendedAuditingSettings/read Recuperar detalhes da política de auditoria de blob de servidor estendida configurada em um determinado servidorRetrieve details of the extended server blob auditing policy configured on a given server
Microsoft. SQL/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Criar e gerenciar configurações de auditoria de banco de dados do servidor SQLCreate and manage SQL server database auditing settings
/Servers/databases/auditRecords/Read Microsoft. SQLMicrosoft.Sql/servers/databases/auditRecords/read Recuperar os registros de auditoria do blob do banco de dadosRetrieve the database blob audit records
Microsoft. SQL/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft. SQL/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Criar e gerenciar políticas de mascaramento de dados do banco de dados do servidor SQLCreate and manage SQL server database data masking policies
/Servers/databases/extendedAuditingSettings/Read Microsoft. SQLMicrosoft.Sql/servers/databases/extendedAuditingSettings/read Recuperar detalhes da política de auditoria de blob estendida configurada em um determinado banco de dadosRetrieve details of the extended blob auditing policy configured on a given database
/Servers/databases/Read Microsoft. SQLMicrosoft.Sql/servers/databases/read Retornar a lista de bancos de dados ou obter as propriedades para o banco de dados especificado.Return the list of databases or gets the properties for the specified database.
Microsoft. SQL/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
/Servers/databases/schemas/Read Microsoft. SQLMicrosoft.Sql/servers/databases/schemas/read Obter um esquema de banco de dados.Get a database schema.
/Servers/databases/schemas/Tables/Columns/Read Microsoft. SQLMicrosoft.Sql/servers/databases/schemas/tables/columns/read Obter uma coluna de banco de dados.Get a database column.
Microsoft. SQL/Servers/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
/Servers/databases/schemas/Tables/Read Microsoft. SQLMicrosoft.Sql/servers/databases/schemas/tables/read Obter uma tabela de banco de dados.Get a database table.
Microsoft. SQL/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Criar e gerenciar políticas de alerta de segurança do banco de dados do servidor SQLCreate and manage SQL server database security alert policies
Microsoft. SQL/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Criar e gerenciar métricas de segurança do banco de dados do servidor SQLCreate and manage SQL server database security metrics
Microsoft. SQL/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft. SQL/Servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft. SQL/Servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
/Servers/Read Microsoft. SQLMicrosoft.Sql/servers/read Retornar a lista de servidores ou obter as propriedades para o servidor especificado.Return the list of servers or gets the properties for the specified server.
Microsoft. SQL/Servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Criar e gerenciar políticas de alerta de segurança de servidor SQLCreate and manage SQL server security alert policies
Microsoft. SQL/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. SQL/Servers/azureADOnlyAuthentications/*Microsoft.Sql/servers/azureADOnlyAuthentications/*
/ManagedInstances/Read Microsoft. SQLMicrosoft.Sql/managedInstances/read Retornar a lista de instâncias gerenciadas ou obter as propriedades para a instância gerenciada especificada.Return the list of managed instances or gets the properties for the specified managed instance.
Microsoft. SQL/managedInstances/azureADOnlyAuthentications/*Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*
Microsoft. Security/sqlVulnerabilityAssessments/*Microsoft.Security/sqlVulnerabilityAssessments/*
/ManagedInstances/Administrators/Read Microsoft. SQLMicrosoft.Sql/managedInstances/administrators/read Obter uma lista de administradores de instância gerenciada.Gets a list of managed instance administrators.
/Servers/Administrators/Read Microsoft. SQLMicrosoft.Sql/servers/administrators/read Obtém um objeto de administrador de Azure Active Directory específicoGets a specific Azure Active Directory administrator object
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/administratorAzureAsyncOperation/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/*",
        "Microsoft.Sql/managedInstances/read",
        "Microsoft.Sql/managedInstances/azureADOnlyAuthentications/*",
        "Microsoft.Security/sqlVulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/administrators/read",
        "Microsoft.Sql/servers/administrators/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do SQL ServerSQL Server Contributor

Permite gerenciar servidores e bancos de dados SQL, mas não acessá-los, nem as políticas relacionadas à segurança.Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. SQL/Locations/*/ReadMicrosoft.Sql/locations/*/read
Microsoft. SQL/Servers/*Microsoft.Sql/servers/* Criar e gerenciar servidores SQLCreate and manage SQL servers
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. insights/Metrics/ReadMicrosoft.Insights/metrics/read Ler métricaRead metrics
Microsoft. insights/metricDefinitions/ReadMicrosoft.Insights/metricDefinitions/read Ler definições de métricaRead metric definitions
NotActionsNotActions
Microsoft. SQL/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft. SQL/managedInstances/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft. SQL/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft. SQL/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft. SQL/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft. SQL/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft. SQL/Servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* Editar configurações de auditoria do servidor SQLEdit SQL server auditing settings
Microsoft. SQL/Servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* Editar configurações de auditoria de banco de dados do servidor SQLEdit SQL server database auditing settings
/Servers/databases/auditRecords/Read Microsoft. SQLMicrosoft.Sql/servers/databases/auditRecords/read Recuperar os registros de auditoria do blob do banco de dadosRetrieve the database blob audit records
Microsoft. SQL/Servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft. SQL/Servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* Editar políticas de mascaramento de banco de dados do servidor SQLEdit SQL server database data masking policies
Microsoft. SQL/Servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft. SQL/Servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft. SQL/Servers/databases/schemas/Tables/Columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft. SQL/Servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* Editar políticas de alerta de segurança de banco de dados do servidor SQLEdit SQL server database security alert policies
Microsoft. SQL/Servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* Editar métricas de segurança de banco de dados do servidor SQLEdit SQL server database security metrics
Microsoft. SQL/Servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft. SQL/Servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft. SQL/Servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft. SQL/Servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* Editar políticas de alerta de segurança de servidor SQLEdit SQL server security alert policies
Microsoft. SQL/Servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
/Servers/azureADOnlyAuthentications/Delete Microsoft. SQLMicrosoft.Sql/servers/azureADOnlyAuthentications/delete Exclui um servidor específico Azure Active Directory apenas o objeto de autenticaçãoDeletes a specific server Azure Active Directory only authentication object
/Servers/azureADOnlyAuthentications/Write Microsoft. SQLMicrosoft.Sql/servers/azureADOnlyAuthentications/write Adiciona ou atualiza um servidor específico Azure Active Directory apenas o objeto de autenticaçãoAdds or updates a specific server Azure Active Directory only authentication object
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/delete",
        "Microsoft.Sql/servers/azureADOnlyAuthentications/write"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AnáliseAnalytics

Proprietário de Dados de Hubs de Eventos do AzureAzure Event Hubs Data Owner

Permite acesso completo aos recursos dos Hubs de Eventos do Azure.Allows for full access to Azure Event Hubs resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. EventHub/*Microsoft.EventHub/*
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Receptor de Dados dos Hubs de Eventos do AzureAzure Event Hubs Data Receiver

Permite acesso de recebimento aos recursos dos Hubs de Eventos do Azure.Allows receive access to Azure Event Hubs resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. EventHub/*/Eventhubs/consumergroups/ReadMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. EventHub/*/Receive/ActionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Remetente de Dados dos Hubs de Eventos do AzureAzure Event Hubs Data Sender

Permite acesso de envio aos recursos dos Hubs de Eventos do Azure.Allows send access to Azure Event Hubs resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. EventHub/*/Eventhubs/ReadMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. EventHub/*/Send/ActionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador da fábrica de dadosData Factory Contributor

Cria e gerencia data factories, assim como os recursos filhos neles.Create and manage data factories, as well as child resources within them. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. datafactory/dataFactories/*Microsoft.DataFactory/dataFactories/* Criar e gerenciar data factories e recursos filho dentro deles.Create and manage data factories, and child resources within them.
Microsoft. datafactory/factories/*Microsoft.DataFactory/factories/* Criar e gerenciar data factories e recursos filho dentro deles.Create and manage data factories, and child resources within them.
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
Microsoft. EventGrid/eventSubscriptions/WriteMicrosoft.EventGrid/eventSubscriptions/write Criar ou atualizar um eventSubscriptionCreate or update an eventSubscription
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Limpador de DadosData Purger

Exclua dados privados de um espaço de trabalho Log Analytics.Delete private data from a Log Analytics workspace. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. insights/Components/*/ReadMicrosoft.Insights/components/*/read
Microsoft. insights/Components/Purge/ActionMicrosoft.Insights/components/purge/action Limpe dados do Application InsightsPurging data from Application Insights
Microsoft. OperationalInsights/Workspaces/*/ReadMicrosoft.OperationalInsights/workspaces/*/read Exibir dados da análise de logsView log analytics data
Microsoft. OperationalInsights/Workspaces/Purge/ActionMicrosoft.OperationalInsights/workspaces/purge/action Excluir dados especificados do workspaceDelete specified data from workspace
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Operador de Cluster do HDInsightHDInsight Cluster Operator

Permite que você leia e modifique as configurações de cluster do HDInsight.Lets you read and modify HDInsight cluster configurations. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. HDInsight/*/ReadMicrosoft.HDInsight/*/read
/Clusters/getGatewaySettings/Action Microsoft. HDInsightMicrosoft.HDInsight/clusters/getGatewaySettings/action Obter configurações de gateway para o cluster HDInsightGet gateway settings for HDInsight Cluster
/Clusters/updateGatewaySettings/Action Microsoft. HDInsightMicrosoft.HDInsight/clusters/updateGatewaySettings/action Atualizar as configurações do gateway para o cluster HDInsightUpdate gateway settings for HDInsight Cluster
Microsoft. HDInsight/clusters/Configurations/*Microsoft.HDInsight/clusters/configurations/*
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
/Deployments/Operations/Read Microsoft. ResourcesMicrosoft.Resources/deployments/operations/read Obter ou lista operações de implantação.Gets or lists deployment operations.
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador dos serviços de domínio do HDInsightHDInsight Domain Services Contributor

Pode ler, criar, modificar e excluir as operações relacionadas ao serviço de domínio necessárias para o HDInsight Enterprise Security Package saiba maisCan Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package Learn more

AçõesActions DescriçãoDescription
Microsoft. AAD/*/ReadMicrosoft.AAD/*/read
Microsoft. AAD/domainServices/*/ReadMicrosoft.AAD/domainServices/*/read
Microsoft. AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Log AnalyticsLog Analytics Contributor

O Colaborador do Log Analytics pode ler todos os dados de monitoramento e editar as configurações de monitoramento.Log Analytics Contributor can read all monitoring data and edit monitoring settings. A edição das configurações de monitoramento inclui a adição da extensão da VM às VMs, leitura das chaves da conta de armazenamento para poder configurar a coleção de logs do Armazenamento do Microsoft Azure, criação e configuração de contas de Automação, adição de soluções e configuração do diagnóstico do Azure em todos os recursos do Azure.Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
*/leitura*/read Ler recursos de todos os tipos, exceto segredos.Read resources of all types, except secrets.
Microsoft. Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft. ClassicCompute/virtualMachines/Extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft. ClassicStorage/storageAccounts/listKeys/ActionMicrosoft.ClassicStorage/storageAccounts/listKeys/action Listar as chaves de acesso das contas de armazenamento.Lists the access keys for the storage accounts.
Microsoft. Compute/virtualMachines/Extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft. HybridCompute/Machines/Extensions/WriteMicrosoft.HybridCompute/machines/extensions/write Instala ou atualiza uma extensão do Azure ArcInstalls or Updates an Azure Arc extensions
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Criar, atualizar ou ler a configuração de diagnóstico do Analysis ServerCreates, updates, or reads the diagnostic setting for Analysis Server
Microsoft. OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft. OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
Microsoft. Resources/subscriptions/resourcegroups/Deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
/StorageAccounts/listKeys/Action Microsoft. StorageMicrosoft.Storage/storageAccounts/listKeys/action Retornar as chaves de acesso da conta de armazenamento especificada.Returns the access keys for the specified storage account.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor do Log AnalyticsLog Analytics Reader

Um Leitor do Log Analytics pode exibir e pesquisar todos os dados de monitoramento além de exibir as configurações de monitoramento, incluindo a exibição da configuração do diagnóstico do Azure em todos os recursos do Azure.Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. Saiba maisLearn more

AçõesActions DescriçãoDescription
*/leitura*/read Ler recursos de todos os tipos, exceto segredos.Read resources of all types, except secrets.
Microsoft. OperationalInsights/Workspaces/Analytics/Query/ActionMicrosoft.OperationalInsights/workspaces/analytics/query/action Pesquisar usando o novo mecanismo.Search using new engine.
Microsoft. OperationalInsights/Workspaces/Search/ActionMicrosoft.OperationalInsights/workspaces/search/action Executar uma consulta de pesquisaExecutes a search query
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
Microsoft. OperationalInsights/Workspaces/sharedKeys/ReadMicrosoft.OperationalInsights/workspaces/sharedKeys/read Recupera as chaves compartilhadas do workspace.Retrieves the shared keys for the workspace. Essas chaves são usadas para conectar agentes do Insights Operacionais da Microsoft ao workspace.These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Curador de dados alcancePurview Data Curator

O curador de dados Microsoft. alcance pode criar, ler, modificar e excluir objetos de dados de catálogo e estabelecer relações entre objetos.The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change.

AçõesActions DescriçãoDescription
Microsoft. alcance/accounts/ReadMicrosoft.Purview/accounts/read Ler recurso de conta para o provedor Microsoft alcance.Read account resource for Microsoft Purview provider.
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. alcance/accounts/data/ReadMicrosoft.Purview/accounts/data/read Ler objetos de dados.Read data objects.
Microsoft. alcance/accounts/data/WriteMicrosoft.Purview/accounts/data/write Criar, atualizar e excluir objetos de dados.Create, update and delete data objects.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data curator can create, read, modify and delete catalog data objects and establish relationships between objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "name": "8a3c2885-9b38-4fd2-9d99-91af537c1347",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read",
        "Microsoft.Purview/accounts/data/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Curator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor de dados do alcancePurview Data Reader

O leitor de dados Microsoft. alcance pode ler objetos de dados do catálogo.The Microsoft.Purview data reader can read catalog data objects. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change.

AçõesActions DescriçãoDescription
Microsoft. alcance/accounts/ReadMicrosoft.Purview/accounts/read Ler recurso de conta para o provedor Microsoft alcance.Read account resource for Microsoft Purview provider.
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. alcance/accounts/data/ReadMicrosoft.Purview/accounts/data/read Ler objetos de dados.Read data objects.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data reader can read catalog data objects. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db",
  "name": "ff100721-1b9d-43d8-af52-42b69c1272db",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/data/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Administrador de fonte de dados alcancePurview Data Source Administrator

O administrador da fonte de dados Microsoft. alcance pode gerenciar fontes de dados e verificações de dados.The Microsoft.Purview data source administrator can manage data sources and data scans. Esta função está em visualização e está sujeita a alterações.This role is in preview and subject to change.

AçõesActions DescriçãoDescription
Microsoft. alcance/accounts/ReadMicrosoft.Purview/accounts/read Ler recurso de conta para o provedor Microsoft alcance.Read account resource for Microsoft Purview provider.
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. alcance/accounts/Scan/ReadMicrosoft.Purview/accounts/scan/read Ler fontes de dados e verificações.Read data sources and scans.
Microsoft. alcance/accounts/Scan/WriteMicrosoft.Purview/accounts/scan/write Criar, atualizar e excluir fontes de dados e gerenciar verificações.Create, update and delete data sources and manage scans.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "The Microsoft.Purview data source administrator can manage data sources and data scans. This role is in preview and subject to change.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803",
  "name": "200bba9e-f0c8-430f-892b-6f0794863803",
  "permissions": [
    {
      "actions": [
        "Microsoft.Purview/accounts/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Purview/accounts/scan/read",
        "Microsoft.Purview/accounts/scan/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Purview Data Source Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Colaborador do Registro de Esquema (Versão Prévia)Schema Registry Contributor (Preview)

Ler, gravar e excluir grupos e esquemas do Registro de Esquema.Read, write, and delete Schema Registry groups and schemas.

AçõesActions DescriçãoDescription
Microsoft. EventHub/namespaces/schemagroups/*Microsoft.EventHub/namespaces/schemagroups/*
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. EventHub/namespaces/schemas/*Microsoft.EventHub/namespaces/schemas/*
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read, write, and delete Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25",
  "name": "5dffeca3-4936-4216-b2bc-10343a5abb25",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Contributor (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Leitor do Registro de Esquema (Versão Prévia)Schema Registry Reader (Preview)

Ler e listar os grupos e os esquemas do Registro de Esquema.Read and list Schema Registry groups and schemas.

AçõesActions DescriçãoDescription
Microsoft. EventHub/namespaces/schemagroups/ReadMicrosoft.EventHub/namespaces/schemagroups/read Obter lista de descrições de recursos de um de esquemaGet list of SchemaGroup Resource Descriptions
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. EventHub/namespaces/schemas/ReadMicrosoft.EventHub/namespaces/schemas/read Recuperar esquemasRetrieve schemas
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and list Schema Registry groups and schemas.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "name": "2c56ea50-c6b3-40a6-83c0-9d98858bc7d2",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/namespaces/schemagroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/namespaces/schemas/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Schema Registry Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

BlockchainBlockchain

Acesso de Nó de Membro do Blockchain (Versão Prévia)Blockchain Member Node Access (Preview)

Permite o acesso a nós membros do Blockchain saiba maisAllows for access to Blockchain Member nodes Learn more

AçõesActions DescriçãoDescription
Microsoft. Blockchain/blockchainMembers/transactionNodes/ReadMicrosoft.Blockchain/blockchainMembers/transactionNodes/read Obtém ou lista os nós de transação de membro Blockchain existentes.Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. Blockchain/blockchainMembers/transactionNodes/Connect/ActionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action Conecta-se a um nó de transação de membro Blockchain.Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

IA + aprendizado de máquinaAI + machine learning

Colaborador dos Serviços CognitivosCognitive Services Contributor

Permite criar, ler, atualizar, excluir e gerenciar chaves dos Serviços Cognitivos.Lets you create, read, update, delete and manage keys of Cognitive Services. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. Authorization/*/ReadMicrosoft.Authorization/*/read Ler funções e atribuições de funçãoRead roles and role assignments
Microsoft. Cognitivaservices/*Microsoft.CognitiveServices/*
/Features/Read Microsoft. FeaturesMicrosoft.Features/features/read Obter os recursos de uma assinatura.Gets the features of a subscription.
/Providers/Features/Read Microsoft. FeaturesMicrosoft.Features/providers/features/read Obter o recurso de uma assinatura em determinado provedor de recursos.Gets the feature of a subscription in a given resource provider.
Microsoft. insights/alertRules/*Microsoft.Insights/alertRules/* Criar e gerenciar um alerta de métrica clássicoCreate and manage a classic metric alert
Microsoft. insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* Criar, atualizar ou ler a configuração de diagnóstico do Analysis ServerCreates, updates, or reads the diagnostic setting for Analysis Server
Microsoft. insights/logDefinitions/ReadMicrosoft.Insights/logDefinitions/read Ler definições de logRead log definitions
Microsoft. insights/metricdefinitions/ReadMicrosoft.Insights/metricdefinitions/read Ler definições de métricaRead metric definitions
Microsoft. insights/Metrics/ReadMicrosoft.Insights/metrics/read Ler métricaRead metrics
Microsoft. ResourceHealth/availabilityStatuses/ReadMicrosoft.ResourceHealth/availabilityStatuses/read Obter os status de disponibilidade para todos os recursos no escopo especificadoGets the availability statuses for all resources in the specified scope
Microsoft. Resources/Deployments/*Microsoft.Resources/deployments/* Criar e gerenciar uma implantaçãoCreate and manage a deployment
/Deployments/Operations/Read Microsoft. ResourcesMicrosoft.Resources/deployments/operations/read Obter ou lista operações de implantação.Gets or lists deployment operations.
/Subscriptions/operationresults/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/operationresults/read Obter os resultados da operação da assinatura.Get the subscription operation results.
/Subscriptions/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/read Obter a lista de assinaturas.Gets the list of subscriptions.
Microsoft. Resources/subscriptions/resourcegroups/Deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
/Subscriptions/resourceGroups/Read Microsoft. ResourcesMicrosoft.Resources/subscriptions/resourceGroups/read Obter ou listar de grupos de recursos.Gets or lists resource groups.
Microsoft. support/*Microsoft.Support/* Criar e atualizar um tíquete de suporteCreate and update a support ticket
NotActionsNotActions
nenhumnone
DataActionsDataActions
nenhumnone
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Visão Personalizada colaborador de serviços cognitivasCognitive Services Custom Vision Contributor

Acesso completo ao projeto, incluindo a capacidade de exibir, criar, editar ou excluir projetos.Full access to the project, including the ability to view, create, edit, or delete projects. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. cognitivaservices/*/ReadMicrosoft.CognitiveServices/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. cognitivaservices/accounts/CustomVision/*Microsoft.CognitiveServices/accounts/CustomVision/*
NotDataActionsNotDataActions
nenhumnone
{
  "assignableScopes": [
    "/"
  ],
  "description": "Full access to the project, including the ability to view, create, edit, or delete projects.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "name": "c1ff6cc2-c111-46fe-8896-e0ef812ad9f3",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Custom Vision Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Serviços cognitivas Visão Personalizada implantaçãoCognitive Services Custom Vision Deployment

Publicar, cancelar publicação ou exportar modelos.Publish, unpublish or export models. A implantação pode exibir o projeto, mas não pode atualizar.Deployment can view the project but can't update. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. cognitivaservices/*/ReadMicrosoft.CognitiveServices/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. cognitivaservices/accounts/CustomVision/*/ReadMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Predictions/*Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/iterations/Publish/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/iterations/Export/*Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/QuickTest/*Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*
Microsoft. cognitivaservices/accounts/CustomVision/Classify/*Microsoft.CognitiveServices/accounts/CustomVision/classify/*
Microsoft. cognitivaservices/accounts/CustomVision/Detect/*Microsoft.CognitiveServices/accounts/CustomVision/detect/*
NotDataActionsNotDataActions
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Export/ReadMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read Exporta um projeto.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "Publish, unpublish or export models. Deployment can view the project but can't update.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "name": "5c4089e1-6d96-4d2f-b296-c1bc7137275f",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/publish/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/iterations/export/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/quicktest/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/classify/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/detect/*"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Deployment",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Serviços cognitivas Visão Personalizada LabelerCognitive Services Custom Vision Labeler

Exiba, Edite imagens de treinamento e crie, adicione, remova ou exclua as marcas de imagem.View, edit training images and create, add, remove, or delete the image tags. Rotuladores podem exibir o projeto, mas não podem atualizar nada além de imagens e marcas de treinamento.Labelers can view the project but can't update anything other than training images and tags. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. cognitivaservices/*/ReadMicrosoft.CognitiveServices/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. cognitivaservices/accounts/CustomVision/*/ReadMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Predictions/Query/ActionMicrosoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action Obtenha imagens que foram enviadas ao ponto de extremidade de previsão.Get images that were sent to your prediction endpoint.
Microsoft. cognitivaservices/accounts/CustomVision/Projects/images/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Tags/*Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/images/Suggested/*Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*
Microsoft. cognitivaservices/accounts/CustomVision/Projects/tagsandregions/Suggestions/ActionMicrosoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action Essa API receberá marcas e regiões sugeridas para uma matriz/lote de imagens não marcadas, juntamente com confianças para as marcas.This API will get suggested tags and regions for an array/batch of untagged images along with confidences for the tags. Ele retornará uma matriz vazia se nenhuma marca for encontrada.It returns an empty array if no tags are found.
NotDataActionsNotDataActions
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Export/ReadMicrosoft.CognitiveServices/accounts/CustomVision/projects/export/read Exporta um projeto.Exports a project.
{
  "assignableScopes": [
    "/"
  ],
  "description": "View, edit training images and create, add, remove, or delete the image tags. Labelers can view the project but can't update anything other than training images and tags.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c",
  "name": "88424f51-ebe7-446f-bc41-7fa16989e96c",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/*/read",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/predictions/query/action",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tags/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/images/suggested/*",
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/tagsandregions/suggestions/action"
      ],
      "notDataActions": [
        "Microsoft.CognitiveServices/accounts/CustomVision/projects/export/read"
      ]
    }
  ],
  "roleName": "Cognitive Services Custom Vision Labeler",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Visão Personalizada leitor de serviços cognitivasCognitive Services Custom Vision Reader

Ações somente leitura no projeto.Read-only actions in the project. Os leitores não podem criar nem atualizar o projeto.Readers can't create or update the project. Saiba maisLearn more

AçõesActions DescriçãoDescription
Microsoft. cognitivaservices/*/ReadMicrosoft.CognitiveServices/*/read
NotActionsNotActions
nenhumnone
DataActionsDataActions
Microsoft. cognitivaservices/accounts/CustomVision/*/ReadMicrosoft.CognitiveServices/accounts/CustomVision/*/read
Microsoft. cognitivaservices/accounts/CustomVision/Projects/Predictions/Query/Action