使用 Microsoft 团队聊天室托管服务的基于角色的访问控制Role-based access control with the Microsoft Teams Rooms managed service

Microsoft 团队聊天室托管服务 (RBAC) 中基于角色的访问控制可帮助你管理用户对组织中的会议室资源数据的访问权限。Role-based access control (RBAC) in the Microsoft Teams Rooms managed service helps you manage user access to room resource data in your organization. 通过将角色分配给你的服务门户用户,你可以限制他们可以查看和更改的内容。By assigning roles to your service portal users, you can limit what they can see and change. 每个角色都有一组权限,用于确定具有该角色的用户可以访问和更改你的组织内的哪些用户。Each role has a set of permissions that determine what users with that role can access and change within your organization.

若要创建、编辑或分配角色,您的帐户必须具有下列权限之一:To create, edit, or assign roles, your account must have one of the following permissions:

  • 通过 Azure Active Directory (Azure AD) 的全局管理员Global Administrator through Azure Active Directory (Azure AD)
  • 通过 Microsoft 团队聊天室托管服务门户托管服务管理员Managed Service Administrator through the Microsoft Teams Rooms managed service portal

什么是角色?What is a role?

角色定义授予分配给该角色的用户的权限集。A role defines the set of permissions granted to users assigned to that role. 目前,Microsoft 团队聊天室托管服务有三个内置角色: 托管服务管理员网站主管网站技术人员。For now, the Microsoft Teams Rooms managed service has three built-in roles: Managed Service Administrator, Site Lead, and Site Tech. 它们涵盖了组织中可能涉及管理会议室的用户的一些常见方案。They cover some common scenarios for users in your organization that may be involved in managing your rooms.

若要查看角色,请在 Microsoft 团队聊天室托管服务门户的左侧导航中,转到 " 角色",然后选择任何角色以查看角色的属性、权限和作业。To see roles, in the left navigation of the Microsoft Teams Rooms managed service portal, go to Roles, and then select any of the roles to see the role’s properties, permissions, and assignments.

  • 属性:名称、角色类型和说明Properties: The name, role type, and description
  • 权限:列出角色具有访问权限的功能和权限级别。Permissions: Lists features and level of permissions to which the role has access.
  • 作业:角色分配列表,定义在会议室资源帐户范围内配置权限的用户。Assignments: A list of role assignments defining which users have the configured permissions over the scope of room resource accounts. 一个角色可以有多个分配,用户可以在多个作业中进行。A role can have multiple assignments, and a user can be in multiple assignments.

内置角色Built-in roles

你可以将内置角色分配给组或用户,而无需进一步配置。You can assign built-in roles to groups or users without further configuration. 请注意,你无法删除或编辑内置角色的名称、说明、类型或权限。Keep in mind that you can't delete or edit the name, description, type, or permissions of a built-in role.

  • 托管服务管理员:具有对 Microsoft 团队聊天室 Premium 服务门户的完全访问权限。Managed Service Administrator: Has full access to the Microsoft Teams Room Premium service portal.
  • 网站负责人:组织会议室、拥有报表的权限并可以管理票证。Site Lead: Organizes rooms, has access to reports and can manage tickets. 无法重置注册密钥或对该服务的配置进行更改。Can't reset enrollment key or make changes to the configuration of the service.
  • 网站技术:管理特定聊天室的票证。Site Tech: Manages tickets for specific rooms. 无权修改服务或整理服务中的聊天室。Doesn't have permissions to modify the service or organize rooms in the service.

下表总结了每个角色可以执行的操作。The following table summarizes what each role can do.

功能Features 权限Permission 托管服务管理员Managed Service Administrator 网站负责人Site Lead 网站技术Site Tech
工作室Rooms 查看View
更改Modify
重置键Reset key
下载密钥Download key
取消Unenroll
组管理Group management 创建Create
查看View
更改Modify
更新铃声管理Update ring management 创建Create
查看View
更改Modify
报告会Reports 查看View
票证管理Ticket management 创建客户事件Create customer incident
查看View
更新Update
Microsoft 团队聊天室托管服务设置Microsoft Teams Rooms managed service settings 查看View
更改Modify
角色管理Role management 查看View
更改Modify

分配角色Assign a role

若要分配角色,您必须是全局管理员或托管服务管理员。To assign roles, you must be a Global Administrator or Managed Service Administrator.

  1. 在 Microsoft 团队聊天室托管服务门户的左侧导航中,转到 "设置 > 角色"。In the left navigation of the Microsoft Teams Rooms managed service portal, go to Settings > Roles.

    显示角色的访问控制页面的屏幕截图

  2. 选择要分配的角色。Select the role you want to assign.

  3. 在 "角色" 窗格中Assignments,选择 " > 添加作业"。In the role pane, select Assignments > Add.

    :::image type="content" source="../media/microsoft-teams-rooms-premium-role-assignments.png" alt-text="用于添加角色的 "添加" 选项的屏幕截图。":::

  4. 在 " 常规设置 " 页面的 " 作业属性" 下,输入此作业的名称。On the General settings page, under Assignment properties, enter a name for this assignment. 说明是可选的。The description is optional. 选择 " 下一步"。Choose Next.

  5. 在 " 成员 " 页面上,在 " 搜索用户或安全组 " 框中,输入你希望向其授予权限的租户中的用户或安全组的名称,然后完成选择。On the Members page, in the Search for user or security group box, enter the name of a user or security group in your tenant to which you want to give permissions, and then complete the selection. 选择 " 下一步"。Choose Next.

  6. 在 " 范围 " 页面上,在 " 搜索聊天室或聊天室组 " 框中,键入允许用户管理的聊天室或聊天室组的名称。On the Scope page, in the Search for room or room group box, type the name of either a room or room group that the user will be allowed to manage. 选择 " 下一步"。Choose Next.

  7. 在 " 完成 " 页面上,查看作业的详细信息。On the Finish page, review the details of the assignment. 如果你对配置感到满意,请选择 " 添加作业"。If you're satisfied with the configuration, choose Add assignment. 如果要编辑分区,请使用 " 上一 步" 按钮或选择左侧导航中的步骤。If you want to edit a section, use the Previous button or select the step in the left navigation.