Funções internas do Azure para Híbrido + multicloud
Este artigo lista as funções internas do Azure na categoria Híbrido + multicloud.
Função de Implantação da Ponte de Recursos do Azure
Função de Implantação da Ponte de Recursos do Azure
Ações | Descrição |
---|---|
Microsoft.Authorization/roleassignments/read | Obter informações sobre uma atribuição de função. |
Microsoft.AzureStackHCI/Register/Action | Registra a assinatura do provedor de recursos do Azure Stack HCI e permite a criação de recursos do Azure Stack HCI. |
Microsoft.ResourceConnector/register/action | Registra a assinatura do provedor de recursos do Appliances e permite a criação do Appliance. |
Microsoft.ResourceConnector/appliances/read | Obtém um recurso do Appliance |
Microsoft.ResourceConnector/appliances/write | Cria ou atualiza o recurso do Appliance |
Microsoft.ResourceConnector/appliances/delete | Exclui o recurso Appliance |
Microsoft.ResourceConnector/locations/operationresults/read | Obtenha o resultado da operação do Appliance |
Microsoft.ResourceConnector/locations/operationsstatus/read | Obtenha o resultado da operação do Appliance |
Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | Obter uma credencial de usuário de cluster de dispositivo |
Microsoft.ResourceConnector/appliances/listKeys/action | Obter chaves de usuário de cliente de cluster de dispositivo |
Microsoft.ResourceConnector/appliances/upgradeGraphs/read | Obtém o gráfico de atualização do cluster do Appliance |
Microsoft.ResourceConnector/telemetryconfig/read | Obtenha a configuração de telemetria do Appliances utilizada pela CLI do Appliances |
Microsoft.ResourceConnector/operações/leitura | Obtém a lista de operações disponíveis para dispositivos |
Microsoft.ExtendedLocation/register/action | Registra a assinatura do provedor de recursos de Local Personalizado e habilita a criação de Local Personalizado. |
Microsoft.ExtendedLocation/customLocations/deploy/action | Implantar permissões em um recurso de Local Personalizado |
Microsoft.ExtendedLocation/customLocations/read | Obtém um recurso de Localização Personalizada |
Microsoft.ExtendedLocation/customLocations/write | Cria ou atualiza o recurso Local Personalizado |
Microsoft.ExtendedLocation/customLocations/delete | Exclui o recurso Local Personalizado |
Microsoft.HybridConnectivity/register/action | Registrar a assinatura para Microsoft.HybridConnectivity |
Microsoft.Kubernetes/register/action | Registra a assinatura no provedor de recursos Microsoft.Kubernetes |
Microsoft.KubernetesConfiguration/register/action | Registra a assinatura no provedor de recursos Microsoft.KubernetesConfiguration. |
Microsoft.KubernetesConfiguration/extensions/write | Cria ou atualiza recursos de extensão. |
Microsoft.KubernetesConfiguration/extensions/read | Obtém o recurso de instância de extensão. |
Microsoft.KubernetesConfiguration/extensions/delete | Exclui o recurso de instância de extensão. |
Microsoft.KubernetesConfiguration/extensions/operations/read | Obtém o status da operação assíncrona. |
Microsoft.KubernetesConfiguration/namespaces/read | Obtém o recurso de namespace |
Microsoft.KubernetesConfiguration/operations/read | Obtém as operações disponíveis do provedor de recursos Microsoft.KubernetesConfiguration. |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Obter atribuição de configuração de convidado. |
Microsoft.HybridContainerService/register/action | Registrar a assinatura para Microsoft.HybridContainerService |
Microsoft.HybridContainerService/kubernetesVersions/read | Lista as versões do kubernetes suportadas do local personalizado subjacente |
Microsoft.HybridContainerService/kubernetesVersions/write | Coloca o tipo de recurso de versão do kubernetes |
Microsoft.HybridContainerService/skus/read | Lista as SKUs de VM com suporte do local personalizado subjacente |
Microsoft.HybridContainerService/skus/write | Coloca o tipo de recurso SKUs da VM |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
Microsoft.AzureStackHCI/StorageContainers/Write | Cria/atualiza o recurso de contêineres de armazenamento |
Microsoft.AzureStackHCI/StorageContainers/Read | Obtém/Lista o recurso de contêineres de armazenamento |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Azure Resource Bridge Deployment Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/7b1f81f9-4196-4058-8aae-762e593270df",
"name": "7b1f81f9-4196-4058-8aae-762e593270df",
"permissions": [
{
"actions": [
"Microsoft.Authorization/roleassignments/read",
"Microsoft.AzureStackHCI/Register/Action",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/appliances/upgradeGraphs/read",
"Microsoft.ResourceConnector/telemetryconfig/read",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.HybridContainerService/register/action",
"Microsoft.HybridContainerService/kubernetesVersions/read",
"Microsoft.HybridContainerService/kubernetesVersions/write",
"Microsoft.HybridContainerService/skus/read",
"Microsoft.HybridContainerService/skus/write",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Resource Bridge Deployment Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Administrador de HCI do Azure Stack
Concede acesso total ao cluster e seus recursos, incluindo a capacidade de registrar o Azure Stack HCI e atribuir outros como Colaborador de VM HCI do Azure Arc e/ou Leitor de VM HCI do Azure Arc
Ações | Descrição |
---|---|
Microsoft.AzureStackHCI/register/action | Registra a assinatura do provedor de recursos do Azure Stack HCI e permite a criação de recursos do Azure Stack HCI. |
Microsoft.AzureStackHCI/Unregister/Action | Cancela o Registro da assinatura para o provedor de recursos do Azure Stack HCI. |
Microsoft.AzureStackHCI/clusters/* | |
Microsoft.HybridCompute/register/action | Registra a assinatura para o provedor de recursos Microsoft.HybridCompute |
Microsoft.GuestConfiguration/register/action | Registra a assinatura para o provedor de recursos Microsoft.GuestConfiguration. |
Microsoft.GuestConfiguration/guestConfigurationAssignments/read | Obter atribuição de configuração de convidado. |
Microsoft.Resources/subscriptions/resourceGroups/write | Criar ou atualizar um grupo de recursos. |
Microsoft.Resources/subscriptions/resourceGroups/delete | Excluir um grupo de recursos e todos os seus recursos. |
Microsoft.HybridConnectivity/register/action | Registrar a assinatura para Microsoft.HybridConnectivity |
Microsoft.Authorization/roleAssignments/write | Criar uma atribuição de função no escopo especificado. |
Microsoft.Authorization/roleAssignments/delete | Exclua uma atribuição de função no escopo especificado. |
Microsoft.Authorization/*/read | Ler funções e atribuições de função |
Microsoft.Resources/deployments/* | Criar e gerenciar uma implantação |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
Microsoft.Resources/subscriptions/read | Obter a lista de assinaturas. |
Microsoft.Management/managementGroups/read | Listar grupos de gerenciamento para o usuário autenticado. |
Microsoft.Support/* | Criar e atualizar um tíquete de suporte |
Microsoft.AzureStackHCI/* | |
Microsoft.Insights/AlertRules/Write | Criar ou atualizar o alerta de métrica clássico |
Microsoft.Insights/AlertRules/Delete | Excluir alerta de métrica clássico |
Microsoft.Insights/AlertRules/Read | Ler alerta de métrica clássico |
Microsoft.Insights/AlertRules/Activated/Action | Alerta de métrica clássico ativado |
Microsoft.Insights/AlertRules/Resolved/Action | Alerta de métrica clássico resolvido |
Microsoft.Insights/AlertRules/Throttled/Action | Regra de alerta de métrica clássico acelerada |
Microsoft.Insights/AlertRules/Incidents/Read | Ler incidente de alerta de métrica clássico |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Obter ou lista implantações. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Criar ou atualizar uma implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Obter ou lista operações de implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Obter ou listar o status da operação de implantação. |
Microsoft.ResourceHealth/availabilityStatuses/read | Obter os status de disponibilidade para todos os recursos no escopo especificado |
Microsoft.Resources/subscriptions/read | Obter a lista de assinaturas. |
Microsoft.Resources/subscriptions/operationresults/read | Obter os resultados da operação da assinatura. |
Microsoft.HybridCompute/machines/read | Ler qualquer computador do Azure Arc |
Microsoft.HybridCompute/machines/write | Grava um computador do Azure Arc |
Microsoft.HybridCompute/machines/delete | Exclui um computador do Azure Arc |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Atualiza Extensões nas máquinas do Azure Arc |
Microsoft.HybridCompute/machines/assessPatches/action | Avalia qualquer computador do Azure Arc para obter patches de software ausentes |
Microsoft.HybridCompute/machines/installPatches/action | Instala patches em qualquer computador do Azure Arc |
Microsoft.HybridCompute/machines/extensions/read | Lê todas as extensões do Azure Arc |
Microsoft.HybridCompute/machines/extensions/write | Instala ou atualiza uma extensão do Azure Arc |
Microsoft.HybridCompute/machines/extensions/delete | Exclui uma extensão do Azure Arc |
Microsoft.HybridCompute/operations/read | Ler todas as operações do Azure Arc para servidores |
Microsoft.HybridCompute/locations/operationresults/read | Lê o status de uma operação no provedor de recursos Microsoft.HybridCompute |
Microsoft.HybridCompute/locations/operationstatus/read | Lê o status de uma operação no provedor de recursos Microsoft.HybridCompute |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | Lê todos os patchAssessmentResults do Azure Arc |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Lê todos os patchAssessmentResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/read | Lê todos os patchInstallationResults do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Lê todos os patchInstallationResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Lê o status de uma operação do centro de atualização em computadores |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Leia os metadados de identidade híbrida de qualquer máquina do Azure Arc |
Microsoft.HybridCompute/osType/agentVersions/read | Leia todas as versões do Azure Connected Machine Agent disponíveis |
Microsoft.HybridCompute/osType/agentVersions/latest/read | Leia a versão mais recente do Azure Connected Machine Agent |
Microsoft.HybridCompute/machines/runcommands/read | Lê todos os comandos de execução do Azure Arc |
Microsoft.HybridCompute/machines/runcommands/write | Instala ou atualiza um comando de execução do Azure Arc |
Microsoft.HybridCompute/machines/runcommands/delete | Exclui comandos de execução do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Lê qualquer licenseProfiles do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/write | Instala ou atualiza um licenseProfiles do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Exclui um licenseProfiles do Azure Arc |
Microsoft.HybridCompute/licenças/leitura | Lê todas as licenças do Azure Arc |
Microsoft.HybridCompute/licenças/gravação | Instala ou atualiza licenças do Azure Arc |
Microsoft.HybridCompute/licenças/delete | Exclui licenças do Azure Arc |
Microsoft.ResourceConnector/register/action | Registra a assinatura do provedor de recursos do Appliances e permite a criação do Appliance. |
Microsoft.ResourceConnector/appliances/read | Obtém um recurso do Appliance |
Microsoft.ResourceConnector/appliances/write | Cria ou atualiza o recurso do Appliance |
Microsoft.ResourceConnector/appliances/delete | Exclui o recurso Appliance |
Microsoft.ResourceConnector/locations/operationresults/read | Obtenha o resultado da operação do Appliance |
Microsoft.ResourceConnector/locations/operationsstatus/read | Obtenha o resultado da operação do Appliance |
Microsoft.ResourceConnector/appliances/listClusterUserCredential/action | Obter uma credencial de usuário de cluster de dispositivo |
Microsoft.ResourceConnector/appliances/listKeys/action | Obter chaves de usuário de cliente de cluster de dispositivo |
Microsoft.ResourceConnector/operações/leitura | Obtém a lista de operações disponíveis para dispositivos |
Microsoft.ExtendedLocation/register/action | Registra a assinatura do provedor de recursos de Local Personalizado e habilita a criação de Local Personalizado. |
Microsoft.ExtendedLocation/customLocations/read | Obtém um recurso de Localização Personalizada |
Microsoft.ExtendedLocation/customLocations/deploy/action | Implantar permissões em um recurso de Local Personalizado |
Microsoft.ExtendedLocation/customLocations/write | Cria ou atualiza o recurso Local Personalizado |
Microsoft.ExtendedLocation/customLocations/delete | Exclui o recurso Local Personalizado |
Microsoft.EdgeMarketplace/ofertas/leitura | Obter uma oferta |
Microsoft.EdgeMarketplace/editores/leitura | Obter um editor |
Microsoft.Kubernetes/register/action | Registra a assinatura no provedor de recursos Microsoft.Kubernetes |
Microsoft.KubernetesConfiguration/register/action | Registra a assinatura no provedor de recursos Microsoft.KubernetesConfiguration. |
Microsoft.KubernetesConfiguration/extensions/write | Cria ou atualiza recursos de extensão. |
Microsoft.KubernetesConfiguration/extensions/read | Obtém o recurso de instância de extensão. |
Microsoft.KubernetesConfiguration/extensions/delete | Exclui o recurso de instância de extensão. |
Microsoft.KubernetesConfiguration/extensions/operations/read | Obtém o status da operação assíncrona. |
Microsoft.KubernetesConfiguration/namespaces/read | Obtém o recurso de namespace |
Microsoft.KubernetesConfiguration/operations/read | Obtém as operações disponíveis do provedor de recursos Microsoft.KubernetesConfiguration. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
Microsoft.AzureStackHCI/StorageContainers/Write | Cria/atualiza o recurso de contêineres de armazenamento |
Microsoft.AzureStackHCI/StorageContainers/Read | Obtém/Lista o recurso de contêineres de armazenamento |
Microsoft.HybridContainerService/register/action | Registrar a assinatura para Microsoft.HybridContainerService |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none | |
Condição | |
((! (ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OU (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) E ((!) ( ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OU (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df, 4633458b-17de-408a-b874-0445c86b69e6})) | Adicione ou remova atribuições de função para as seguintes funções: Gerenciador de Recursos do Azure Connected Machine Administrador de recursos de Azure Connected Machine Integração de Azure Connected Machine Azure Stack HCI VM Reader Colaborador da VM do Azure Stack HCI Função de Gerenciamento de Dispositivo HCI do Azure Stack Função de Implantação da Ponte de Recursos do Azure Usuário de segredos do Key Vault |
{
"assignableScopes": [
"/"
],
"description": "Grants full access to the cluster and its resources, including the ability to register Azure Stack HCI and assign others as Azure Arc HCI VM Contributor and/or Azure Arc HCI VM Reader",
"id": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06",
"name": "bda0d508-adf1-4af0-9c28-88919fc3ae06",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/register/action",
"Microsoft.AzureStackHCI/Unregister/Action",
"Microsoft.AzureStackHCI/clusters/*",
"Microsoft.HybridCompute/register/action",
"Microsoft.GuestConfiguration/register/action",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read",
"Microsoft.Resources/subscriptions/resourceGroups/write",
"Microsoft.Resources/subscriptions/resourceGroups/delete",
"Microsoft.HybridConnectivity/register/action",
"Microsoft.Authorization/roleAssignments/write",
"Microsoft.Authorization/roleAssignments/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.Support/*",
"Microsoft.AzureStackHCI/*",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ResourceConnector/register/action",
"Microsoft.ResourceConnector/appliances/read",
"Microsoft.ResourceConnector/appliances/write",
"Microsoft.ResourceConnector/appliances/delete",
"Microsoft.ResourceConnector/locations/operationresults/read",
"Microsoft.ResourceConnector/locations/operationsstatus/read",
"Microsoft.ResourceConnector/appliances/listClusterUserCredential/action",
"Microsoft.ResourceConnector/appliances/listKeys/action",
"Microsoft.ResourceConnector/operations/read",
"Microsoft.ExtendedLocation/register/action",
"Microsoft.ExtendedLocation/customLocations/read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.ExtendedLocation/customLocations/write",
"Microsoft.ExtendedLocation/customLocations/delete",
"Microsoft.EdgeMarketplace/offers/read",
"Microsoft.EdgeMarketplace/publishers/read",
"Microsoft.Kubernetes/register/action",
"Microsoft.KubernetesConfiguration/register/action",
"Microsoft.KubernetesConfiguration/extensions/write",
"Microsoft.KubernetesConfiguration/extensions/read",
"Microsoft.KubernetesConfiguration/extensions/delete",
"Microsoft.KubernetesConfiguration/extensions/operations/read",
"Microsoft.KubernetesConfiguration/namespaces/read",
"Microsoft.KubernetesConfiguration/operations/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.AzureStackHCI/StorageContainers/Write",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.HybridContainerService/register/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": [],
"conditionVersion": "2.0",
"condition": "((!(ActionMatches{'Microsoft.Authorization/roleAssignments/write'})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6})) AND ((!(ActionMatches{'Microsoft.Authorization/roleAssignments/delete'})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals{f5819b54-e033-4d82-ac66-4fec3cbf3f4c, cd570a14-e51a-42ad-bac8-bafd67325302, b64e21ea-ac4e-4cdf-9dc9-5b892992bee7, 4b3fe76c-f777-4d24-a2d7-b027b0f7b273, 874d1c73-6003-4e60-a13a-cb31ea190a85,865ae368-6a45-4bd1-8fbf-0d5151f56fc1,7b1f81f9-4196-4058-8aae-762e593270df,4633458b-17de-408a-b874-0445c86b69e6}))"
}
],
"roleName": "Azure Stack HCI Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Função de Gerenciamento de Dispositivo HCI do Azure Stack
Função de gerenciamento de dispositivo Microsoft.AzureStackHCI
Ações | Descrição |
---|---|
Microsoft.AzureStackHCI/Clusters/* | |
Microsoft.AzureStackHCI/EdgeDevices/* | |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Microsoft.AzureStackHCI Device Management Role",
"id": "/providers/Microsoft.Authorization/roleDefinitions/865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"name": "865ae368-6a45-4bd1-8fbf-0d5151f56fc1",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/Clusters/*",
"Microsoft.AzureStackHCI/EdgeDevices/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI Device Management Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Colaborador da VM do Azure Stack HCI
Concede permissões para executar todas as ações de VM
Ações | Descrição |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/* | |
Microsoft.AzureStackHCI/virtualMachineInstances/* | |
Microsoft.AzureStackHCI/NetworkInterfaces/* | |
Microsoft.AzureStackHCI/VirtualHardDisks/* | |
Microsoft.AzureStackHCI/VirtualNetworks/Read | Obtém/lista o recurso de redes virtuais |
Microsoft.AzureStackHCI/VirtualNetworks/join/action | Ingressa no recurso de redes virtuais |
Microsoft.AzureStackHCI/LogicalNetworks/Read | Recurso Gets/Lists de redes lógicas |
Microsoft.AzureStackHCI/LogicalNetworks/join/action | Ingressa no recurso de redes lógicas |
Microsoft.AzureStackHCI/GalleryImages/Read | Obtém/lista o recurso de imagens da galeria |
Microsoft.AzureStackHCI/GalleryImages/deploy/action | Implanta o recurso de imagens da galeria |
Microsoft.AzureStackHCI/StorageContainers/Read | Obtém/Lista o recurso de contêineres de armazenamento |
Microsoft.AzureStackHCI/StorageContainers/deploy/action | Implanta o recurso de contêineres de armazenamento |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Recurso de imagens da galeria de pontos de mercado Gets/Lists |
Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action | Implanta o recurso de imagens da galeria do market place |
Microsoft.AzureStackHCI/Clusters/Read | Obtém clusters |
Microsoft.AzureStackHCI/Clusters/ArcSettings/Read | Obtém o recurso do ARC do cluster de HCI |
Microsoft.Insights/AlertRules/Write | Criar ou atualizar o alerta de métrica clássico |
Microsoft.Insights/AlertRules/Delete | Excluir alerta de métrica clássico |
Microsoft.Insights/AlertRules/Read | Ler alerta de métrica clássico |
Microsoft.Insights/AlertRules/Activated/Action | Alerta de métrica clássico ativado |
Microsoft.Insights/AlertRules/Resolved/Action | Alerta de métrica clássico resolvido |
Microsoft.Insights/AlertRules/Throttled/Action | Regra de alerta de métrica clássico acelerada |
Microsoft.Insights/AlertRules/Incidents/Read | Ler incidente de alerta de métrica clássico |
Microsoft.Resources/deployments/read | Obter ou lista implantações. |
Microsoft.Resources/deployments/write | Criar ou atualizar uma implantação. |
Microsoft.Resources/deployments/delete | Excluir uma implantação. |
Microsoft.Resources/deployments/cancel/action | Cancelar uma implantação. |
Microsoft.Resources/deployments/validate/action | Validar uma implantação. |
Microsoft.Resources/deployments/whatIf/action | Prevê as alterações de implantação de modelo. |
Microsoft.Resources/deployments/exportTemplate/action | Exportar o modelo para uma implantação |
Microsoft.Resources/deployments/operations/read | Obter ou lista operações de implantação. |
Microsoft.Resources/deployments/operationstatuses/read | Obter ou listar o status da operação de implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Obter ou lista implantações. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/write | Criar ou atualizar uma implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Obter ou lista operações de implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Obter ou listar o status da operação de implantação. |
Microsoft.ResourceHealth/availabilityStatuses/read | Obter os status de disponibilidade para todos os recursos no escopo especificado |
Microsoft.Authorization/*/read | Ler funções e atribuições de função |
Microsoft.Resources/subscriptions/read | Obter a lista de assinaturas. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
Microsoft.Resources/subscriptions/operationresults/read | Obter os resultados da operação da assinatura. |
Microsoft.HybridCompute/machines/read | Ler qualquer computador do Azure Arc |
Microsoft.HybridCompute/machines/write | Grava um computador do Azure Arc |
Microsoft.HybridCompute/machines/delete | Exclui um computador do Azure Arc |
Microsoft.HybridCompute/machines/UpgradeExtensions/action | Atualiza Extensões nas máquinas do Azure Arc |
Microsoft.HybridCompute/machines/assessPatches/action | Avalia qualquer computador do Azure Arc para obter patches de software ausentes |
Microsoft.HybridCompute/machines/installPatches/action | Instala patches em qualquer computador do Azure Arc |
Microsoft.HybridCompute/machines/extensions/read | Lê todas as extensões do Azure Arc |
Microsoft.HybridCompute/machines/extensions/write | Instala ou atualiza uma extensão do Azure Arc |
Microsoft.HybridCompute/machines/extensions/delete | Exclui uma extensão do Azure Arc |
Microsoft.HybridCompute/operations/read | Ler todas as operações do Azure Arc para servidores |
Microsoft.HybridCompute/locations/operationresults/read | Lê o status de uma operação no provedor de recursos Microsoft.HybridCompute |
Microsoft.HybridCompute/locations/operationstatus/read | Lê o status de uma operação no provedor de recursos Microsoft.HybridCompute |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | Lê todos os patchAssessmentResults do Azure Arc |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Lê todos os patchAssessmentResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/read | Lê todos os patchInstallationResults do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Lê todos os patchInstallationResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/locations/updateCenterOperationResults/read | Lê o status de uma operação do centro de atualização em computadores |
Microsoft.HybridCompute/machines/hybridIdentityMetadata/read | Leia os metadados de identidade híbrida de qualquer máquina do Azure Arc |
Microsoft.HybridCompute/osType/agentVersions/read | Leia todas as versões do Azure Connected Machine Agent disponíveis |
Microsoft.HybridCompute/osType/agentVersions/latest/read | Leia a versão mais recente do Azure Connected Machine Agent |
Microsoft.HybridCompute/machines/runcommands/read | Lê todos os comandos de execução do Azure Arc |
Microsoft.HybridCompute/machines/runcommands/write | Instala ou atualiza um comando de execução do Azure Arc |
Microsoft.HybridCompute/machines/runcommands/delete | Exclui comandos de execução do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Lê qualquer licenseProfiles do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/write | Instala ou atualiza um licenseProfiles do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/delete | Exclui um licenseProfiles do Azure Arc |
Microsoft.HybridCompute/licenças/leitura | Lê todas as licenças do Azure Arc |
Microsoft.HybridCompute/licenças/gravação | Instala ou atualiza licenças do Azure Arc |
Microsoft.HybridCompute/licenças/delete | Exclui licenças do Azure Arc |
Microsoft.ExtendedLocation/customLocations/Read | Obtém um recurso de Localização Personalizada |
Microsoft.ExtendedLocation/customLocations/deploy/action | Implantar permissões em um recurso de Local Personalizado |
Microsoft.KubernetesConfiguration/extensions/read | Obtém o recurso de instância de extensão. |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to perform all VM actions",
"id": "/providers/Microsoft.Authorization/roleDefinitions/874d1c73-6003-4e60-a13a-cb31ea190a85",
"name": "874d1c73-6003-4e60-a13a-cb31ea190a85",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/*",
"Microsoft.AzureStackHCI/virtualMachineInstances/*",
"Microsoft.AzureStackHCI/NetworkInterfaces/*",
"Microsoft.AzureStackHCI/VirtualHardDisks/*",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/join/action",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/join/action",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/GalleryImages/deploy/action",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/StorageContainers/deploy/action",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.AzureStackHCI/MarketPlaceGalleryImages/deploy/action",
"Microsoft.AzureStackHCI/Clusters/Read",
"Microsoft.AzureStackHCI/Clusters/ArcSettings/Read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/write",
"Microsoft.Resources/deployments/delete",
"Microsoft.Resources/deployments/cancel/action",
"Microsoft.Resources/deployments/validate/action",
"Microsoft.Resources/deployments/whatIf/action",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/write",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/UpgradeExtensions/action",
"Microsoft.HybridCompute/machines/assessPatches/action",
"Microsoft.HybridCompute/machines/installPatches/action",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/machines/extensions/delete",
"Microsoft.HybridCompute/operations/read",
"Microsoft.HybridCompute/locations/operationresults/read",
"Microsoft.HybridCompute/locations/operationstatus/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/locations/updateCenterOperationResults/read",
"Microsoft.HybridCompute/machines/hybridIdentityMetadata/read",
"Microsoft.HybridCompute/osType/agentVersions/read",
"Microsoft.HybridCompute/osType/agentVersions/latest/read",
"Microsoft.HybridCompute/machines/runcommands/read",
"Microsoft.HybridCompute/machines/runcommands/write",
"Microsoft.HybridCompute/machines/runcommands/delete",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/licenseProfiles/write",
"Microsoft.HybridCompute/machines/licenseProfiles/delete",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/licenses/write",
"Microsoft.HybridCompute/licenses/delete",
"Microsoft.ExtendedLocation/customLocations/Read",
"Microsoft.ExtendedLocation/customLocations/deploy/action",
"Microsoft.KubernetesConfiguration/extensions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack HCI VM Reader
Concede permissões para exibir VMs
Ações | Descrição |
---|---|
Microsoft.AzureStackHCI/VirtualMachines/Read | Obtém/lista o recurso de máquina virtual |
Microsoft.AzureStackHCI/virtualMachineInstances/Read | Obtém/Lista recurso de instância de máquina virtual |
Microsoft.AzureStackHCI/VirtualMachines/Extensões/Leitura | Obtém/lista o recurso de extensões da máquina virtual |
Microsoft.AzureStackHCI/VirtualNetworks/Read | Obtém/lista o recurso de redes virtuais |
Microsoft.AzureStackHCI/LogicalNetworks/Read | Recurso Gets/Lists de redes lógicas |
Microsoft.AzureStackHCI/NetworkInterfaces/Read | Obtém/lista o recurso de interfaces de rede |
Microsoft.AzureStackHCI/VirtualHardDisks/Read | Obtém/lista o recurso de disco rígido virtual |
Microsoft.AzureStackHCI/StorageContainers/Read | Obtém/Lista o recurso de contêineres de armazenamento |
Microsoft.AzureStackHCI/GalleryImages/Read | Obtém/lista o recurso de imagens da galeria |
Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read | Recurso de imagens da galeria de pontos de mercado Gets/Lists |
Microsoft.HybridCompute/licenças/leitura | Lê todas as licenças do Azure Arc |
Microsoft.HybridCompute/machines/extensions/read | Lê todas as extensões do Azure Arc |
Microsoft.HybridCompute/machines/licenseProfiles/read | Lê qualquer licenseProfiles do Azure Arc |
Microsoft.HybridCompute/machines/patchAssessmentResults/read | Lê todos os patchAssessmentResults do Azure Arc |
Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read | Lê todos os patchAssessmentResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/read | Lê todos os patchInstallationResults do Azure Arc |
Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read | Lê todos os patchInstallationResults/softwarePatches do Azure Arc |
Microsoft.HybridCompute/machines/read | Ler qualquer computador do Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read | Lê qualquer rede do Azure ArcSecurityPerimeterConfigurations |
Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read | Ler qualquer privateEndpointConnections do Azure Arc |
Microsoft.HybridCompute/privateLinkScopes/read | Ler qualquer privateLinkScopes do Azure Arc |
Microsoft.Insights/AlertRules/Write | Criar ou atualizar o alerta de métrica clássico |
Microsoft.Insights/AlertRules/Delete | Excluir alerta de métrica clássico |
Microsoft.Insights/AlertRules/Read | Ler alerta de métrica clássico |
Microsoft.Insights/AlertRules/Activated/Action | Alerta de métrica clássico ativado |
Microsoft.Insights/AlertRules/Resolved/Action | Alerta de métrica clássico resolvido |
Microsoft.Insights/AlertRules/Throttled/Action | Regra de alerta de métrica clássico acelerada |
Microsoft.Insights/AlertRules/Incidents/Read | Ler incidente de alerta de métrica clássico |
Microsoft.Resources/deployments/read | Obter ou lista implantações. |
Microsoft.Resources/deployments/exportTemplate/action | Exportar o modelo para uma implantação |
Microsoft.Resources/deployments/operations/read | Obter ou lista operações de implantação. |
Microsoft.Resources/deployments/operationstatuses/read | Obter ou listar o status da operação de implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/read | Obter ou lista implantações. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read | Obter ou lista operações de implantação. |
Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read | Obter ou listar o status da operação de implantação. |
Microsoft.ResourceHealth/availabilityStatuses/read | Obter os status de disponibilidade para todos os recursos no escopo especificado |
Microsoft.Authorization/*/read | Ler funções e atribuições de função |
Microsoft.Resources/subscriptions/read | Obter a lista de assinaturas. |
Microsoft.Resources/subscriptions/resourceGroups/read | Obter ou listar de grupos de recursos. |
Microsoft.Resources/subscriptions/operationresults/read | Obter os resultados da operação da assinatura. |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Grants permissions to view VMs",
"id": "/providers/Microsoft.Authorization/roleDefinitions/4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"name": "4b3fe76c-f777-4d24-a2d7-b027b0f7b273",
"permissions": [
{
"actions": [
"Microsoft.AzureStackHCI/VirtualMachines/Read",
"Microsoft.AzureStackHCI/virtualMachineInstances/Read",
"Microsoft.AzureStackHCI/VirtualMachines/Extensions/Read",
"Microsoft.AzureStackHCI/VirtualNetworks/Read",
"Microsoft.AzureStackHCI/LogicalNetworks/Read",
"Microsoft.AzureStackHCI/NetworkInterfaces/Read",
"Microsoft.AzureStackHCI/VirtualHardDisks/Read",
"Microsoft.AzureStackHCI/StorageContainers/Read",
"Microsoft.AzureStackHCI/GalleryImages/Read",
"Microsoft.AzureStackHCI/MarketplaceGalleryImages/Read",
"Microsoft.HybridCompute/licenses/read",
"Microsoft.HybridCompute/machines/extensions/read",
"Microsoft.HybridCompute/machines/licenseProfiles/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/read",
"Microsoft.HybridCompute/machines/patchAssessmentResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/read",
"Microsoft.HybridCompute/machines/patchInstallationResults/softwarePatches/read",
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations/read",
"Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections/read",
"Microsoft.HybridCompute/privateLinkScopes/read",
"Microsoft.Insights/AlertRules/Write",
"Microsoft.Insights/AlertRules/Delete",
"Microsoft.Insights/AlertRules/Read",
"Microsoft.Insights/AlertRules/Activated/Action",
"Microsoft.Insights/AlertRules/Resolved/Action",
"Microsoft.Insights/AlertRules/Throttled/Action",
"Microsoft.Insights/AlertRules/Incidents/Read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/deployments/exportTemplate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/operationstatuses/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operations/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/operationstatuses/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Authorization/*/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/subscriptions/operationresults/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack HCI VM Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Proprietário de registro do Azure Stack
Permite que você gerencie registros do Microsoft Azure Stack.
Ações | Descrição |
---|---|
Microsoft.AzureStack/edgeSubscriptions/read | |
Microsoft.AzureStack/registrations/products/*/action | |
Microsoft.AzureStack/registrations/products/read | Obter as propriedades de um produto do Marketplace do Azure Stack |
Microsoft.AzureStack/registrations/read | Obter as propriedades de um registro do Microsoft Azure Stack |
NotActions | |
none | |
DataActions | |
none | |
NotDataActions | |
none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/edgeSubscriptions/read",
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}