您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

用于 Azure 基于角色的访问控制的内置角色Built-in roles for Azure role-based access control

Azure 基于角色的访问控制 (RBAC) 附带以下可分配到用户、组和服务的内置角色。Azure Role-Based Access Control (RBAC) comes with the following built-in roles that can be assigned to users, groups, and services. 不能修改内置角色的定义。You can’t modify the definitions of built-in roles. 但是,可以创建 Azure RBAC 中的自定义角色,以满足组织的特定需要。However, you can create Custom roles in Azure RBAC to fit the specific needs of your organization.

Azure 中的角色Roles in Azure

下表提供内置角色的简短说明。The following table provides brief descriptions of the built-in roles. 单击角色名称可查看角色的“操作”和“不操作”的详细列表。Click the role name to see the detailed list of actions and notactions for the role. 操作属性指定对 Azure 资源允许的操作。The actions property specifies the allowed actions on Azure resources. 操作字符串可以使用通配符。Action strings can use wildcard characters. 不操作属性指定从允许的操作中排除的操作。The notactions property specifies the actions that are excluded from the allowed actions.

操作定义可以对给定资源类型执行哪种类型的操作。The action defines what type of operations you can perform on a given resource type. 例如:For example:

  • 使用 Write 可以执行 PUT、POST、PATCH 和 DELETE 操作。Write enables you to perform PUT, POST, PATCH, and DELETE operations.
  • 使用 Read 可以执行 GET 操作。Read enables you to perform GET operations.

本文仅针对目前存在的各种角色。This article only addresses the different roles that exist today. 不过,向用户分配角色时,可以通过定义作用域进一步限制允许的操作。When you assign a role to a user, though, you can limit the allowed actions further by defining a scope. 如果想要将某人设为网站参与者,但只针对一个资源组,则此功能很有用。This is helpful if you want to make someone a Website Contributor, but only for one resource group.

备注

Azure 角色定义不断演化。The Azure role definitions are constantly evolving. 本文尽可能地保持最新,但你总是可在 Azure PowerShell 中找到最新的角色定义。This article is kept as up to date as possible, but you can always find the latest roles definitions in Azure PowerShell. 使用 Get-AzureRmRoleDefinition cmdlet 列出所有当前角色。Use the Get-AzureRmRoleDefinition cmdlet to list all current roles. 可以使用 (get-azurermroledefinition "<role name>").actions(get-azurermroledefinition "<role name>").notactions 深入了解特定角色(如果适用)。You can dive in to a specific role using (get-azurermroledefinition "<role name>").actions or (get-azurermroledefinition "<role name>").notactions as applicable. 使用 Get-AzureRmProviderOperation 列出特定 Azure 资源提供程序的操作。Use Get-AzureRmProviderOperation to list operations of specific Azure resource providers.

角色名称Role name 说明Description
API 管理服务参与者API Management Service Contributor 可管理 API 管理服务和 APICan manage API Management service and the APIs
API 管理服务操作员角色API Management Service Operator Role 可管理 API 管理服务,但不能管理 API 本身Can manage API Management service, but not the APIs themselves
API 管理服务读者角色API Management Service Reader Role 对 API 管理服务和 API 具有只读访问权限Read-only access to API Management service and APIs
Application Insights 组件参与者Application Insights Component Contributor 可管理 Application Insights 组件Can manage Application Insights components
自动化操作员Automation Operator 能够启动、停止、暂停和继续执行作业Able to start, stop, suspend, and resume jobs
备份参与者Backup Contributor 可管理恢复服务保管库中的备份Can manage backup in Recovery Services vault
备份操作员Backup Operator 可管理恢复服务保管库中的备份(但无法删除备份)Can manage backup except removing backup, in Recovery Services vault
备份读取器Backup Reader 可查看所有备份管理服务Can view all backup management services
计费读者Billing Reader 可以查看所有计费信息Can view all billing information
BizTalk 参与者BizTalk Contributor 可管理 BizTalk 服务Can manage BizTalk services
ClearDB MySQL DB 参与者ClearDB MySQL DB Contributor 可管理 ClearDB MySQL 数据库Can manage ClearDB MySQL databases
参与者Contributor 可管理除访问权限以外的一切内容。Can manage everything except access.
数据工厂参与者Data Factory Contributor 可创建和管理数据工厂,以及它们包含的子资源。Can create and manage data factories, and child resources within them.
实验室用户DevTest Labs User 可查看一切内容,并可连接、启动、重启和关闭虚拟机Can view everything and connect, start, restart, and shutdown virtual machines
DNS 区域参与者DNS Zone Contributor 可以管理 DNS 区域和记录Can manage DNS zones and records
Azure Cosmos DB 帐户参与者Azure Cosmos DB Account Contributor 可管理 Azure Cosmos DB 帐户Can manage Azure Cosmos DB accounts
智能系统帐户参与者Intelligent Systems Account Contributor 可管理 Intelligent Systems 帐户Can manage Intelligent Systems accounts
逻辑应用参与者Logic App Contributor 可以管理逻辑应用的所有方面,但不能创建新应用。Can manage all aspects of a Logic App, but not create a new one.
逻辑应用运算符Logic App Operator 可以启动和停止在逻辑应用内定义的工作流。Can start and stop workflows defined within a Logic App.
监视查阅者Monitoring Reader 可以读取所有监视数据Can read all monitoring data
监视参与者Monitoring Contributor 可以读取监视数据和编辑监视设置Can read monitoring data and edit monitoring settings
网络参与者Network Contributor 可管理所有网络资源Can manage all network resources
New Relic APM 帐户参与者New Relic APM Account Contributor 可管理 New Relic 应用程序性能管理帐户和应用程序Can manage New Relic Application Performance Management accounts and applications
所有者Owner 可管理一切内容(包括访问权限)Can manage everything, including access
读者Reader 可查看一切内容,但不可作出更改Can view everything, but can't make changes
Redis 缓存参与者Redis Cache Contributor 可管理 Redis 缓存Can manage Redis caches
计划程序作业集合参与者Scheduler Job Collections Contributor 可管理计划程序作业集合Can manage scheduler job collections
搜索服务参与者Search Service Contributor 可管理搜索服务Can manage search services
安全经理Security Manager 可管理安全组件、安全策略和虚拟机Can manage security components, security policies, and virtual machines
Site Recovery 参与者Site Recovery Contributor 可以在恢复服务保管库中管理 Site RecoveryCan manage Site Recovery in Recovery Services vault
Site Recovery 运算符Site Recovery Operator 可以在恢复服务保管库中管理故障转移和故障回复 Site RecoveryCan manage failover and failback operations Site Recovery in Recovery Services vault
Site Recovery 读取器Site Recovery Reader 可以查看所有 Site Recovery 管理操作Can view all Site Recovery management operations
SQL DB 参与者SQL DB Contributor 可管理 SQL 数据库,但不包括其安全性相关的策略Can manage SQL databases, but not their security-related policies
SQL 安全管理器SQL Security Manager 可管理 SQL 服务器和数据库与安全性相关的策略Can manage the security-related policies of SQL servers and databases
SQL Server 参与者SQL Server Contributor 可管理 SQL 服务器和数据库,但不包括其安全性相关的策略Can manage SQL servers and databases, but not their security-related policies
经典存储帐户参与者Classic Storage Account Contributor 可管理经典存储帐户Can manage classic storage accounts
存储帐户参与者Storage Account Contributor 可管理存储帐户Can manage storage accounts
支持请求参与者Support Request Contributor 可以创建和管理支持请求Can create and manage support requests
用户访问管理员User Access Administrator 可管理用户对 Azure 资源的访问权限Can manage user access to Azure resources
经典虚拟机参与者Classic Virtual Machine Contributor 可管理经典虚拟机,但不包括与其连接的虚拟网络或存储帐户Can manage classic virtual machines, but not the virtual network or storage account to which they are connected
虚拟机参与者Virtual Machine Contributor 可管理虚拟机,但不包括与其连接的虚拟网络或存储帐户Can manage virtual machines, but not the virtual network or storage account to which they are connected
经典网络参与者Classic Network Contributor 可管理经典虚拟网络和保留 IPCan manage classic virtual networks and reserved IPs
Web 计划参与者Web Plan Contributor 可管理 Web 计划Can manage web plans
网站参与者Website Contributor 可管理网站,但不包括与其连接的 Web 计划Can manage websites, but not the web plans to which they are connected

角色权限Role permissions

下表描述授予每个角色的特定权限。The following tables describe the specific permissions given to each role. 这可能包括授予权限的操作和限制权限的不操作This can include Actions, which give permissions, and NotActions, which restrict them.

API 管理服务参与者API Management Service Contributor

可管理 API 管理服务Can manage API Management services

操作Actions
Microsoft.ApiManagement/Service/Microsoft.ApiManagement/Service/ 创建和管理 API 管理服务Create and manage API Management service
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取角色和角色分配Read roles and role assignments
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

API 管理服务操作员角色API Management Service Operator Role

可管理 API 管理服务Can manage API Management services

操作Actions
Microsoft.ApiManagement/Service//readMicrosoft.ApiManagement/Service//read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/Service/backup/actionMicrosoft.ApiManagement/Service/backup/action 将 API 管理服务备份到用户提供的存储帐户中的指定容器Back up API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/Service/deleteMicrosoft.ApiManagement/Service/delete 删除 API 管理服务实例Delete an API Management Service instance
Microsoft.ApiManagement/Service/managedeployments/actionMicrosoft.ApiManagement/Service/managedeployments/action 更改 SKU/单位;添加或删除 API 管理服务的区域部署Change SKU/units; add or remove regional deployments of API Management Service
Microsoft.ApiManagement/Service/readMicrosoft.ApiManagement/Service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.ApiManagement/Service/restore/actionMicrosoft.ApiManagement/Service/restore/action 从用户提供的存储帐户中的指定容器还原 API 管理服务Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/Service/updatehostname/actionMicrosoft.ApiManagement/Service/updatehostname/action 设置、更新或删除 API 管理服务的自定义域名Set up, update, or remove custom domain names for an API Management Service
Microsoft.ApiManagement/Service/writeMicrosoft.ApiManagement/Service/write 创建 API 管理服务的新实例Create a new instance of API Management Service
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取角色和角色分配Read roles and role assignments
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

API 管理服务读者角色API Management Service Reader Role

可管理 API 管理服务Can manage API Management services

操作Actions
Microsoft.ApiManagement/Service//readMicrosoft.ApiManagement/Service//read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/Service/readMicrosoft.ApiManagement/Service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取角色和角色分配Read roles and role assignments
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Application Insights 组件参与者Application Insights Component Contributor

可管理 Application Insights 组件Can manage Application Insights components

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.Insights/components/Microsoft.Insights/components/ 创建和管理 Insights 组件Create and manage Insights components
Microsoft.Insights/webtests/Microsoft.Insights/webtests/ 创建和管理 Web 测试Create and manage web tests
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

自动化运算符Automation Operator

能够启动、停止、暂停和继续执行作业Able to start, stop, suspend, and resume jobs

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 读取自动化帐户作业Read automation account jobs
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 继续自动化帐户作业Resume an automation account job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止自动化帐户作业Stop an automation account job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 读取自动化帐户作业流Read automation account job streams
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暂停自动化帐户作业Suspend an automation account job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 写入自动化帐户作业Write automation account jobs
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read 读取自动化帐户作业计划Read an automation account job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write 读取自动化帐户作业计划Read an automation account job schedule
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read 读取自动化帐户Read automation accounts
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 读取自动化 RunbookRead automation runbooks
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read 读取自动化帐户计划Read automation account schedules
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write 写入自动化帐户计划Write automation account schedules
Microsoft.Insights/components/Microsoft.Insights/components/ 创建和管理 Insights 组件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

备份参与者Backup Contributor

可管理所有备份管理操作,但无法创建恢复服务保管库和向他人授予访问权限Can manage all backup management actions, except creating Recovery Services vault and giving access to others

操作Actions
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/ 管理备份管理操作的结果Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/ 创建和管理恢复服务保管库备份结构中的备份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupJobs/Microsoft.RecoveryServices/Vaults/backupJobs/ 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 将备份作业导出到 excelExport backup jobs into an excel
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/Microsoft.RecoveryServices/Vaults/backupManagementMetaData/ 创建和管理与备份管理相关的元数据Create and manage meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/Microsoft.RecoveryServices/Vaults/backupOperationResults/ 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/Microsoft.RecoveryServices/Vaults/backupPolicies/ 创建和管理备份策略Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/Microsoft.RecoveryServices/Vaults/backupProtectableItems/ 创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/Microsoft.RecoveryServices/Vaults/backupProtectedItems/ 创建和管理已备份的项Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/Microsoft.RecoveryServices/Vaults/backupProtectionContainers/ 创建和管理包含备份项的容器Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/certificates/Microsoft.RecoveryServices/Vaults/certificates/ 创建和管理与恢复服务保管库中的备份相关的证书Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/Microsoft.RecoveryServices/Vaults/extendedInformation/ 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read recovery services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/Microsoft.RecoveryServices/Vaults/refreshContainers/ 管理用于获取新创建的容器的发现操作Manage discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/Microsoft.RecoveryServices/Vaults/registeredIdentities/ 创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/Microsoft.RecoveryServices/Vaults/usages/ 创建和管理恢复服务保管库的使用情况Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 读取存储帐户Read storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

备份操作员Backup Operator

可管理所有备份管理操作,但无法创建保管库和向他人授予访问权限Can manage all backup management actions except creating vaults, removing backup and giving access to others

操作Actions
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 读取备份管理操作的结果Read results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 读取对保护容器执行的操作结果Read operation results on protection containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 对已备份项执行按需备份操作Perform on-demand backup operation on a backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 读取对已备份项执行的操作结果Read result of operation performed on backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationStatus/read 读取对已备份项执行的操作状态Read status of operation performed on backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 读取已备份项Read backed up items
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 读取已备份项的恢复点Read recovery point of a backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 使用已备份项的恢复点执行还原操作Perform a restore operation using a recovery point of a backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 创建备份项Create a backup item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 读取包含备份项的容器Read containers holding backup item
Microsoft.RecoveryServices/Vaults/backupJobs/Microsoft.RecoveryServices/Vaults/backupJobs/ 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 将备份作业导出到 excelExport backup jobs into an excel
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read 读取与备份管理相关的元数据Read meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/Microsoft.RecoveryServices/Vaults/backupOperationResults/ 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 读取对备份策略执行的操作结果Read results of operations performed on backup policies
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 读取备份策略Read backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/Microsoft.RecoveryServices/Vaults/backupProtectableItems/ 创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 读取已备份项Read backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 读取包含备份项的备份容器Read backed up containers holding backup items
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 读取与保管库相关的扩展信息Read extended info related to vault
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write 写入与保管库相关的扩展信息Write extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read recovery services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/Microsoft.RecoveryServices/Vaults/refreshContainers/ 管理用于获取新创建的容器的发现操作Manage discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 读取对保管库的已注册项执行的操作结果Read results of operation performed on Registered items of the vault
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 读取保管库的已注册项Read registered items of the vault
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write 将已注册项写入保管库Write registered items to vault
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 读取恢复服务保管库的使用情况Read usage of the Recovery Services vault
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 读取存储帐户Read storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

备份读取器Backup Reader

可监视恢复服务保管库中的备份管理Can monitor backup management in Recovery Services vault

操作Actions
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 读取备份管理操作的结果Read results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 读取对保护容器执行的操作结果Read operation results on protection containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 读取对已备份项执行的操作结果Read result of operation performed on backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationStatus/read 读取对已备份项执行的操作状态Read status of operation performed on backed up item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 读取已备份项Read backed up items
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 读取包含备份项的容器Read containers holding backup item
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 读取备份作业的结果Read results of backup jobs
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 读取备份作业Read backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 将备份作业导出到 excelExport backup jobs into an excel
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read 读取与备份管理相关的元数据Read meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read 读取备份管理操作结果Read backup management operation results
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 读取对备份策略执行的操作结果Read results of operations performed on backup policies
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 读取备份策略Read backup policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 读取已备份项Read backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 读取包含备份项的备份容器Read backed up containers holding backup items
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 读取与保管库相关的扩展信息Read extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read recovery services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read 读取用于获取新创建的容器的发现操作的结果Read result of discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 读取对保管库的已注册项执行的操作结果Read results of operation performed on Registered items of the vault
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 读取保管库的已注册项Read registered items of the vault
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 读取恢复服务保管库的使用情况Read usage of the Recovery Services vault

计费读者Billing Reader

可以查看所有计费信息Can view all Billing information

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Billing//readMicrosoft.Billing//read 读取计费信息Read Billing information
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

BizTalk 参与者BizTalk Contributor

可管理 BizTalk 服务Can manage BizTalk services

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.BizTalkServices/BizTalk/Microsoft.BizTalkServices/BizTalk/ 创建和管理 BizTalk 服务Create and manage BizTalk services
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

ClearDB MySQL DB 参与者ClearDB MySQL DB Contributor

可管理 ClearDB MySQL 数据库Can manage ClearDB MySQL databases

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
successbricks.cleardb/databases/successbricks.cleardb/databases/ 创建和管理 ClearDB MySQL 数据库Create and manage ClearDB MySQL databases

参与者Contributor

可管理除访问权限以外的一切内容Can manage everything except access

操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
Microsoft.Authorization//DeleteMicrosoft.Authorization//Delete 无法删除角色和角色分配Can’t delete roles and role assignments
Microsoft.Authorization//WriteMicrosoft.Authorization//Write 无法创建角色和角色分配Can’t create roles and role assignments

数据工厂参与者Data Factory Contributor

创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them.

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.DataFactory/dataFactories/Microsoft.DataFactory/dataFactories/ 创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

DevTest 实验室用户DevTest Labs User

可查看一切内容,并可连接、启动、重启和关闭虚拟机Can view everything and connect, start, restart, and shutdown virtual machines

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read 读取可用性集属性Read the properties of availability sets
Microsoft.Compute/virtualMachines//readMicrosoft.Compute/virtualMachines//read 读取虚拟机属性(VM 大小、运行时状态、VM 扩展等)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.)
Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action 解除分配虚拟机Deallocate virtual machines
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 读取虚拟机属性Read the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action 重启虚拟机Restart virtual machines
Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action 启动虚拟机Start virtual machines
Microsoft.DevTestLab//readMicrosoft.DevTestLab//read 读取实验室属性Read the properties of a lab
Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action 创建实验室环境Create a lab environment
Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete 删除公式Delete formulas
Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read 读取公式Read formulas
Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write 添加或修改公式Add or modify formulas
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action 评估实验室策略Evaluate lab policies
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池Join a load balancer backend address pool
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则Join a load balancer inbound NAT rule
Microsoft.Network/networkInterfaces//readMicrosoft.Network/networkInterfaces//read 读取网络接口(例如,此网络接口所属的所有负载均衡器)的属性Read the properties of a network interface (for example, all the load balancers that the network interface is a part of)
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action 将虚拟机连接到网络接口Join a Virtual Machine to a network interface
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 读取网络接口Read network interfaces
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 写入网络接口Write network interfaces
Microsoft.Network/publicIPAddresses//readMicrosoft.Network/publicIPAddresses//read 读取公共 IP 地址的属性Read the properties of a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公共 IP 地址Join a public IP address
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 读取网络公共 IP 地址Read network public IP addresses
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络Join a virtual network
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 读取部署操作Read deployment operations
Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read 读取部署Read deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 列出存储帐户密钥List storage account keys

DNS 区域参与者DNS Zone Contributor

可以管理 DNS 区域和记录。Can manage DNS zones and records.

操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* 创建和管理 DNS 区域和记录Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read the health of the resources
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage Support tickets

Azure Cosmos DB 帐户参与者Azure Cosmos DB Account Contributor

可管理 Azure Cosmos DB 帐户Can manage Azure Cosmos DB accounts

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.DocumentDb/databaseAccounts/Microsoft.DocumentDb/databaseAccounts/ 创建和管理 DocumentDB 帐户Create and manage DocumentDB accounts
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Intelligent Systems 帐户参与者Intelligent Systems Account Contributor

可管理 Intelligent Systems 帐户Can manage Intelligent Systems accounts

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.IntelligentSystems/accounts/Microsoft.IntelligentSystems/accounts/ 创建和管理智能系统帐户Create and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

监视查阅者Monitoring Reader

可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.

操作Actions
/read/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 搜索 Log Analytics 数据Search Log Analytics data
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

监视参与者Monitoring Contributor

可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.

操作Actions
/read/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Insights/AlertRules/Microsoft.Insights/AlertRules/ 读取/写入/删除警报规则。Read/write/delete alert rules.
Microsoft.Insights/components/Microsoft.Insights/components/ 读取/写入/删除 Application Insights 组件。Read/write/delete Application Insights components.
Microsoft.Insights/DiagnosticSettings/Microsoft.Insights/DiagnosticSettings/ 读取/写入/删除诊断设置。Read/write/delete diagnostic settings.
Microsoft.Insights/eventtypes/Microsoft.Insights/eventtypes/ 列出订阅中的活动日志事件(管理事件)。List Activity Log events (management events) in a subscription. 此权限适用于对活动日志的编程和门户访问。This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/Microsoft.Insights/LogDefinitions/ 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/MetricDefinitions/Microsoft.Insights/MetricDefinitions/ 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/Microsoft.Insights/Metrics/ 读取资源的指标。Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 注册 Microsoft.Insights 提供程序。Register the Microsoft.Insights provider.
Microsoft.Insights/webtests/Microsoft.Insights/webtests/ 读取/写入/删除 Application Insights Web 测试。Read/write/delete Application Insights web tests.
Microsoft.OperationalInsights/workspaces/intelligencepacks/Microsoft.OperationalInsights/workspaces/intelligencepacks/ 读取/写入/删除 Log Analytics 解决方案包。Read/write/delete Log Analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/Microsoft.OperationalInsights/workspaces/savedSearches/ 读取/写入/删除 Log Analytics 保存的搜索。Read/write/delete Log Analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 搜索 Log Analytics 工作区。Search Log Analytics workspaces.
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action 列出 Log Analytics 工作区的键。List keys for a Log Analytics workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/Microsoft.OperationalInsights/workspaces/storageinsightconfigs/ 读取/写入/删除 Log Analytics 存储深入了解配置。Read/write/delete Log Analytics storage insight configurations.

网络参与者Network Contributor

可管理所有网络资源Can manage all network resources

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.Network/Microsoft.Network/ 创建并管理网络Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

New elic APM 帐户参与者New Relic APM Account Contributor

可管理 New Relic 应用程序性能管理帐户和应用程序Can manage New Relic Application Performance Management accounts and applications

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
NewRelic.APM/accounts/NewRelic.APM/accounts/ 创建并管理 New Relic 应用程序性能管理帐户Create and manage New Relic application performance management accounts

所有者Owner

可管理一切内容(包括访问权限)Can manage everything, including access

操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types

读取器Reader

可查看一切内容,但不可作出更改Can view everything, but can't make changes

操作Actions
/read/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.

Redis Cache 参与者Redis Cache Contributor

可管理 Redis 缓存Can manage Redis caches

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Cache/redis/Microsoft.Cache/redis/ 创建和管理 Redis 缓存Create and manage Redis caches
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

计划程序作业集合参与者Scheduler Job Collections Contributor

可管理计划程序作业集合Can manage Scheduler job collections

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Scheduler/jobcollections/Microsoft.Scheduler/jobcollections/ 创建和管理作业集合Create and manage job collections
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

搜索服务参与者Search Service Contributor

可管理搜索服务Can manage Search services

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Search/searchServices/Microsoft.Search/searchServices/ 创建和管理搜索服务Create and manage search services
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

安全管理器Security Manager

可管理安全组件、安全策略和虚拟机Can manage security components, security policies, and virtual machines

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.ClassicCompute//readMicrosoft.ClassicCompute//read 读取经典计算虚拟机的配置信息Read configuration information classic compute virtual machines
Microsoft.ClassicCompute/virtualMachines//writeMicrosoft.ClassicCompute/virtualMachines//write 为虚拟机写入配置Write configuration for virtual machines
Microsoft.ClassicNetwork//readMicrosoft.ClassicNetwork//read 读取有关经典网络的配置信息Read configuration information about classic network
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Security/Microsoft.Security/ 创建和管理安全组件和策略Create and manage security components and policies
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Site Recovery 参与者Site Recovery Contributor

可以管理所有 Site Recovery 管理操作,但无法创建恢复服务保管库和向其他用户分配访问权限Can manage all Site Recovery management actions, except creating Recovery Services vault and assigning access rights to other users

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write 更新保管库凭据证书Updates the vault credential certificate
Microsoft.RecoveryServices/Vaults/extendedInformation/Microsoft.RecoveryServices/Vaults/extendedInformation/ 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/Microsoft.RecoveryServices/Vaults/monitoringAlerts/ 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/read 读取恢复服务保管库通知配置Read Recovery services vault notification configuration
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read Recovery Services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read 管理用于获取新创建的容器的发现操作Manage discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/Microsoft.RecoveryServices/Vaults/registeredIdentities/ 创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/Microsoft.RecoveryServices/vaults/replicationAlertSettings/ 创建或更新复制警报设置Create or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取复制事件Read replication events
Microsoft.RecoveryServices/vaults/replicationFabrics/Microsoft.RecoveryServices/vaults/replicationFabrics/ 创建和管理复制结构Create and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/Microsoft.RecoveryServices/vaults/replicationJobs/ 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/Microsoft.RecoveryServices/vaults/replicationPolicies/ 创建和管理复制策略Create and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/ 创建和管理恢复计划Create and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/Microsoft.RecoveryServices/Vaults/storageConfig/ 创建和管理恢复服务保管库的存储配置Create and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read 读取恢复服务保管库的令牌信息Read Recovery Services vault token information
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 读取恢复服务保管库的使用情况详细信息Read usage details of a Recovery Services vault
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 读取存储帐户Read storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Site Recovery 运算符Site Recovery Operator

可以故障转移和故障回复,但不能执行其他 Site Recovery 管理操作或向其他用户分配访问权限Can Failover and Failback but can not perform other Site Recovery management actions or assign access to other users

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 读取与保管库相关的扩展信息Read extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/Microsoft.RecoveryServices/Vaults/monitoringAlerts/ 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/read 读取恢复服务保管库通知配置Read Recovery services vault notification configuration
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read Recovery Services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read 管理用于获取新创建的容器的发现操作Manage discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 读取提交操作的操作状态和结果Read operation status and result for a submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 读取为资源注册的容器Read containers registered for a resource
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取复制警报设置Read replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取复制事件Read replication events
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action 检查结构的一致性Check consistency of the fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取复制结构Read replication fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/ reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ reassociateGateway/action 重新关联复制网关Re-associate replication gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action 续订复制结构证书Renew replication fabric certificate
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取复制结构网络Read replication fabric networks
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationNetworks/replicationNetworkMappings/read 读取复制结构网络映射Read replication fabric network mapping
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/read 读取保护容器Read protection containers
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectableItems/read 获取所有可保护项的列表Get list of all protectable items
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ applyRecoveryPoint/action 应用特定的恢复点Apply a specific recovery point
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ failoverCommit/action 提交故障转移项的故障转移Commit failover for a failed over item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ plannedFailover/action 为受保护项启动计划内故障转移Start planned failover for a protected item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/read 获取所有受保护项的列表Get list of all protected items
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 获取可用恢复点的列表Get list of available recovery points
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ repairReplication/action 为受保护项修复复制Repair replication for a protected item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/reProtect/action 为受保护项启动重新保护Start re-protect for a protected item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/testFailover/action 开始测试受保护项的故障转移Start test failover of a protected item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ testFailoverCleanup/action 启动测试故障转移的清理Start cleanup of a test failover
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ unplannedFailover/action 启动受保护项的计划外故障转移Start unplanned failover of a protected item
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/ updateMobilityService/action 更新移动服务Update the mobility service
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectionContainerMappings/read 读取保护容器映射Read protection container mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/read 读取恢复服务提供程序Read Recovery Services providers
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/refreshProvider/action 刷新恢复服务提供程序Refresh Recovery Services provider
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/read 读取复制结构的存储分类Read storage classifications for replication fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/replicationStorageClassificationMappings/read 读取存储分类映射Read storage classification mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取已注册的 vCenter 信息Read registered vCenter information
Microsoft.RecoveryServices/vaults/replicationJobs/Microsoft.RecoveryServices/vaults/replicationJobs/ 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取复制策略Read replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/ failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/ failoverCommit/action 提交恢复计划故障转移的故障转移Commit failover for recovery plan failover
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/ plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/ plannedFailover/action 启动恢复计划的故障转移Start failover of a recovery plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取恢复计划Read recovery plans
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action 启动重新保护恢复计划Start re-protect of a recovery plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action 启动恢复计划的测试故障转移Start test failover of a recovery plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/ testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/ testFailoverCleanup/action 启动恢复计划测试故障转移的清理Start cleanup of a recovery plan test failover
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/ unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/ unplannedFailover/action 启动恢复计划的计划外故障转移Start unplanned failover of a recovery plan
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read 读取恢复服务保管库的存储配置Read storage configuration of a Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read 读取恢复服务保管库的令牌信息Read Recovery Services vault token information
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 读取恢复服务保管库的使用情况详细信息Read usage details of a Recovery Services vault
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 读取存储帐户Read storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Site Recovery 读取器Site Recovery Reader

可以监视恢复服务保管库中的 Site Recovery 状态并发出支持票证Can monitor Site Recovery status in Recovery Services vault and raise Support tickets

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 读取与保管库相关的扩展信息Read extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/ notificationConfiguration/read 读取恢复服务保管库通知配置Read Recovery services vault notification configuration
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 读取恢复服务保管库Read Recovery Services vaults
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read 管理用于获取新创建的容器的发现操作Manage discovery operation for fetching newly created containers
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 读取提交操作的操作状态和结果Read operation status and result for a submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 读取为资源注册的容器Read containers registered for a resource
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取复制警报设置Read replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取复制事件Read replication events
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取复制结构Read replication fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取复制结构网络Read replication fabric networks
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationNetworks/replicationNetworkMappings/read 读取复制结构网络映射Read replication fabric network mapping
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/read 读取保护容器Read protection containers
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectableItems/read 获取所有可保护项的列表Get list of all protectable items
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/read 获取所有受保护项的列表Get list of all protected items
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 获取可用恢复点的列表Get list of available recovery points
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationProtectionContainers/replicationProtectionContainerMappings/read 读取保护容器映射Read protection container mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationRecoveryServicesProviders/read 读取恢复服务提供程序Read Recovery Services providers
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/read 读取复制结构的存储分类Read storage classifications for replication fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/ replicationStorageClassifications/replicationStorageClassificationMappings/read 读取存储分类映射Read storage classification mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取已注册的 vCenter 信息Read registered vCenter information
Microsoft.RecoveryServices/vaults/replicationJobs/readMicrosoft.RecoveryServices/vaults/replicationJobs/read 读取复制作业的状态Read status of replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取复制策略Read replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取恢复计划Read recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read 读取恢复服务保管库的存储配置Read storage configuration of a Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read 读取恢复服务保管库的令牌信息Read Recovery Services vault token information
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 读取恢复服务保管库的使用情况详细信息Read usage details of a Recovery Services vault
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

SQL DB 参与者SQL DB Contributor

可管理 SQL 数据库,但不包括其安全性相关的策略Can manage SQL databases but not their security-related policies

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Sql/servers/databases/Microsoft.Sql/servers/databases/ 创建和管理 SQL 数据库Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 读取 SQL ServerRead SQL Servers
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/ 无法编辑审核策略Can't edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/ 无法编辑审核设置Can't edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 无法读取审核记录Can't read audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/ 无法编辑连接策略Can't edit connection policies
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/ 无法编辑数据屏蔽策略Can't edit data masking policies
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/ 无法编辑安全警报策略Can't edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/ 无法编辑安全度量值Can't edit security metrics

SQL 安全管理器SQL Security Manager

可管理 SQL 服务器和数据库与安全性相关的策略Can manage the security-related policies of SQL servers and databases

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取 Microsoft 授权Read Microsoft authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Sql/servers/auditingPolicies/Microsoft.Sql/servers/auditingPolicies/ 创建和管理 SQL 服务器审核策略Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/Microsoft.Sql/servers/auditingSettings/ 创建和管理 SQL 服务器审核设置Create and manage SQL server auditing setting
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/ 创建和管理 SQL 服务器数据库审核策略Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/ 创建和管理 SQL 服务器数据库审核设置Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/ 创建和管理 SQL 服务器数据库连接策略Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/ 创建和管理 SQL 服务器数据库数据屏蔽策略Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read 读取 SQL 数据库Read SQL databases
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 读取 SQL 服务器数据库架构Read SQL server database schemas
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 读取 SQL 服务器数据库表列Read SQL server database table columns
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 读取 SQL 服务器数据库表Read SQL server database tables
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/ 创建和管理 SQL 服务器数据库安全警报策略Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/ 创建和管理 SQL 服务器数据库安全度量值Create and manage SQL server database security metrics
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 读取 SQL ServerRead SQL Servers
Microsoft.Sql/servers/securityAlertPolicies/Microsoft.Sql/servers/securityAlertPolicies/ 创建和管理 SQL 服务器安全警报策略Create and manage SQL server security alert policies
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

SQL Server 参与者SQL Server Contributor

可管理 SQL 服务器和数据库,但不包括其安全性相关的策略Can manage SQL servers and databases but not their security-related policies

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Sql/servers/Microsoft.Sql/servers/ 创建和管理 SQL 服务器Create and manage SQL servers
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.Sql/servers/auditingPolicies/Microsoft.Sql/servers/auditingPolicies/ 无法编辑 SQL 服务器审核策略Can't edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/Microsoft.Sql/servers/auditingSettings/ 无法编辑 SQL 服务器审核设置Can't edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/Microsoft.Sql/servers/databases/auditingPolicies/ 无法编辑 SQL 服务器数据库审核策略Can't edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/Microsoft.Sql/servers/databases/auditingSettings/ 无法编辑 SQL 服务器数据库审核设置Can't edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 无法读取审核记录Can't read audit records
Microsoft.Sql/servers/databases/connectionPolicies/Microsoft.Sql/servers/databases/connectionPolicies/ 无法编辑 SQL 服务器数据库连接策略Can't edit SQL server database connection policies
Microsoft.Sql/servers/databases/dataMaskingPolicies/Microsoft.Sql/servers/databases/dataMaskingPolicies/ 无法编辑 SQL 服务器数据库数据屏蔽策略Can't edit SQL server database data masking policies
Microsoft.Sql/servers/databases/securityAlertPolicies/Microsoft.Sql/servers/databases/securityAlertPolicies/ 无法编辑 SQL 服务器数据库安全警报策略Can't edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/Microsoft.Sql/servers/databases/securityMetrics/ 无法编辑 SQL 服务器数据库安全度量值Can't edit SQL server database security metrics
Microsoft.Sql/servers/securityAlertPolicies/Microsoft.Sql/servers/securityAlertPolicies/ 无法编辑 SQL 服务器安全警报策略Can't edit SQL server security alert policies

经典存储帐户参与者Classic Storage Account Contributor

可管理经典存储帐户Can manage classic storage accounts

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.ClassicStorage/storageAccounts/Microsoft.ClassicStorage/storageAccounts/ 创建和管理存储帐户Create and manage storage accounts
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

存储帐户参与者Storage Account Contributor

可管理存储帐户,但不能访问。Can manage storage accounts, but not access to them.

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取所有授权Read all authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/Microsoft.Insights/diagnosticSettings/ 管理诊断设置Manage diagnostic settings
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/Microsoft.Storage/storageAccounts/ 创建和管理存储帐户Create and manage storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

支持请求参与者Support Request Contributor

可以在订阅范围内创建和管理支持票证Can create and manage support tickets at the subscription scope

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取角色和角色分配Read roles and role assignments

用户访问管理员User Access Administrator

可管理用户对 Azure 资源的访问权限Can manage user access to Azure resources

操作Actions
/read/read 读取除密码外的所有类型的资源。Read resources of all Types, except secrets.
Microsoft.Authorization/Microsoft.Authorization/ 管理授权Manage authorization
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

经典虚拟机参与者Classic Virtual Machine Contributor

可管理经典虚拟机,但不包括与其连接的虚拟网络或存储帐户Can manage classic virtual machines but not the virtual network or storage account to which they are connected

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.ClassicCompute/domainNames/Microsoft.ClassicCompute/domainNames/ 创建和管理经典计算域名Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/Microsoft.ClassicCompute/virtualMachines/ 创建和管理虚拟机Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action 加入网络安全组Join network security groups
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 链接保留 IPLink reserved IPs
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 读取保留 IP 地址Read reserved IP addresses
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 加入虚拟网络Join virtual networks
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 读取存储帐户磁盘Read storage account disks
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 读取存储帐户图像Read storage account images
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户密钥List storage account keys
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 读取经典存储帐户Read classic storage accounts
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

虚拟机参与者Virtual Machine Contributor

可管理虚拟机,但不包括与其连接的虚拟网络或存储帐户Can manage virtual machines but not the virtual network or storage account to which they are connected

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Compute/availabilitySets/Microsoft.Compute/availabilitySets/ 创建和管理计算可用性集Create and manage compute availability sets
Microsoft.Compute/locations/Microsoft.Compute/locations/ 创建和管理计算位置Create and manage compute locations
Microsoft.Compute/virtualMachines/Microsoft.Compute/virtualMachines/ 创建和管理虚拟机Create and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/Microsoft.Compute/virtualMachineScaleSets/ 创建和管理虚拟机规模集Create and manage virtual machine scale sets
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 加入网络应用程序网关后端地址池Join network application gateway backend address pools
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池Join load balancer backend address pools
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 加入负载均衡器入站 NAT 池Join load balancer inbound NAT pools
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则Join load balancer inbound NAT rules
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 读取负载均衡器Read load balancers
Microsoft.Network/locations/Microsoft.Network/locations/ 创建和管理网络位置Create and manage network locations
Microsoft.Network/networkInterfaces/Microsoft.Network/networkInterfaces/ 创建和管理网络接口Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组Join network security groups
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 读取网络安全组Read network security groups
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入网络公共 IP 地址Join network public IP addresses
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 读取网络公共 IP 地址Read network public IP addresses
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 读取虚拟网络Read virtual networks
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络子网Join virtual network subnets
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 列出存储帐户密钥List storage account keys
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 读取存储帐户Read storage accounts
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

经典网络参与者Classic Network Contributor

可管理经典虚拟网络和保留 IPCan manage classic virtual networks and reserved IPs

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.ClassicNetwork/Microsoft.ClassicNetwork/ 创建和管理经典网络Create and manage classic networks
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets

Web 计划参与者Web Plan Contributor

可管理 Web 计划Can manage web plans

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
Microsoft.Web/serverFarms/Microsoft.Web/serverFarms/ 创建和管理服务器场Create and manage server farms

网站参与者Website Contributor

可管理网站,但不包括与其连接的 Web 计划Can manage websites but not the web plans to which they are connected

操作Actions
Microsoft.Authorization//readMicrosoft.Authorization//read 读取授权Read authorization
Microsoft.Insights/alertRules/Microsoft.Insights/alertRules/ 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/components/Microsoft.Insights/components/ 创建和管理 Insights 组件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 读取资源的运行状况Read health of the resources
Microsoft.Resources/deployments/Microsoft.Resources/deployments/ 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 读取资源组Read resource groups
Microsoft.Support/Microsoft.Support/ 创建和管理支持票证Create and manage support tickets
Microsoft.Web/certificates/Microsoft.Web/certificates/ 创建和管理网站证书Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 读取分配到主机名的站点Read sites assigned to a host name
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action 加入服务器场Join server farms
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 读取服务器场Read server farms
Microsoft.Web/sites/Microsoft.Web/sites/ 创建和管理网站(站点创建还需要对关联应用服务计划有写入权限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)

另请参阅See also