您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 资源的内置角色Built-in roles for Azure resources

基于角色的访问控制 (RBAC) 拥有 Azure 资源的多个内置角色,可将其分配给用户、组、服务主体和托管标识。Role-based access control (RBAC) has several built-in roles for Azure resources that you can assign to users, groups, service principals, and managed identities. 角色分配是控制对 Azure 资源的访问的方式。Role assignments are the way you control access to Azure resources. 如果内置角色不能满足组织的特定需求,则可以为 Azure 资源创建你自己的自定义角色If the built-in roles don't meet the specific needs of your organization, you can create your own custom roles for Azure resources.

本文列出了 Azure 资源的内置角色,这些角色总是在不断发展。This article lists the built-in roles for Azure resources, which are always evolving. 若要获取最新角色,请使用 Get-AzRoleDefinitionaz role definition listTo get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果你正在寻找 Azure Active Directory 的管理员角色,请参阅 Azure Active Directory 中的管理员角色权限If you are looking for administrator roles for Azure Active Directory, see Administrator role permissions in Azure Active Directory.

内置角色说明Built-in role descriptions

下表提供了每个内置角色的简短说明。The following table provides a brief description of each built-in role. 单击角色名称,查看每个角色的 ActionsNotActionsDataActionsNotDataActions 列表。Click the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 有关这些操作的含义以及它们如何应用于管理和数据平面的信息,请参阅了解 Azure 资源的角色定义For information about what these actions mean and how they apply to the management and data planes, see Understand role definitions for Azure resources.

内置角色Built-in role 说明Description IDId
所有者Owner 允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
参与者Contributor 允许管理所有功能(授予对资源的访问权限除外)。Lets you manage everything except granting access to resources. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
读者Reader 允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
AcrDeleteAcrDelete acr deleteacr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner ACR 映像签名程序acr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull acr 拉取acr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush acr 推送acr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader ACR 隔离数据读取器acr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter ACR 隔离数据编写器acr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
API 管理服务参与者API Management Service Contributor 可以管理服务和 APICan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
API 管理服务操作员角色API Management Service Operator Role 可以管理服务,但不可管理 APICan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
API 管理服务读者角色API Management Service Reader Role 对服务和 API 的只读访问权限Read-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
Application Insights 组件参与者Application Insights Component Contributor 可管理 Application Insights 组件Can manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights 快照调试器Application Insights Snapshot Debugger 授予用户查看和下载使用 Application Insights Snapshot Debugger 收集的调试快照的权限。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 请注意,所有者参与者角色中未包括这些权限。Note that these permissions are not included in the Owner or Contributor roles. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
自动化作业操作员Automation Job Operator 使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
自动化操作员Automation Operator 自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
自动化 Runbook 操作员Automation Runbook Operator 读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Avere 参与者Avere Contributor 可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere 操作员Avere Operator 由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
Azure 事件中心数据所有者Azure Event Hubs Data Owner 允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure 事件中心数据接收者Azure Event Hubs Data Receiver 允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure 事件中心数据发送者Azure Event Hubs Data Sender 允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role 列出群集管理员凭据操作。List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role 列出群集用户凭据操作。List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
Azure Maps 数据读取器(预览)Azure Maps Data Reader (Preview) 授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
Azure Sentinel 参与者Azure Sentinel Contributor Azure Sentinel 参与者Azure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel 读取器Azure Sentinel Reader Azure Sentinel 读取器Azure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel 响应程序Azure Sentinel Responder Azure Sentinel 响应程序Azure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Azure 服务总线数据所有者Azure Service Bus Data Owner 允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure 服务总线数据接收者Azure Service Bus Data Receiver 允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure 服务总线数据发送者Azure Service Bus Data Sender 允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Azure Stack 注册所有者Azure Stack Registration Owner 允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
备份参与者Backup Contributor 允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
备份操作员Backup Operator 允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
备份读取器Backup Reader 可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
计费读者Billing Reader 允许对帐单数据进行读取访问Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
BizTalk 参与者BizTalk Contributor 允许管理 BizTalk 服务,但不允许访问这些服务。Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
区块链成员节点访问(预览)Blockchain Member Node Access (Preview) 允许访问区块链成员节点Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
蓝图参与者Blueprint Contributor 可以管理蓝图定义,但不能对其进行分配。Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
蓝图操作员Blueprint Operator 可以分配现有的已发布蓝图,但无法创建新的蓝图。Can assign existing published blueprints, but cannot create new blueprints. 注意:仅当使用用户分配的托管标识完成分配时,此操作才有效。NOTE: this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
CDN 终结点参与者CDN Endpoint Contributor 可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN 终结点读者CDN Endpoint Reader 可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can’t make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
CDN 配置文件参与者CDN Profile Contributor 可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN 配置文件读者CDN Profile Reader 可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
经典网络参与者Classic Network Contributor 允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
经典存储帐户参与者Classic Storage Account Contributor 允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role 允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
经典虚拟机参与者Classic Virtual Machine Contributor 允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
认知服务参与者Cognitive Services Contributor 允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
认知服务数据读者(预览)Cognitive Services Data Reader (Preview) 可以读取认知服务数据。Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
认知服务用户Cognitive Services User 允许读取和列出认知服务密钥。Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
Cosmos DB 帐户读者角色Cosmos DB Account Reader Role 可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB 操作员Cosmos DB Operator 可以管理 Azure Cosmos DB 帐户,但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator 可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
成本管理参与者Cost Management Contributor 可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
成本管理读者Cost Management Reader 可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
Data Box 参与者Data Box Contributor 可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
Data Box 读者Data Box Reader 可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
数据工厂参与者Data Factory Contributor 创建和管理数据工厂,以及其中的子资源。Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
Data Lake Analytics 开发人员Data Lake Analytics Developer 允许提交、监视和管理自己的作业,但是不允许创建或删除 Data Lake Analytics 帐户。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
数据清除程序Data Purger 可清除分析数据Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
实验室用户DevTest Labs User 允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
DNS 区域参与者DNS Zone Contributor 允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
DocumentDB 帐户参与者DocumentDB Account Contributor 可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
EventGrid EventSubscription 参与者EventGrid EventSubscription Contributor 可以管理 EventGrid 事件订阅操作。Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription 读者EventGrid EventSubscription Reader 可以读取 EventGrid 事件订阅。Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
HDInsight 群集操作员HDInsight Cluster Operator 允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
HDInsight 域服务参与者HDInsight Domain Services Contributor 可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
智能系统帐户参与者Intelligent Systems Account Contributor 允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
密钥保管库参与者Key Vault Contributor 允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
实验室创建者Lab Creator 允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
Log Analytics 参与者Log Analytics Contributor Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics 读者Log Analytics Reader Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
逻辑应用参与者Logic App Contributor 允许管理逻辑应用,但不允许更改其访问权限。Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
逻辑应用操作员Logic App Operator 允许读取、启用和禁用逻辑应用,但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
托管应用程序操作员角色Managed Application Operator Role 可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
托管应用程序读者Managed Applications Reader 允许读取托管应用中的资源和请求 JIT 访问。Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
托管的标识参与者Managed Identity Contributor 创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
托管的标识操作员Managed Identity Operator 读取和分配用户分配的标识Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
托管服务注册分配删除角色Managed Services Registration assignment Delete Role 托管服务注册分配删除角色允许管理租户用户删除分配给其租户的注册分配。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
管理组参与者Management Group Contributor 管理组参与者角色Management Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
管理组读取者Management Group Reader 管理组读取者角色Management Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
监视参与者Monitoring Contributor 可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
监视指标发布者Monitoring Metrics Publisher 允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
监视查阅者Monitoring Reader 可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
网络参与者Network Contributor 允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
New Relic APM 帐户参与者New Relic APM Account Contributor 允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
读取器和数据访问Reader and Data Access 允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
Redis 缓存参与者Redis Cache Contributor 允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
资源策略参与者(预览)Resource Policy Contributor (Preview) (预览)通过 EA 回填的 用户,具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
计划程序作业集合参与者Scheduler Job Collections Contributor 允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
搜索服务参与者Search Service Contributor 允许管理搜索服务,但不允许访问这些服务。Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
安全管理员Security Admin 仅在安全中心内:可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
安全管理器(旧版)Security Manager (Legacy) 这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
安全读取者Security Reader 仅在安全中心内:可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
Site Recovery 参与者Site Recovery Contributor 允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery 运算符Site Recovery Operator 允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery 读取器Site Recovery Reader 允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
空间定位点帐户参与者Spatial Anchors Account Contributor 允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
空间定位点帐户所有者Spatial Anchors Account Owner 允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
空间定位点帐户读取者Spatial Anchors Account Reader 允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
SQL DB 参与者SQL DB Contributor 允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
SQL 托管实例参与者SQL Managed Instance Contributor 允许你管理 SQL 托管实例和所需的网络配置,但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL 安全管理器SQL Security Manager 允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
SQL Server 参与者SQL Server Contributor 允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
存储帐户参与者Storage Account Contributor 允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限,而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
存储帐户密钥操作员服务角色Storage Account Key Operator Service Role 允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
存储 Blob 数据参与者Storage Blob Data Contributor 读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
存储 Blob 数据所有者Storage Blob Data Owner 提供对 Azure 存储 blob 容器和数据的完全访问权限,包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
存储 Blob 数据读者Storage Blob Data Reader 读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
存储 Blob 代理Storage Blob Delegator 获取用户委托密钥,该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息,请参阅创建用户委托 SASFor more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
存储文件数据 SMB 共享参与者Storage File Data SMB Share Contributor 允许通过 SMB 在 Azure 存储文件共享中进行读取、写入和删除访问Allows for read, write, and delete access in Azure Storage file shares over SMB 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
存储文件数据 SMB 共享的权限提升参与者Storage File Data SMB Share Elevated Contributor 允许通过 SMB 在 Azure 存储文件共享中进行读取、写入、删除和修改 NTFS 权限的访问Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
存储文件数据 SMB 共享读取者Storage File Data SMB Share Reader 允许通过 SMB 对 Azure 文件共享进行读取访问Allows for read access to Azure File Share over SMB aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
存储队列数据参与者Storage Queue Data Contributor 读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
存储队列数据消息处理者Storage Queue Data Message Processor 在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
存储队列数据消息发送者Storage Queue Data Message Sender 向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
存储队列数据读取者Storage Queue Data Reader 读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
支持请求参与者Support Request Contributor 允许创建和管理支持请求Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
流量管理器参与者Traffic Manager Contributor 允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
用户访问管理员User Access Administrator 允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
虚拟机管理员登录Virtual Machine Administrator Login 在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
虚拟机参与者Virtual Machine Contributor 允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
虚拟机用户登录Virtual Machine User Login 在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
Web 计划参与者Web Plan Contributor 允许管理网站的 Web 计划,但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
网站参与者Website Contributor 允许管理网站(而非 Web 计划),但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772

所有者Owner

说明Description 允许管理所有功能,包括对资源的访问权限。Lets you manage everything, including access to resources.
IdId 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

参与者Contributor

说明Description 允许管理所有功能(授予对资源的访问权限除外)。Lets you manage everything except granting access to resources.
IdId b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
操作Actions
* 创建和管理所有类型的资源Create and manage resources of all types
不操作NotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete 删除角色、策略分配、策略定义和策略集定义Delete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write 创建角色、角色分配、策略分配、策略定义和策略集定义Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action 向调用方授予租户范围的“用户访问管理员”访问权限Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 创建或更新任何蓝图分配Create or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 删除任何蓝图分配Delete any blueprint assignments
DataActionsDataActions
none
NotDataActionsNotDataActions
none

读取器Reader

说明Description 允许查看所有内容,但不能进行任何更改。Lets you view everything, but not make any changes.
IdId acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrDeleteAcrDelete

说明Description acr deleteacr delete
IdId c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
操作Actions
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete 删除容器注册表中的项目。Delete artifact in a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrImageSignerAcrImageSigner

说明Description ACR 映像签名程序acr image signer
IdId 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
操作Actions
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write 推送/拉取容器注册表的内容信任元数据。Push/Pull content trust metadata for a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrPullAcrPull

说明Description acr 拉取acr pull
IdId 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrPushAcrPush

说明Description acr 推送acr push
IdId 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
操作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 从容器注册表中拉取或获取映像。Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write 将映像推送或写入容器注册表。Push or Write images to a container registry.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrQuarantineReaderAcrQuarantineReader

说明Description ACR 隔离数据读取器acr quarantine data reader
IdId cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
操作Actions
Microsoft.containerregistry/注册表/隔离/读取Microsoft.ContainerRegistry/registries/quarantine/read 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

AcrQuarantineWriterAcrQuarantineWriter

说明Description ACR 隔离数据编写器acr quarantine data writer
IdId c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
操作Actions
Microsoft.containerregistry/注册表/隔离/读取Microsoft.ContainerRegistry/registries/quarantine/read 从容器注册表中拉取或获取已隔离的映像Pull or Get quarantined images from container registry
Microsoft.containerregistry/注册表/隔离/写入Microsoft.ContainerRegistry/registries/quarantine/write 写入/修改已隔离映像的隔离状态Write/Modify quarantine state of quarantined images
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务参与者API Management Service Contributor

说明Description 可以管理服务和 APICan manage service and the APIs
IdId 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
操作Actions
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* 创建和管理 API 管理服务Create and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务操作员角色API Management Service Operator Role

说明Description 可以管理服务,但不可管理 APICan manage service but not the APIs
IdId e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
操作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action 将 API 管理服务备份到用户提供的存储帐户中的指定容器Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete 删除 API 管理服务实例Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action 更改 API 管理服务的 SKU/单位,以及添加/删除其区域部署Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action 从用户提供的存储帐户中的指定容器还原 API 管理服务Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action 上传 API 管理服务的 SSL 证书Upload SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action 设置、更新或删除 API 管理服务的自定义域名Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write 创建 API 管理服务的新实例Create a new instance of API Management Service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none

API 管理服务读者角色API Management Service Reader Role

说明Description 对服务和 API 的只读访问权限Read-only access to service and APIs
IdId 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
操作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 读取 API 管理服务实例Read API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 读取 API 管理服务实例的元数据Read metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 获取与用户关联的密钥Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Application Insights 组件参与者Application Insights Component Contributor

说明Description 可管理 Application Insights 组件Can manage Application Insights components
IdId ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Insights/components/*Microsoft.Insights/components/* 创建和管理 Insights 组件Create and manage Insights components
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* 创建和管理 Web 测试Create and manage web tests
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Application Insights 快照调试器Application Insights Snapshot Debugger

说明Description 授予用户查看和下载使用 Application Insights Snapshot Debugger 收集的调试快照的权限。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 请注意,所有者参与者角色中未包括这些权限。Note that these permissions are not included in the Owner or Contributor roles.
IdId 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化作业操作员Automation Job Operator

说明Description 使用自动化 Runbook 创建和管理作业。Create and Manage Jobs using Automation Runbooks.
IdId 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 获取作业的输出Gets the output of a job
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化运算符Automation Operator

说明Description 自动化操作员能够启动、停止、暂停和恢复作业Automation Operators are able to start, stop, suspend, and resume jobs
IdId d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 读取混合 Runbook 辅助角色资源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 获取 Azure 自动化作业Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 恢复 Azure 自动化作业Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自动化作业Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 获取 Azure 自动化作业流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暂停 Azure 自动化作业Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 创建 Azure 自动化作业Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read 获取 Azure 自动化作业计划Gets an Azure Automation job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write 创建 Azure 自动化作业计划Creates an Azure Automation job schedule
Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read 获取链接到自动化帐户的工作区Gets the workspace linked to the automation account
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read 获取 Azure 自动化帐户。Gets an Azure Automation account
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read 获取 Azure 自动化计划资产Gets an Azure Automation schedule asset
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write 创建或更新 Azure 自动化计划资产Creates or updates an Azure Automation schedule asset
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 获取作业的输出Gets the output of a job
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

自动化 Runbook 操作员Automation Runbook Operator

说明Description 读取 Runbook 属性 - 以能够创建 runbook 的作业。Read Runbook properties - to be able to create Jobs of the runbook.
IdId 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 获取 Azure 自动化 RunbookGets an Azure Automation runbook
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Avere 参与者Avere Contributor

说明Description 可以创建和管理 Avere vFXT 群集。Can create and manage an Avere vFXT cluster.
IdId 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read 获取资源组的资源。Gets the resources for the resource group.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
none

Avere 操作员Avere Operator

说明Description 由 Avere vFXT 群集用来管理群集Used by the Avere vFXT cluster to manage the cluster
IdId c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
操作Actions
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 获取虚拟机的属性Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 创建网络接口,或更新现有的网络接口。Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 获取虚拟网络子网定义Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 返回删除容器的结果Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器列表Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 返回放置 blob 容器的结果Returns the result of put blob container
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 返回删除 blob 的结果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 blob 或 blob 列表Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 返回写入 blob 的结果Returns the result of writing a blob
NotDataActionsNotDataActions
none

Azure 事件中心数据所有者Azure Event Hubs Data Owner

说明Description 允许完全访问 Azure 事件中心资源。Allows for full access to Azure Event Hubs resources.
IdId f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
操作Actions
Microsoft.EventHub/*Microsoft.EventHub/*
不操作NotActions
none
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
none

Azure 事件中心数据接收者Azure Event Hubs Data Receiver

说明Description 允许接收对 Azure 事件中心资源的访问权限。Allows receive access to Azure Event Hubs resources.
IdId a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
操作Actions
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
不操作NotActions
none
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
none

Azure 事件中心数据发送者Azure Event Hubs Data Sender

说明Description 允许以发送方式访问 Azure 事件中心资源。Allows send access to Azure Event Hubs resources.
IdId 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
操作Actions
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
不操作NotActions
none
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
none

Azure Kubernetes 服务群集管理员角色Azure Kubernetes Service Cluster Admin Role

说明Description 列出群集管理员凭据操作。List cluster admin credential action.
IdId 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
操作Actions
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 列出托管群集的 clusterAdmin 凭据List the clusterAdmin credential of a managed cluster
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Kubernetes 服务群集用户角色Azure Kubernetes Service Cluster User Role

说明Description 列出群集用户凭据操作。List cluster user credential action.
IdId 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
操作Actions
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出托管群集的 clusterUser 凭据List the clusterUser credential of a managed cluster
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Maps 数据读取器(预览版)Azure Maps Data Reader (Preview)

说明Description 授予从 Azure Maps 帐户中读取相关数据的权限。Grants access to read map related data from an Azure maps account.
IdId 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Maps/accounts/data/readMicrosoft.Maps/accounts/data/read 授予对映射帐户的数据读权限。Grants data read access to a maps account.
NotDataActionsNotDataActions
none

Azure Sentinel 参与者Azure Sentinel Contributor

说明Description Azure Sentinel 参与者Azure Sentinel Contributor
IdId ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
操作Actions
SecurityInsights/*Microsoft.SecurityInsights/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/readMicrosoft.OperationalInsights/workspaces/read 获取现有工作区Gets an existing workspace
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/*
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 获取现有的 OMS 解决方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 基于工作区中的数据运行查询Run queries over the data in the workspace
Microsoft.operationalinsights/工作区/数据源/读取Microsoft.OperationalInsights/workspaces/dataSources/read 获取工作区下面的数据源。Get datasources under a workspace.
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Sentinel 读取器Azure Sentinel Reader

说明Description Azure Sentinel 读取器Azure Sentinel Reader
IdId 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
操作Actions
SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/readMicrosoft.OperationalInsights/workspaces/read 获取现有工作区Gets an existing workspace
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read 获取保存的搜索查询Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 获取现有的 OMS 解决方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 基于工作区中的数据运行查询Run queries over the data in the workspace
Microsoft.operationalinsights/工作区/数据源/读取Microsoft.OperationalInsights/workspaces/dataSources/read 获取工作区下面的数据源。Get datasources under a workspace.
Microsoft Insights/工作簿/读取Microsoft.Insights/workbooks/read 读取工作簿Read a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure Sentinel 响应程序Azure Sentinel Responder

说明Description Azure Sentinel 响应程序Azure Sentinel Responder
IdId 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
操作Actions
SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
SecurityInsights/case/*Microsoft.SecurityInsights/cases/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/readMicrosoft.OperationalInsights/workspaces/read 获取现有工作区Gets an existing workspace
Microsoft.operationalinsights/工作区/数据源/读取Microsoft.OperationalInsights/workspaces/dataSources/read 获取工作区下面的数据源。Get datasources under a workspace.
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read 获取保存的搜索查询Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 获取现有的 OMS 解决方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 基于工作区中的数据运行查询Run queries over the data in the workspace
Microsoft.operationalinsights/工作区/数据源/读取Microsoft.OperationalInsights/workspaces/dataSources/read 获取工作区下面的数据源。Get datasources under a workspace.
Microsoft Insights/工作簿/读取Microsoft.Insights/workbooks/read 读取工作簿Read a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Azure 服务总线数据所有者Azure Service Bus Data Owner

说明Description 允许完全访问 Azure 服务总线资源。Allows for full access to Azure Service Bus resources.
IdId 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
操作Actions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
不操作NotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotDataActionsNotDataActions
none

Azure 服务总线数据接收者Azure Service Bus Data Receiver

说明Description 允许对 Azure 服务总线资源进行接收访问。Allows for receive access to Azure Service Bus resources.
IdId 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
操作Actions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
不操作NotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action
NotDataActionsNotDataActions
none

Azure 服务总线数据发送者Azure Service Bus Data Sender

说明Description 允许对 Azure 服务总线资源进行发送访问。Allows for send access to Azure Service Bus resources.
IdId 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
操作Actions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
不操作NotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action
NotDataActionsNotDataActions
none

Azure Stack 注册所有者Azure Stack Registration Owner

说明Description 允许管理 Azure Stack 注册。Lets you manage Azure Stack registrations.
IdId 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
操作Actions
Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read 获取 Azure Stack 市场产品的属性Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read 获取 Azure Stack 注册的属性Gets the properties of an Azure Stack registration
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份参与者Backup Contributor

说明Description 允许管理备份服务,但不允许创建保管库以及授予其他人访问权限Lets you manage backup service, but can't create vaults and give access to others
IdId 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* 管理备份管理操作的结果Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* 创建和管理恢复服务保管库备份结构中的备份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/*Microsoft.RecoveryServices/Vaults/backupManagementMetaData/* 创建和管理与备份管理相关的元数据Create and manage meta data related to backup management
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* 创建和管理备份策略Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* 创建和管理已备份的项Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* 创建和管理包含备份项的容器Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* 创建和管理与恢复服务保管库中的备份相关的证书Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* 创建和管理恢复服务保管库的使用情况Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份操作员Backup Operator

说明Description 允许管理备份服务,但删除备份、创建保管库以及授予其他人访问权限除外Lets you manage backup services, except removal of backup, vault creation and giving access to others
IdId 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 对受保护的项执行备份。Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 预配受保护项的即时项恢复Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 还原受保护项的恢复点。Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 吊销受保护项的即时项恢复Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 刷新容器列表Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 创建和管理备份作业Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 创建和管理备份管理操作的结果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 创建和管理可备份的项Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象的扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象的扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write “注册服务容器”操作可用于向恢复服务注册容器。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 验证对受保护项的操作Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 创建已注册的容器Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action 在容器内进行工作负载的查询Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 获取所有可保护的容器Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 验证功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

备份读取器Backup Reader

说明Description 可以查看备份服务,但是不能进行更改Can view backup services, but can't make changes
IdId a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 返回操作状态Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 获取对保护容器执行的操作的结果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 获取对受保护项执行的操作的结果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 返回对受保护项执行的操作的状态。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 获取受保护项的恢复点。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 返回所有已注册的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 返回作业操作的结果。Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 返回所有作业对象Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 导出作业Export Jobs
Microsoft.RecoveryServices/Vaults/backupManagementMetaData/readMicrosoft.RecoveryServices/Vaults/backupManagementMetaData/read
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read 返回恢复服务保管库的备份操作结果。Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 获取策略操作的结果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 返回所有受保护项的列表。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 返回属于订阅的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 返回恢复服务的受保护项和受保护服务器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象的扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read 返回恢复服务保管库的存储配置。Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read 返回恢复服务保管库的配置。Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 返回恢复服务保管库的备份操作状态。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 获取策略操作的状态。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 返回使用保管库注册的所有备份管理服务器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 获取备份保护意向Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 获取容器中的所有项Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 检查恢复服务保管库的备份状态Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解决警报。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 操作返回资源提供程序的操作列表Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 获取给定操作的操作状态Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有备份保护意向List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

计费读者Billing Reader

说明Description 允许对帐单数据进行读取访问Allows read access to billing data
IdId fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Billing/*/readMicrosoft.Billing/*/read 读取计费信息Read Billing information
Microsoft.Commerce/*/readMicrosoft.Commerce/*/read
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

BizTalk 参与者BizTalk Contributor

说明Description 允许管理 BizTalk 服务,但不允许访问这些服务。Lets you manage BizTalk services, but not access to them.
IdId 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.BizTalkServices/BizTalk/*Microsoft.BizTalkServices/BizTalk/* 创建和管理 BizTalk 服务Create and manage BizTalk services
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

区块链成员节点访问(预览)Blockchain Member Node Access (Preview)

说明Description 允许访问区块链成员节点Allows for access to Blockchain Member nodes
IdId 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
操作Actions
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read 获取或列出现有的区块链成员事务节点。Gets or Lists existing Blockchain Member Transaction Node(s).
不操作NotActions
none
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action 连接到区块链成员事务节点。Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
none

蓝图参与者Blueprint Contributor

说明Description 可以管理蓝图定义,但不能对其进行分配。Can manage blueprint definitions, but not assign them.
IdId 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft. 蓝图/蓝图/*Microsoft.Blueprint/blueprints/* 创建和管理蓝图定义或蓝图项目。Create and manage blueprint definitions or blueprint artifacts.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

蓝图运算符Blueprint Operator

说明Description 可以分配现有的已发布蓝图,但无法创建新的蓝图。Can assign existing published blueprints, but cannot create new blueprints. 注意:仅当使用用户分配的托管标识完成分配时,此操作才有效。NOTE: this only works if the assignment is done with a user-assigned managed identity.
IdId 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
BlueprintAssignments/*Microsoft.Blueprint/blueprintAssignments/* 创建和管理蓝图分配。Create and manage blueprint assignments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 终结点参与者CDN Endpoint Contributor

说明Description 可以管理 CDN 终结点,但不能向其他用户授予访问权限。Can manage CDN endpoints, but can’t grant access to other users.
IdId 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 终结点读者CDN Endpoint Reader

说明Description 可以查看 CDN 终结点,但不能进行更改。Can view CDN endpoints, but can’t make changes.
IdId 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 配置文件参与者CDN Profile Contributor

说明Description 可以管理 CDN 配置文件及其终结点,但不能向其他用户授予访问权限。Can manage CDN profiles and their endpoints, but can’t grant access to other users.
IdId ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CDN 配置文件读者CDN Profile Reader

说明Description 可以查看 CDN 配置文件及其终结点,但不能进行更改。Can view CDN profiles and their endpoints, but can’t make changes.
IdId 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典网络参与者Classic Network Contributor

说明Description 允许管理经典网络,但不允许访问这些网络。Lets you manage classic networks, but not access to them.
IdId b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* 创建和管理经典网络Create and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典存储帐户参与者Classic Storage Account Contributor

说明Description 允许管理经典存储帐户,但不允许对其进行访问。Lets you manage classic storage accounts, but not access to them.
IdId 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* 创建和管理存储帐户Create and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典存储帐户密钥操作员服务角色Classic Storage Account Key Operator Service Role

说明Description 允许经典存储帐户密钥操作员在经典存储帐户上列出和再生成密钥Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
IdId 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
操作Actions
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action 再生成存储帐户的现有访问密钥。Regenerates the existing access keys for the storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

经典虚拟机参与者Classic Virtual Machine Contributor

说明Description 允许管理经典虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they’re connected to.
IdId d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 创建和管理经典计算域名Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 创建和管理虚拟机Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 链接保留 IPLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 获取保留 IPGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 加入虚拟网络。Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 获取虚拟网络。Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 返回存储帐户磁盘。Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 返回存储帐户映像。Returns the storage account image. (已弃用。(Deprecated. 请使用“Microsoft.ClassicStorage/storageAccounts/vmImages”)Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

认知服务参与者Cognitive Services Contributor

说明Description 允许创建、读取、更新、删除和管理认知服务的密钥。Lets you create, read, update, delete and manage keys of Cognitive Services.
IdId 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read 获取订阅的功能。Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read 获取给定资源提供程序中某个订阅的功能。Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

认知服务数据读者(预览)Cognitive Services Data Reader (Preview)

说明Description 可以读取认知服务数据。Lets you read Cognitive Services data.
IdId b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
none

认知服务用户Cognitive Services User

说明Description 允许读取和列出认知服务密钥。Lets you read and list keys of Cognitive Services.
IdId a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
操作Actions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action 列出密钥List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read 读取经典指标警报Read a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read 读取资源诊断设置Read a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 读取日志定义Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
none

Cosmos DB 帐户读者角色Cosmos DB Account Reader Role

说明Description 可以读取 Azure Cosmos DB 帐户数据。Can read Azure Cosmos DB account data. 请参阅 Cosmos DB 帐户参与者,了解如何管理 Azure Cosmos DB 帐户。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
IdId fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配,可以读取授予每个用户的权限Read roles and role assignments, can read permissions given to each user
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read 读取任何集合Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action 读取数据库帐户只读密钥。Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read 读取指标定义Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read 添加指标Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Cosmos DB 操作员Cosmos DB Operator

说明Description 可以管理 Azure Cosmos DB 帐户,但不能访问其中的数据。Lets you manage Azure Cosmos DB accounts, but not access data in them. 阻止访问帐户密钥和连接字符串。Prevents access to account keys and connection strings.
IdId 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
操作Actions
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

CosmosBackupOperatorCosmosBackupOperator

说明Description 可以为帐户提交 Cosmos DB 数据库或容器的还原请求Can submit restore request for a Cosmos DB database or a container for an account
IdId db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
操作Actions
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action 提交配置备份的请求Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 提交还原请求Submit a restore request
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

成本管理参与者Cost Management Contributor

说明Description 可以查看成本和管理成本配置(例如预算、导出)Can view costs and manage cost configuration (e.g. budgets, exports)
IdId 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
操作Actions
Microsoft.Consumption/*Microsoft.Consumption/*
Microsoft.CostManagement/*Microsoft.CostManagement/*
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read 获取配置Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read 读取建议Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

成本管理读者Cost Management Reader

说明Description 可以查看成本数据和配置(例如预算、导出)Can view cost data and configuration (e.g. budgets, exports)
IdId 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
操作Actions
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 获取订阅的列表。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read 获取配置Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read 读取建议Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Data Box 参与者Data Box Contributor

说明Description 可让你管理 Data Box 服务下的所有内容,但不能向其他人授予访问权限。Lets you manage everything under Data Box Service except giving access to others.
IdId add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Databox/*Microsoft.Databox/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Data Box 读者Data Box Reader

说明Description 可让你管理 Data Box 服务,但不能创建订单或编辑订单详细信息,以及向其他人授予访问权限。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
IdId 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 列出与订单相关的未加密凭据。Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action 此方法返回可用 SKU 列表。This method returns the list of available skus.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action 验证送货地址,并提供备用地址(如有)。Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

数据工厂参与者Data Factory Contributor

说明Description 创建和管理数据工厂,以及其中的子资源。Create and manage data factories, as well as child resources within them.
IdId 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* 创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* 创建和管理数据工厂,以及它们包含的子资源。Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Data Lake Analytics 开发人员Data Lake Analytics Developer

说明Description 允许提交、监视和管理自己的作业,但是不允许创建或删除 Data Lake Analytics 帐户。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.
IdId 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete 删除 DataLakeAnalytics 帐户。Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action 授予取消由其他用户提交的作业的权限。Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write 创建或更新 DataLakeAnalytics 帐户。Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write 获取或更新 DataLakeAnalytics 帐户的链接 DataLakeStore 帐户。Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete 从 DataLakeAnalytics 帐户取消链接 DataLakeStore 帐户。Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write 创建或更新 DataLakeAnalytics 帐户的链接存储帐户。Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete 从 DataLakeAnalytics 帐户取消链接存储帐户。Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write 创建或更新防火墙规则。Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete 删除防火墙规则。Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write 创建或更新计算策略。Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete 删除计算策略。Delete a compute policy.
DataActionsDataActions
none
NotDataActionsNotDataActions
none

数据清除程序Data Purger

说明Description 可清除分析数据Can purge analytics data
IdId 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
操作Actions
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action 从 Application Insights 清除数据Purging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action 从工作区中删除指定数据Delete specified data from workspace
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

DevTest 实验室用户DevTest Labs User

说明Description 允许连接、启动、重启和关闭 Azure 开发测试实验室中的虚拟机。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
IdId 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read 获取可用性集的属性Get the properties of an availability set
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read 读取虚拟机属性(VM 大小、运行时状态、VM 扩展等)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.)
Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action 关闭虚拟机并释放计算资源Powers off the virtual machine and releases the compute resources
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 获取虚拟机的属性Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action 重新启动虚拟机Restarts the virtual machine
Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action 启动虚拟机Starts the virtual machine
Microsoft.DevTestLab/*/readMicrosoft.DevTestLab/*/read 读取实验室属性Read the properties of a lab
Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action 在实验室中认领随机可认领虚拟机。Claim a random claimable virtual machine in the lab.
Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action 在实验室中创建虚拟机。Create virtual machines in a lab.
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action 确保当前用户在实验室中存在有效的配置文件。Ensure the current user has a valid profile in the lab.
Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete 删除公式。Delete formulas.
Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read 读取公式。Read formulas.
Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write 添加或修改公式。Add or modify formulas.
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action 评估实验室策略。Evaluates lab policy.
Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action 获得现有虚拟机的所有权Take ownership of an existing virtual machine
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action 列出适用的启动/停止计划(如果有)。Lists the applicable start/stop schedules, if any.
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action 获取一个字符串,该字符串表示虚拟机的 RDP 文件内容Gets a string that represents the contents of the RDP file for the virtual machine
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable.
Microsoft.Network/networkInterfaces/*/readMicrosoft.Network/networkInterfaces/*/read 读取网络接口(例如,此网络接口所属的所有负载均衡器)的属性Read the properties of a network interface (for example, all the load balancers that the network interface is a part of)
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action 将虚拟机加入到网络接口。Joins a Virtual Machine to a network interface. 不可发出警报。Not Alertable.
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 创建网络接口,或更新现有的网络接口。Creates a network interface or updates an existing network interface.
Microsoft.Network/publicIPAddresses/*/readMicrosoft.Network/publicIPAddresses/*/read 读取公共 IP 地址的属性Read the properties of a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read 获取或列出部署。Gets or lists deployments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
不操作NotActions
Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read 列出可将虚拟机更新到的大小Lists available sizes the virtual machine can be updated to
DataActionsDataActions
none
NotDataActionsNotDataActions
none

DNS 区域参与者DNS Zone Contributor

说明Description 允许管理 Azure DNS 中的 DNS 区域和记录集,但不允许控制对其访问的人员。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
IdId befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* 创建和管理 DNS 区域和记录Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage Support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

DocumentDB 帐户参与者DocumentDB Account Contributor

说明Description 可管理 Azure Cosmos DB 帐户。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 以前称为 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
IdId 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* 创建并管理 Azure Cosmos DB 帐户Create and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

EventGrid EventSubscription 参与者EventGrid EventSubscription Contributor

说明Description 可以管理 EventGrid 事件订阅操作。Lets you manage EventGrid event subscription operations.
IdId 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/*
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read 按主题类型列出全局事件订阅List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read 列出区域事件订阅List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read 按主题类型列出区域事件订阅List regional event subscriptions by topictype
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

EventGrid EventSubscription 读者EventGrid EventSubscription Reader

说明Description 可以读取 EventGrid 事件订阅。Lets you read EventGrid event subscriptions.
IdId 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read 读取事件订阅Read an eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read 按主题类型列出全局事件订阅List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read 列出区域事件订阅List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read 按主题类型列出区域事件订阅List regional event subscriptions by topictype
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

HDInsight 群集操作员HDInsight Cluster Operator

说明Description 允许你读取和修改 HDInsight 群集配置。Lets you read and modify HDInsight cluster configurations.
IdId 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
操作Actions
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action 获取 HDInsight 群集的网关设置Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action 更新 HDInsight 群集的网关设置Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

HDInsight 域服务参与者HDInsight Domain Services Contributor

说明Description 可以读取、创建、修改和删除 HDInsight 企业安全性套餐所需的域服务相关操作Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
IdId 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
操作Actions
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Intelligent Systems 帐户参与者Intelligent Systems Account Contributor

说明Description 允许管理智能系统帐户,但不允许访问这些帐户。Lets you manage Intelligent Systems accounts, but not access to them.
IdId 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* 创建和管理智能系统帐户Create and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

密钥保管库参与者Key Vault Contributor

说明Description 允许管理密钥保管库,但不允许对其进行访问。Lets you manage key vaults, but not access to them.
IdId f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.KeyVault/*Microsoft.KeyVault/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action 清除软删除的 Key VaultPurge a soft deleted key vault
Microsoft.KeyVault/hsmPools/*Microsoft.KeyVault/hsmPools/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

实验室创建者Lab Creator

说明Description 允许在 Azure 实验室帐户下创建、管理、删除托管实验室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
IdId b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.LabServices/labAccounts/*/readMicrosoft.LabServices/labAccounts/*/read
Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action 在实验室帐户中创建实验室。Create a lab in a lab account.
Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action
Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action 获取实验室帐户下配置的每个大小类别的区域可用性信息Get regional availability information for each size category configured under a lab account
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Log Analytics 参与者Log Analytics Contributor

说明Description Log Analytics 参与者可以读取所有监视数据并编辑监视设置。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 编辑监视设置包括向 VM 添加 VM 扩展、读取存储帐户密钥以便能够从 Azure 存储配置日志收集、创建和配置自动化帐户、添加解决方案以及配置所有 Azure 资源上的 Azure 诊断。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
IdId 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Log Analytics 读者Log Analytics Reader

说明Description Log Analytics 读者可以查看和搜索所有监视数据并查看监视设置,其中包括查看所有 Azure 资源上的 Azure 诊断的配置。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
IdId 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新引擎进行搜索。Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
none
NotDataActionsNotDataActions
none

逻辑应用参与者Logic App Contributor

说明Description 允许管理逻辑应用,但不允许更改其访问权限。Lets you manage logic apps, but not change access to them.
IdId 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出存储帐户的访问密钥。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 返回包含给定帐户的存储帐户。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 创建、更新或读取 Analysis Server 的诊断设置Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/*Microsoft.Logic/* 管理逻辑应用资源。Manages Logic Apps resources.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* 创建和管理连接网关。Create and manages a Connection Gateway.
Microsoft.Web/connections/*Microsoft.Web/connections/* 创建和管理连接。Create and manages a Connection.
Microsoft.Web/customApis/*Microsoft.Web/customApis/* 创建和管理自定义 API。Creates and manages a Custom API.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action 列出函数机密。List Function secrets.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

逻辑应用运算符Logic App Operator

说明Description 允许读取、启用和禁用逻辑应用,但不允许编辑或更新它们。Lets you read, enable, and disable logic apps, but not edit or update them.
IdId 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read 读取 Insights 警报规则Read Insights alert rules
MetricAlerts/*/readMicrosoft.Insights/metricAlerts/*/read
Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read 获取逻辑应用的诊断设置Gets diagnostic settings for Logic Apps
Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read 获取逻辑应用的可用指标。Gets the available metrics for Logic Apps.
Microsoft.Logic/*/readMicrosoft.Logic/*/read 读取逻辑应用资源。Reads Logic Apps resources.
Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action 禁用工作流。Disables the workflow.
Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action 启用工作流。Enables the workflow.
Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action 验证工作流。Validates the workflow.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 获取或列出部署操作。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 获取订阅操作结果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read 读取连接网关。Read Connection Gateways.
Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read 读取连接。Read Connections.
Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read 读取自定义 API。Read Custom API.
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管应用程序操作员角色Managed Application Operator Role

说明Description 可让你在托管应用程序资源上读取和执行操作Lets you read and perform actions on Managed Application resources
IdId c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read 检索应用程序列表。Retrieves a list of applications.
Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管应用程序读者Managed Applications Reader

说明Description 允许读取托管应用中的资源和请求 JIT 访问。Lets you read resources in a managed app and request JIT access.
IdId b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管的标识参与者Managed Identity Contributor

说明Description 创建、读取、更新和删除用户分配的标识Create, Read, Update, and Delete User Assigned Identity
IdId e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read 获取现有用户分配标识Gets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write 创建新的用户分配标识或更新与现有用户分配标识关联的标记Creates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete 删除现有用户分配标识Deletes an existing user assigned identity
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管的标识操作员Managed Identity Operator

说明Description 读取和分配用户分配的标识Read and Assign User Assigned Identity
IdId f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
操作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read
Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

托管服务注册分配删除角色Managed Services Registration assignment Delete Role

说明Description 托管服务注册分配删除角色允许管理租户用户删除分配给其租户的注册分配。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.
IdId 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
操作Actions
Microsoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/read 检索托管服务注册分配的列表。Retrieves a list of Managed Services registration assignments.
Microsoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationAssignments/delete 删除托管服务注册分配。Removes Managed Services registration assignment.
Microsoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/operationStatuses/read 读取资源的操作状态。Reads the operation status for the resource.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

管理组参与者Management Group Contributor

说明Description 管理组参与者角色Management Group Contributor Role
IdId 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
操作Actions
Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete 删除管理组。Delete management group.
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete 从管理组取消关联订阅。De-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write 将现有订阅与管理组关联。Associates existing subscription with the management group.
Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write 创建或更新管理组。Create or update a management group.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

管理组读取者Management Group Reader

说明Description 管理组读取者角色Management Group Reader Role
IdId ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
操作Actions
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

监视参与者Monitoring Contributor

说明Description 可以读取所有监视数据和编辑监视设置。Can read all monitoring data and edit monitoring settings. 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
IdId 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/*
Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/*
Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* 读取/写入/删除警报规则。Read/write/delete alert rules.
Microsoft.Insights/components/*Microsoft.Insights/components/* 读取/写入/删除 Application Insights 组件。Read/write/delete Application Insights components.
Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* 读取/写入/删除诊断设置。Read/write/delete diagnostic settings.
Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* 列出订阅中的活动日志事件(管理事件)。List Activity Log events (management events) in a subscription. 此权限适用于对活动日志的编程和门户访问。This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* 此权限对于需要通过门户访问活动日志的用户是必需的。This permission is necessary for users who need access to Activity Logs via the portal. 列出活动日志中的日志类别。List log categories in Activity Log.
Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* 读取指标定义(资源的可用指标类型的列表)。Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* 读取资源的指标。Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* 读取/写入/删除 Application Insights Web 测试。Read/write/delete Application Insights web tests.
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* 读取/写入/删除日志分析解决方案包。Read/write/delete log analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* 读取/写入/删除日志分析保存的搜索。Read/write/delete log analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action 检索工作区的共享密钥。Retrieves the shared keys for the workspace. 这些密钥用于将 Microsoft Operational Insights 代理连接到工作区。These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* 读取/写入/删除日志分析存储见解配置。Read/write/delete log analytics storage insight configurations.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/*
Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/*
Microsoft.AlertsManagement/smartDetectorAlertRules/*Microsoft.AlertsManagement/smartDetectorAlertRules/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

监视指标发布者Monitoring Metrics Publisher

说明Description 允许针对 Azure 资源发布指标Enables publishing metrics against Azure resources
IdId 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
操作Actions
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 注册 Microsoft Insights 提供程序Register the Microsoft Insights provider
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
不操作NotActions
none
DataActionsDataActions
Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write 写入指标Write metrics
NotDataActionsNotDataActions
none

监视查阅者Monitoring Reader

说明Description 可以读取所有监视数据(指标、日志等)。Can read all monitoring data (metrics, logs, etc.). 另请参阅 Azure Monitor 的角色、权限和安全入门See also Get started with roles, permissions, and security with Azure Monitor.
IdId 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 执行搜索查询Executes a search query
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

网络参与者Network Contributor

说明Description 允许管理网络,但不允许访问这些网络。Lets you manage networks, but not access to them.
IdId 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/*Microsoft.Network/* 创建并管理网络Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

New elic APM 帐户参与者New Relic APM Account Contributor

说明Description 允许管理 New Relic 应用程序性能管理帐户和应用程序,但不允许访问它们。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
IdId 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
NewRelic.APM/accounts/*NewRelic.APM/accounts/*
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

读取器和数据访问Reader and Data Access

说明Description 允许查看所有内容,但不允许删除或创建存储帐户或包含的资源。Lets you view everything but will not let you delete or create a storage account or contained resource. 它还允许使用存储帐户密钥对存储帐户中包含的所有数据进行读/写访问。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
IdId c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
操作Actions
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 返回指定存储帐户的帐户 SAS 令牌。Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Redis Cache 参与者Redis Cache Contributor

说明Description 允许管理 Redis 缓存,但不允许访问这些缓存。Lets you manage Redis caches, but not access to them.
IdId e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Cache/redis/*Microsoft.Cache/redis/* 创建和管理 Redis 缓存Create and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

资源策略参与者(预览)Resource Policy Contributor (Preview)

说明Description (预览)通过 EA 回填的 用户,具有创建/修改资源策略、创建支持票证和读取资源/层次结构的权限。(Preview) Backfilled users from EA, with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
IdId 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* 创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* 创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* 创建和管理策略集Create and manage policy sets
Microsoft.PolicyInsights/*Microsoft.PolicyInsights/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

计划程序作业集合参与者Scheduler Job Collections Contributor

说明Description 允许管理计划程序作业集合,但不允许访问这些集合。Lets you manage Scheduler job collections, but not access to them.
IdId 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Scheduler/jobcollections/*Microsoft.Scheduler/jobcollections/* 创建和管理作业集合Create and manage job collections
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

搜索服务参与者Search Service Contributor

说明Description 允许管理搜索服务,但不允许访问这些服务。Lets you manage Search services, but not access to them.
IdId 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* 创建和管理搜索服务Create and manage search services
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全管理员Security Admin

说明Description 仅在安全中心内:可以查看安全策略、查看安全状态、编辑安全策略、查看警报和建议、关闭警报和建议In Security Center only: Can view security policies, view security states, edit security policies, view alerts and recommendations, dismiss alerts and recommendations
IdId fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* 创建和管理策略分配Create and manage policy assignments
Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* 创建和管理策略定义Create and manage policy definitions
Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* 创建和管理策略集Create and manage policy sets
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 查看日志分析数据View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全管理器(旧版)Security Manager (Legacy)

说明Description 这是旧角色。This is a legacy role. 请改用安全管理员角色Please use Security Administrator instead
IdId e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read 读取经典虚拟机的配置信息Read configuration information classic virtual machines
Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write 写入经典虚拟机的配置Write configuration for classic virtual machines
Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read 读取有关经典网络的配置信息Read configuration information about classic network
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* 创建和管理安全组件和策略Create and manage security components and policies
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

安全读取者Security Reader

说明Description 仅在安全中心内:可以查看建议和警报、查看安全策略、查看安全状态,但不能进行更改In Security Center only: Can view recommendations and alerts, view security policies, view security states, but cannot make changes
IdId 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 查看日志分析数据View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Security/*/readMicrosoft.Security/*/read 读取安全组件和策略Read security components and policies
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已通过身份验证的用户的管理组。List management groups for the authenticated user.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 参与者Site Recovery Contributor

说明Description 允许管理除保管库创建和角色分配外的 Site Recovery 服务Lets you manage Site Recovery service except vault creation and role assignment
IdId 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write “更新资源证书”操作更新资源/保管库凭据证书。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 创建和管理与保管库相关的扩展信息Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 创建和管理已注册的标识Create and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* 创建或更新复制警报设置Create or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* 创建和管理复制结构Create and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* 创建和管理复制策略Create and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* 创建和管理恢复计划Create and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* 创建和管理恢复服务保管库的存储配置Create and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 运算符Site Recovery Operator

说明Description 允许进行故障转移和故障回复,但不允许执行其他 Site Recovery 管理操作Lets you failover and failback but not perform other Site Recovery management operations
IdId 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服务使用的内部操作AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象的扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action 检查结构的一致性Checks Consistency of the Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action 重新关联网关Reassociate Gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action 续订 Fabric 的证书Renew Certificate for Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read 读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read 读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read 读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action 应用还原点Apply Recovery Point
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action 故障转移提交Failover Commit
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action 计划内故障转移Planned Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read 读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action 修复复制Repair replication
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action 重新保护受保护的项ReProtect Protected Item
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action 交换保护容器Switch Protection Container
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action 测试故障转移Test Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action 测试故障转移清理Test Failover Cleanup
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action 故障转移Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action 更新移动服务Update Mobility Service
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read 读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read 读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action 刷新提供程序Refresh Provider
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read 读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read 读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 创建和管理复制作业Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action 故障转移提交恢复计划Failover Commit Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action 计划内故障转移恢复计划Planned Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action 重新保护恢复计划ReProtect Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action 测试故障转移恢复计划Test Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action 测试故障转移清理恢复计划Test Failover Cleanup Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action 故障转移恢复计划Failover Recovery Plan
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 读取恢复服务保管库的警报Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

Site Recovery 读取器Site Recovery Reader

说明Description 允许查看 Site Recovery 状态,但不允许执行其他管理操作Lets you view Site Recovery status but not perform other management operations
IdId dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服务使用的内部操作GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read “获取扩展信息”操作获取表示“vault”类型的 Azure 资源的对象的扩展信息The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 获取恢复服务保管库的警报。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read “获取操作结果”操作可用于获取异步提交的操作的操作状态和结果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read “获取容器”操作可用于获取针对资源注册的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 读取任何警报设置Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 读取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 读取任何结构Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 读取任何网络Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read 读取任何网络映射Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read 读取任何保护容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read 读取任何可保护项Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read 读取任何受保护项Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 读取任何复制恢复点Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read 读取任何保护容器映射Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read 读取任何恢复服务提供程序Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read 读取任何存储分类Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read 读取任何存储分类映射Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 读取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/readMicrosoft.RecoveryServices/vaults/replicationJobs/read 读取任何作业Read any Jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 读取任何策略Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 读取任何恢复计划Read any Recovery Plans
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read “保管库令牌”操作可用于获取保管库级后端操作的保管库令牌。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

空间定位点帐户参与者Spatial Anchors Account Contributor

说明Description 允许管理帐户中的空间定位点,但不能删除它们Lets you manage spatial anchors in your account, but not delete them
IdId 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 查找空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
none

空间定位点帐户所有者Spatial Anchors Account Owner

说明Description 允许管理帐户中的空间定位点,包括删除它们Lets you manage spatial anchors in your account, including deleting them
IdId 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 创建空间定位点Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete 删除空间定位点Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 查找空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空间定位点属性Update spatial anchors properties
NotDataActionsNotDataActions
none

空间定位点帐户读者Spatial Anchors Account Reader

说明Description 允许在帐户中查找和读取空间定位点的属性Lets you locate and read properties of spatial anchors in your account
IdId 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 发现附近的空间定位点Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 获取空间定位点的属性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 查找空间定位点Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交诊断数据以帮助提高 Azure 空间定位点服务的质量Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
none

SQL DB 参与者SQL DB Contributor

说明Description 允许管理 SQL 数据库,但不允许访问这些数据库。Lets you manage SQL databases, but not access to them. 此外,不允许管理其安全相关的策略或其父 SQL 服务器。Also, you can't manage their security-related policies or their parent SQL servers.
IdId 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role Assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理警报规则Create and manage alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* 创建和管理 SQL 数据库Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 编辑审核策略Edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 编辑审核设置Edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 检索数据库 Blob 审核记录Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 编辑连接策略Edit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 编辑数据屏蔽策略Edit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 编辑安全警报策略Edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 编辑安全度量值Edit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL 托管实例参与者SQL Managed Instance Contributor

说明Description 允许你管理 SQL 托管实例和所需的网络配置,但无法向其他人授予访问权限。Lets you manage SQL Managed Instances and required network configuration, but can’t give access to others.
IdId 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
操作Actions
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL 安全管理器SQL Security Manager

说明Description 允许管理 SQL 服务器和数据库的安全相关策略,但不允许访问它们。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
IdId 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取 Microsoft 授权Read Microsoft authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 创建和管理 SQL 服务器审核策略Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 创建和管理 SQL 服务器审核设置Create and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 检索在给定服务器上配置的扩展服务器 blob 审核策略的详细信息Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 创建和管理 SQL 服务器数据库审核策略Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 创建和管理 SQL 服务器数据库审核设置Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 创建和管理 SQL 服务器数据库连接策略Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 创建和管理 SQL 服务器数据库数据屏蔽策略Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 检索在给定的数据库上配置的扩展 blob 审核策略的详细信息Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read 返回数据库的列表,或获取指定数据库的属性。Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 获取数据库架构。Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 获取数据库列。Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 获取数据库表。Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 创建和管理 SQL 服务器数据库安全警报策略Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 创建和管理 SQL 服务器数据库安全度量值Create and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 返回服务器列表,或获取指定服务器的属性。Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 创建和管理 SQL 服务器安全警报策略Create and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

SQL Server 参与者SQL Server Contributor

说明Description 允许管理 SQL 服务器和数据库,但不允许访问它们及其安全相关的策略。Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.
IdId 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* 创建和管理 SQL 服务器Create and manage SQL servers
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 添加指标Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 读取指标定义Read metric definitions
不操作NotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 编辑 SQL 服务器审核策略Edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 编辑 SQL 服务器审核设置Edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 编辑 SQL 服务器数据库审核策略Edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 编辑 SQL 服务器数据库审核设置Edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 读取审核记录Read audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 编辑 SQL 服务器数据库连接策略Edit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 编辑 SQL 服务器数据库数据屏蔽策略Edit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 编辑 SQL 服务器数据库安全警报策略Edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 编辑 SQL 服务器数据库安全度量值Edit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 编辑 SQL 服务器安全警报策略Edit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储帐户参与者Storage Account Contributor

说明Description 允许管理存储帐户。Permits management of storage accounts. 提供对帐户密钥的访问权限,而帐户密钥可以用来通过共享密钥授权对数据进行访问。Provides access to the account key, which can be used to access data via Shared Key authorization.
IdId 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取所有授权Read all authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 管理诊断设置Manage diagnostic settings
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 将存储帐户或 SQL 数据库等资源加入到子网。Joins resource such as storage account or SQL database to a subnet. 不可发出警报。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 创建和管理存储帐户Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储帐户密钥操作员服务角色Storage Account Key Operator Service Role

说明Description 允许列出和重新生成存储帐户访问密钥。Permits listing and regenerating storage account access keys.
IdId 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
操作Actions
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 再生成指定存储帐户的访问密钥。Regenerates the access keys for the specified storage account.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储 Blob 数据参与者Storage Blob Data Contributor

说明Description 读取、写入和删除 Azure 存储容器与 Blob。Read, write, and delete Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 删除容器。Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器或容器列表。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 修改容器的元数据或属性。Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 删除 Blob。Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 写入到 Blob。Write to a blob.
NotDataActionsNotDataActions
none

存储 Blob 数据所有者Storage Blob Data Owner

说明Description 提供对 Azure 存储 blob 容器和数据的完全访问权限,包括分配 POSIX 访问控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* 对容器的完全权限。Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* 对 Blob 的完全权限。Full permissions on blobs.
NotDataActionsNotDataActions
none

存储 Blob 数据读取者Storage Blob Data Reader

说明Description 读取和列出 Azure 存储容器与 Blob。Read and list Azure Storage containers and blobs. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
操作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 返回容器或容器列表。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 返回 Blob 或 Blob 列表。Return a blob or a list of blobs.
NotDataActionsNotDataActions
none

存储 Blob 代理Storage Blob Delegator

说明Description 获取用户委托密钥,该密钥随后可用来为通过 Azure AD 凭据签名的容器或 Blob 创建共享访问签名。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 有关详细信息,请参阅创建用户委托 SASFor more information, see Create a user delegation SAS.
IdId db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
操作Actions
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 返回 Blob 服务的用户委托密钥。Returns a user delegation key for the Blob service.
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

存储文件数据 SMB 共享参与者Storage File Data SMB Share Contributor

说明Description 允许通过 SMB 在 Azure 存储文件共享中进行读取、写入和删除访问Allows for read, write, and delete access in Azure Storage file shares over SMB
IdId 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 返回删除文件/文件夹的结果。Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
none

存储文件数据 SMB 共享的权限提升参与者Storage File Data SMB Share Elevated Contributor

说明Description 允许通过 SMB 在 Azure 存储文件共享中进行读取、写入、删除和修改 NTFS 权限的访问Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB
IdId a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 返回写入文件或创建文件夹的结果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 返回删除文件/文件夹的结果。Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action 返回修改文件/文件夹权限的结果。Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
none

存储文件数据 SMB 共享读取者Storage File Data SMB Share Reader

说明Description 允许通过 SMB 对 Azure 文件共享进行读取访问Allows for read access to Azure File Share over SMB
IdId aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 返回某个文件/文件夹,或文件/文件夹列表。Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
none

存储队列数据参与者Storage Queue Data Contributor

说明Description 读取、写入和删除 Azure 存储队列与队列消息。Read, write, and delete Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete 删除队列。Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 返回队列或队列列表。Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write 修改队列元数据或属性。Modify queue metadata or properties.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 从队列中删除一个或多个消息。Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write 向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
none

存储队列数据消息处理者Storage Queue Data Message Processor

说明Description 在 Azure 存储队列中扫视、检索和删除消息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视消息。Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 检索和删除消息。Retrieve and delete a message.
NotDataActionsNotDataActions
none

存储队列数据消息发送者Storage Queue Data Message Sender

说明Description 向 Azure 存储队列添加消息。Add messages to an Azure Storage queue. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
操作Actions
none
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action 向队列添加消息。Add a message to a queue.
NotDataActionsNotDataActions
none

存储队列数据读取者Storage Queue Data Reader

说明Description 读取和列出 Azure 存储队列与队列消息。Read and list Azure Storage queues and queue messages. 若要了解需要对给定的数据执行哪些操作,请参阅用于调用 Blob 和队列数据操作的权限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
IdId 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
操作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 返回队列或队列列表。Returns a queue or a list of queues.
不操作NotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 扫视或检索队列中的一个或多个消息。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
none

支持请求参与者Support Request Contributor

说明Description 允许创建和管理支持请求Lets you create and manage Support requests
IdId cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

流量管理器参与者Traffic Manager Contributor

说明Description 允许管理流量管理器配置文件,但不允许控制谁可以访问它们。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
IdId a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取角色和角色分配Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

用户访问管理员User Access Administrator

说明Description 允许管理用户对 Azure 资源的访问权限。Lets you manage user access to Azure resources.
IdId 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
操作Actions
*/read*/read 读取除密码外的所有类型的资源。Read resources of all Types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* 管理授权Manage authorization
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

虚拟机管理员登录Virtual Machine Administrator Login

说明Description 在门户中查看虚拟机并以管理员身份登录View Virtual Machines in the portal and login as administrator
IdId 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
不操作NotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action 以 Windows 管理员身份或 Linux 根用户权限登录虚拟机Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
none

虚拟机参与者Virtual Machine Contributor

说明Description 允许管理虚拟机,但不允许访问这些虚拟机及其连接到的虚拟网络或存储帐户。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
IdId 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* 创建和管理计算可用性集Create and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* 创建和管理计算位置Create and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* 创建和管理虚拟机Create and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 创建和管理虚拟机规模集Create and manage virtual machine scale sets
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 加入应用程序网关后端地址池。Joins an application gateway backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入负载均衡器后端地址池。Joins a load balancer backend address pool. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 加入负载均衡器入站 NAT 池。Joins a load balancer inbound NAT pool. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入负载均衡器入站 NAT 规则。Joins a load balancer inbound nat rule. 不可发出警报。Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action 允许使用负载均衡器的探测。Allows using probes of a load balancer. 例如,使用此权限,VM 规模集的 healthProbe 属性可以引用探测。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可发出警报。Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* 创建和管理网络位置Create and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* 创建和管理网络接口Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入网络安全组。Joins a network security group. 不可发出警报。Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 获取网络安全组定义Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公共 IP 地址。Joins a public ip address. 不可发出警报。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虚拟网络。Joins a virtual network. 不可发出警报。Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 创建备份保护意向Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 返回受保护项的对象详细信息Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 创建备份受保护项Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 返回所有保护策略Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 创建保护策略Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read “获取保管库”操作获取表示“vault”类型的 Azure 资源的对象The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 返回恢复服务保管库的使用情况详细信息。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write “创建保管库”操作创建“vault”类型的 Azure 资源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 返回指定存储帐户的访问密钥。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 返回存储帐户的列表,或获取指定存储帐户的属性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

虚拟机用户登录Virtual Machine User Login

说明Description 在门户中查看虚拟机并以普通用户身份登录。View Virtual Machines in the portal and login as a regular user.
IdId fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
操作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 获取公共 IP 地址定义。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 获取虚拟网络定义Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 获取负载均衡器定义Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 获取网络接口定义。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
不操作NotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以普通用户身份登录虚拟机Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
none

Web 计划参与者Web Plan Contributor

说明Description 允许管理网站的 Web 计划,但不允许访问这些计划。Lets you manage the web plans for websites, but not access to them.
IdId 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* 创建和管理服务器场Create and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action 加入应用服务环境Joins an App Service Environment
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

网站参与者Website Contributor

说明Description 允许管理网站(而非 Web 计划),但不允许访问这些网站。Lets you manage websites (not web plans), but not access to them.
IdId de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
操作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 读取授权Read authorization
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 创建和管理 Insights 警报规则Create and manage Insights alert rules
Microsoft.Insights/components/*Microsoft.Insights/components/* 创建和管理 Insights 组件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 获取指定范围内所有资源的可用性状态Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 创建和管理资源组部署Create and manage resource group deployments
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 获取或列出资源组。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 创建和管理支持票证Create and manage support tickets
Microsoft.Web/certificates/*Microsoft.Web/certificates/* 创建和管理网站证书Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 获取分配给主机名的站点名称。Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 获取应用服务计划的属性Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* 创建和管理网站(站点创建还需要对关联应用服务计划有写入权限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
不操作NotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none

后续步骤Next steps