Azure 內建角色Azure built-in roles

Azure 角色型存取控制 (RBAC) 有數個 Azure 內建角色,可供您指派給使用者、群組、服務主體和受控身分識別。Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. 角色指派是您控制 Azure 資源存取權的方式。Role assignments are the way you control access to Azure resources. 如果內建的角色無法滿足您組織的特定需求,您可以建立自己的 Azure 自訂角色If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.

本文列出的 Azure 內建角色不斷演變。This article lists the Azure built-in roles, which are always evolving. 若要取得最新角色,請使用 Get-AzRoleDefinitionaz role definition listTo get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果要尋找 Azure Active Directory (Azure AD) 的管理員角色,請參閱 Azure Active Directory 中的管理員角色權限If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.

全部All

下表提供每個內建角色的簡短說明和唯一識別碼。The following table provides a brief description and the unique ID of each built-in role. 請選取角色名稱,以查看每個角色的 ActionsNotActionsDataActionsNotDataActions 清單。Select the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 如需這些動作的意義及其如何套用至管理和資料平面的相關資訊,請參閱了解 Azure 角色定義For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.

內建角色Built-in role 描述Description IDID
一般General
參與者Contributor 可讓您管理一切,但授與對資源的存取除外。Lets you manage everything except granting access to resources. b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c
擁有者Owner 可讓您管理一切,包括對資源的存取。Lets you manage everything, including access to resources. 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635
讀取者Reader 可讓您檢視所有項目,但是無法進行變更。Lets you view everything, but not make any changes. acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7
使用者存取系統管理員User Access Administrator 可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources. 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9
計算Compute
傳統虛擬機器參與者Classic Virtual Machine Contributor 可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb
虛擬機器系統管理員登入Virtual Machine Administrator Login 在入口網站中檢視虛擬機器並以系統管理員身分登入View Virtual Machines in the portal and login as administrator 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4
虛擬機器參與者Virtual Machine Contributor 可讓您管理虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c
虛擬機器使用者登入Virtual Machine User Login 在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user. fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52
網路功能Networking
CDN 端點參與者CDN Endpoint Contributor 可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users. 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45
CDN 端點讀者CDN Endpoint Reader 可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes. 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd
CDN 設定檔參與者CDN Profile Contributor 可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users. ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432
CDN 設定檔讀者CDN Profile Reader 可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes. 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af
傳統網路參與者Classic Network Contributor 可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them. b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f
DNS 區域參與者DNS Zone Contributor 可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314
網路參與者Network Contributor 可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them. 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7
流量管理員參與者Traffic Manager Contributor 可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7
StorageStorage
Avere 參與者Avere Contributor 可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster. 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a
Avere 操作員Avere Operator 供 Avere vFXT 叢集用來管理叢集Used by the Avere vFXT cluster to manage the cluster c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9
備份參與者Backup Contributor 可讓您管理備份服務,但無法建立保存庫及授與存取權給其他人Lets you manage backup service, but can't create vaults and give access to others 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b
備份操作員Backup Operator 可讓您管理備份服務,但無法移除備份、建立保存庫及為其他人提供存取權Lets you manage backup services, except removal of backup, vault creation and giving access to others 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324
備份讀取者Backup Reader 可以檢視備份服務,但無法進行變更Can view backup services, but can't make changes a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912
傳統儲存體帳戶參與者Classic Storage Account Contributor 可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them. 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25
傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role 「傳統儲存體帳戶金鑰操作員」可以列出及重新產生「傳統儲存體帳戶」的金鑰Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d
資料箱參與者Data Box Contributor 可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others. add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5
資料箱讀者Data Box Reader 可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others. 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027
Data Lake Analytics 開發人員Data Lake Analytics Developer 可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88
讀取者及資料存取Reader and Data Access 可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys. c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349
儲存體帳戶參與者Storage Account Contributor 允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization. 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab
儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role 允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys. 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12
儲存體 Blob 資料參與者Storage Blob Data Contributor 讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe
儲存體 Blob 資料擁有者Storage Blob Data Owner 支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b
儲存體 Blob 資料讀者Storage Blob Data Reader 讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1
儲存體 Blob 委派者Storage Blob Delegator 取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SASFor more information, see Create a user delegation SAS. db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a
儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor 允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers. 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb
儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor 允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers. a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7
儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader 允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers. aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314
儲存體佇列資料參與者Storage Queue Data Contributor 讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88
儲存體佇列資料訊息處理者Storage Queue Data Message Processor 從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed
儲存體佇列資料訊息傳送者Storage Queue Data Message Sender 將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a
儲存體佇列資料讀者Storage Queue Data Reader 讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925
WebWeb
Azure 地圖服務資料讀者Azure Maps Data Reader 授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account. 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa
搜尋服務參與者Search Service Contributor 可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them. 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0
Web 方案參與者Web Plan Contributor 可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them. 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b
網站參與者Website Contributor 可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them. de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772
容器Containers
AcrDeleteAcrDelete acr 刪除acr delete c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11
AcrImageSignerAcrImageSigner ACR 影像簽署者acr image signer 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f
AcrPullAcrPull acr 提取acr pull 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d
AcrPushAcrPush acr 推送acr push 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec
AcrQuarantineReaderAcrQuarantineReader ACR 隔離資料讀取者acr quarantine data reader cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04
AcrQuarantineWriterAcrQuarantineWriter ACR 隔離資料寫入者acr quarantine data writer c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608
Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role 列出叢集管理員認證動作。List cluster admin credential action. 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8
Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role 列出叢集使用者認證動作。List cluster user credential action. 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f
資料庫Databases
Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role 可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8
Cosmos DB 操作員Cosmos DB Operator 可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings. 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa
CosmosBackupOperatorCosmosBackupOperator 可為帳戶的 Cosmos DB 資料庫或容器提交還原要求Can submit restore request for a Cosmos DB database or a container for an account db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb
DocumentDB 帳戶參與者DocumentDB Account Contributor 可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450
Redis 快取參與者Redis Cache Contributor 可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them. e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17
SQL DB 參與者SQL DB Contributor 可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers. 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec
SQL 受控執行個體參與者SQL Managed Instance Contributor 可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d
SQL 安全性管理員SQL Security Manager 可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them. 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3
SQL Server 參與者SQL Server Contributor 可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437
分析Analytics
Azure 事件中樞資料擁有者Azure Event Hubs Data Owner 允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources. f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec
Azure 事件中樞資料接收者Azure Event Hubs Data Receiver 允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources. a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde
Azure 事件中樞資料傳送者Azure Event Hubs Data Sender 允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources. 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975
Data Factory 參與者Data Factory Contributor 建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them. 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5
資料清除者Data Purger 可清除分析資料Can purge analytics data 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90
HDInsight 叢集操作員HDInsight Cluster Operator 可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations. 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a
HDInsight 網域服務參與者HDInsight Domain Services Contributor 可讀取、建立、修改和刪除 HDInsight 企業安全性套件所需的網域服務相關作業Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c
Log Analytics 參與者Log Analytics Contributor 「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293
Log Analytics 讀者Log Analytics Reader 「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893
區塊鏈Blockchain
區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview) 允許存取區塊鏈成員節點Allows for access to Blockchain Member nodes 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24
AI + 機器學習AI + machine learning
認知服務參與者Cognitive Services Contributor 可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services. 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68
認知服務資料讀者 (預覽)Cognitive Services Data Reader (Preview) 可讓您讀取認知服務資料。Lets you read Cognitive Services data. b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c
認知服務使用者Cognitive Services User 可讓您讀取和列出認知服務的金鑰。Lets you read and list keys of Cognitive Services. a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908
混合實境Mixed reality
空間錨點帳戶參與者Spatial Anchors Account Contributor 可讓您管理帳戶中的空間錨點,但無法刪除Lets you manage spatial anchors in your account, but not delete them 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827
空間錨點帳戶擁有者Spatial Anchors Account Owner 可讓您管理帳戶中的空間錨點,包含刪除Lets you manage spatial anchors in your account, including deleting them 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c
空間錨點帳戶讀者Spatial Anchors Account Reader 可讓您尋找和讀取帳戶中空間錨點的屬性Lets you locate and read properties of spatial anchors in your account 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413
整合Integration
API 管理服務參與者API Management Service Contributor 可管理服務與 APICan manage service and the APIs 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c
API 管理服務操作員角色API Management Service Operator Role 可管理服務,但無法管理 APICan manage service but not the APIs e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61
API 管理服務讀取者角色API Management Service Reader Role 具有服務與 API 的唯讀存取權Read-only access to service and APIs 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d
應用程式組態資料擁有者App Configuration Data Owner 允許完整存取應用程式組態資料。Allows full access to App Configuration data. 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b
應用程式組態資料讀者App Configuration Data Reader 允許讀取應用程式組態資料。Allows read access to App Configuration data. 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071
Azure 服務匯流排資料擁有者Azure Service Bus Data Owner 允許完整存取 Azure 服務匯流排資源。Allows for full access to Azure Service Bus resources. 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419
Azure 服務匯流排資料接收者Azure Service Bus Data Receiver 允許接收 Azure 服務匯流排資源。Allows for receive access to Azure Service Bus resources. 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0
Azure 服務匯流排資料傳送者Azure Service Bus Data Sender 允許傳送 Azure 服務匯流排資源。Allows for send access to Azure Service Bus resources. 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39
Azure Stack 註冊擁有者Azure Stack Registration Owner 可讓您管理 Azure Stack 註冊。Lets you manage Azure Stack registrations. 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a
EventGrid EventSubscription 參與者EventGrid EventSubscription Contributor 可讓您管理 EventGrid 事件訂用帳戶作業。Lets you manage EventGrid event subscription operations. 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443
EventGrid EventSubscription 讀者EventGrid EventSubscription Reader 可讓您讀取 EventGrid 事件訂用帳戶。Lets you read EventGrid event subscriptions. 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405
Intelligent Systems 帳戶參與者Intelligent Systems Account Contributor 可讓您管理「智慧型系統」帳戶,但無法存取它們。Lets you manage Intelligent Systems accounts, but not access to them. 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e
邏輯應用程式參與者Logic App Contributor 可讓您管理邏輯應用程式,但無法變更對邏輯應用程式的存取。Lets you manage logic apps, but not change access to them. 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e
邏輯應用程式操作員Logic App Operator 可讓您讀取、啟用及停用邏輯應用程式,但無法編輯或更新邏輯應用程式。Lets you read, enable, and disable logic apps, but not edit or update them. 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe
身分識別Identity
受控身分識別參與者Managed Identity Contributor 建立、讀取、更新及刪除使用者指派的身分識別Create, Read, Update, and Delete User Assigned Identity e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59
受控身分識別操作員Managed Identity Operator 讀取及指派使用者指派的身分識別Read and Assign User Assigned Identity f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830
安全性Security
Azure Sentinel 參與者Azure Sentinel Contributor Azure Sentinel 參與者Azure Sentinel Contributor ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade
Azure Sentinel 讀者Azure Sentinel Reader Azure Sentinel 讀者Azure Sentinel Reader 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb
Azure Sentinel 回應者Azure Sentinel Responder Azure Sentinel 回應者Azure Sentinel Responder 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056
Key Vault 參與者Key Vault Contributor 可讓您管理金鑰保存庫,但無法存取它們。Lets you manage key vaults, but not access to them. f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395
安全性系統管理員Security Admin 資訊安全中心的檢視和更新權限。View and update permissions for Security Center. 與「安全性讀者」角色的權限相同,還可以更新安全性原則及關閉警示和建議。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd
安全性評量參與者Security Assessment Contributor 可讓您將評量推送至資訊安全中心Lets you push assessments to Security Center 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5
安全性管理員 (舊版)Security Manager (Legacy) 此為舊版角色。This is a legacy role. 請改用「安全性系統管理員」。Please use Security Admin instead. e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10
安全性讀取者Security Reader 資訊安全中心的檢視權限。View permissions for Security Center. 可以檢視建議、警示、安全性原則和安全性狀態,但無法變更。Can view recommendations, alerts, a security policy, and security states, but cannot make changes. 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4
DevOpsDevOps
DevTest Labs 使用者DevTest Labs User 可讓您連線、啟動、重新啟及關閉您 Azure DevTest Labs 中的虛擬機器。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64
實驗室建立者Lab Creator 可讓您在「Azure 實驗室帳戶」下建立、管理、刪除您的受控實驗室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts. b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead
監視Monitor
Application Insights 元件參與者Application Insights Component Contributor 可以管理 Application Insights 元件Can manage Application Insights components ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e
Application Insights 快照集偵錯工具Application Insights Snapshot Debugger 給予使用者權限,以便檢視及下載使用 Application Insights 快照偵錯工具所收集的偵錯快照。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 請注意,擁有者參與者角色未包含這些權限。Note that these permissions are not included in the Owner or Contributor roles. 將 Application Insights 快照偵錯者角色指派給使用者時,您必須直接將此角色授與使用者。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 此角色若新增至自訂角色,則無法辨識。The role is not recognized when it is added to a custom role. 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b
監視參與者Monitoring Contributor 可以讀取所有監視資料並編輯監視設定。Can read all monitoring data and edit monitoring settings. 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor. 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa
監視計量發行者Monitoring Metrics Publisher 針對 Azure 資源啟用發佈計量Enables publishing metrics against Azure resources 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb
監視讀取器Monitoring Reader 可以讀取所有監視資料 (計量、記錄等等)。Can read all monitoring data (metrics, logs, etc.). 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor. 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05
活頁簿參與者Workbook Contributor 可以儲存共用活頁簿。Can save shared workbooks. e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad
活頁簿讀者Workbook Reader 可以讀取活頁簿。Can read workbooks. b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d
管理和治理Management + governance
自動化作業運算子Automation Job Operator 使用「自動化 Runbook」來建立及管理作業。Create and Manage Jobs using Automation Runbooks. 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f
自動化運算子Automation Operator 「自動化運算子」能夠啟動、停止、暫止及繼續作業Automation Operators are able to start, stop, suspend, and resume jobs d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404
自動化 Runbook 運算子Automation Runbook Operator 讀取 Runbook 屬性 - 以便能夠建立 Runbook 的作業。Read Runbook properties - to be able to create Jobs of the runbook. 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5
Azure Connected Machine 上線Azure Connected Machine Onboarding 可以讓 Azure Connected Machine 上線。Can onboard Azure Connected Machines. b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7
Azure Connected Machine 資源管理員Azure Connected Machine Resource Administrator 可以讀取、寫入、刪除 Azure Connected Machine 及使之重新上線。Can read, write, delete and re-onboard Azure Connected Machines. cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302
帳單讀取器Billing Reader 允許對計費資料進行讀取存取Allows read access to billing data fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64
藍圖參與者Blueprint Contributor 可以管理藍圖定義,但不能加以指派。Can manage blueprint definitions, but not assign them. 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4
藍圖操作員Blueprint Operator 可以指派現有已發佈的藍圖,但無法建立新的藍圖。Can assign existing published blueprints, but cannot create new blueprints. 請注意,只有在以使用者指派的受控識別來指派時才有效。Note that this only works if the assignment is done with a user-assigned managed identity. 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090
成本管理參與者Cost Management Contributor 可檢視成本和管理成本組態 (例如預算、匯出)Can view costs and manage cost configuration (e.g. budgets, exports) 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430
成本管理讀者Cost Management Reader 可檢視成本資料和組態 (例如預算、匯出)Can view cost data and configuration (e.g. budgets, exports) 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3
階層設定管理員Hierarchy Settings Administrator 允許使用者編輯和刪除階層設定Allows users to edit and delete Hierarchy Settings 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d
受控應用程式參與者角色Managed Application Contributor Role 允許建立受控應用程式資源。Allows for creating managed application resources. 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e
受控應用程式操作員角色Managed Application Operator Role 可讓您讀取受控應用程式資源及對其執行動作Lets you read and perform actions on Managed Application resources c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae
受控應用程式讀者Managed Applications Reader 可讓您讀取受控應用程式中的資源及要求 JIT 存取權。Lets you read resources in a managed app and request JIT access. b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44
受控服務註冊指派刪除角色Managed Services Registration assignment Delete Role 「受控服務註冊指派刪除角色」可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46
管理群組參與者Management Group Contributor 管理群組參與者角色Management Group Contributor Role 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c
管理群組讀者Management Group Reader 管理群組讀者角色Management Group Reader Role ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d
New Relic APM 帳戶參與者New Relic APM Account Contributor 可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法存取它們。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237
原則深入解析資料寫入者 (預覽)Policy Insights Data Writer (Preview) 允許讀取資源原則及寫入資源元件原則事件。Allows read access to resource policies and write access to resource component policy events. 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84
資源原則參與者Resource Policy Contributor 有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608
Site Recovery 參與者Site Recovery Contributor 可讓您管理 Site Recovery 服務,但無法建立保存庫和指派角色Lets you manage Site Recovery service except vault creation and role assignment 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567
Site Recovery 操作員Site Recovery Operator 可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業Lets you failover and failback but not perform other Site Recovery management operations 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca
Site Recovery 讀取者Site Recovery Reader 可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業Lets you view Site Recovery status but not perform other management operations dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149
支援要求參與者Support Request Contributor 可讓您建立及管理支援要求Lets you create and manage Support requests cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e
標記參與者Tag Contributor 可讓您管理實體上的標記,無需提供對實體本身的存取。Lets you manage tags on entities, without providing access to the entities themselves. 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f
其他Other
BizTalk 參與者BizTalk Contributor 可讓您管理 BizTalk 服務,但無法存取它們。Lets you manage BizTalk services, but not access to them. 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342
排程器工作集合參與者Scheduler Job Collections Contributor 可讓您管理「排程器」工作集合,但無法存取它們。Lets you manage Scheduler job collections, but not access to them. 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94

一般General

參與者Contributor

可讓您管理一切,但授與對資源的存取除外。Lets you manage everything except granting access to resources.

動作Actions
* 建立和管理所有類型的資源Create and manage resources of all types
NotActionsNotActions
Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete 刪除角色、原則指派、原則定義和原則集定義Delete roles, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write 建立角色、角色指派、原則指派、原則定義和原則集定義Create roles, role assignments, policy assignments, policy definitions and policy set definitions
Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action 對呼叫者授與租用戶範圍的使用者存取系統管理員存取權Grants the caller User Access Administrator access at the tenant scope
Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write 建立或更新任何藍圖指派Create or update any blueprint assignments
Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete 刪除任何藍圖指派Delete any blueprint assignments
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything except access to resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
  "name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [
        "Microsoft.Authorization/*/Delete",
        "Microsoft.Authorization/*/Write",
        "Microsoft.Authorization/elevateAccess/Action",
        "Microsoft.Blueprint/blueprintAssignments/write",
        "Microsoft.Blueprint/blueprintAssignments/delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

擁有者Owner

可讓您管理一切,包括對資源的存取。Lets you manage everything, including access to resources.

動作Actions
* 建立和管理所有類型的資源Create and manage resources of all types
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything, including access to resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
  "permissions": [
    {
      "actions": [
        "*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

讀取者Reader

可讓您檢視所有項目,但是無法進行變更。Lets you view everything, but not make any changes.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything, but not make any changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
  "permissions": [
    {
      "actions": [
        "*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

使用者存取系統管理員User Access Administrator

可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Authorization/*Microsoft.Authorization/* 管理授權Manage authorization
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage user access to Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "User Access Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

計算Compute

傳統虛擬機器參與者Classic Virtual Machine Contributor

可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* 建立和管理傳統運算網域名稱Create and manage classic compute domain names
Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* 建立和管理虛擬機器Create and manage virtual machines
Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action
Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action 連結保留的 IPLink a reserved Ip
Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read 取得保留的 IPGets the reserved Ips
Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action 加入虛擬網路。Joins the virtual network.
Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read 取得虛擬網路。Get the virtual network.
Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read 傳回儲存體帳戶磁碟。Returns the storage account disk.
Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read 傳回儲存體帳戶映像。Returns the storage account image. (已淘汰。(Deprecated. 使用 'Microsoft.ClassicStorage/storageAccounts/vmImages')Use 'Microsoft.ClassicStorage/storageAccounts/vmImages')
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 傳回具有給定帳戶的儲存體帳戶。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/domainNames/*",
        "Microsoft.ClassicCompute/virtualMachines/*",
        "Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
        "Microsoft.ClassicNetwork/reservedIps/link/action",
        "Microsoft.ClassicNetwork/reservedIps/read",
        "Microsoft.ClassicNetwork/virtualNetworks/join/action",
        "Microsoft.ClassicNetwork/virtualNetworks/read",
        "Microsoft.ClassicStorage/storageAccounts/disks/read",
        "Microsoft.ClassicStorage/storageAccounts/images/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器系統管理員登入Virtual Machine Administrator Login

在入口網站中檢視虛擬機器並以系統管理員身分登入View Virtual Machines in the portal and login as administrator

動作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user
Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action 以 Windows 系統管理員或 Linux 根使用者權限登入虛擬機器Log in to a virtual machine with Windows administrator or Linux root user privileges
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as administrator",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action",
        "Microsoft.Compute/virtualMachines/loginAsAdmin/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Administrator Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器參與者Virtual Machine Contributor

可讓您管理虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* 建立和管理運算可用性集合Create and manage compute availability sets
Microsoft.Compute/locations/*Microsoft.Compute/locations/* 建立和管理運算位置Create and manage compute locations
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* 建立和管理虛擬機器Create and manage virtual machines
Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* 建立和管理虛擬機器擴展集Create and manage virtual machine scale sets
Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write 建立新的磁碟,或更新現有磁碟Creates a new Disk or updates an existing one
Microsoft.Compute/disks/readMicrosoft.Compute/disks/read 取得磁碟的屬性Get the properties of a Disk
Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete 刪除磁碟Deletes the Disk
Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action 加入應用程式閘道後端位址集區。Joins an application gateway backend address pool. 不可警示。Not Alertable.
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入負載平衡器後端位址集區。Joins a load balancer backend address pool. 不可警示。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action 加入負載平衡器輸入 NAT 集區。Joins a load balancer inbound NAT pool. 不可警示。Not alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入負載平衡器輸入 nat 規則。Joins a load balancer inbound nat rule. 不可警示。Not Alertable.
Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action 允許使用負載平衡器的探查。Allows using probes of a load balancer. 例如,使用此權限,VM 擴展集的 healthProbe 屬性就可以參考探查。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可警示。Not alertable.
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft.Network/locations/*Microsoft.Network/locations/* 建立和管理網路位置Create and manage network locations
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* 建立和管理網路介面Create and manage network interfaces
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 取得網路安全性群組定義Gets a network security group definition
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公用 IP 位址。Joins a public ip address. 不可警示。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 建立備份保護用途Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 建立備用的受保護項目Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write 建立保護原則Creates Protection Policy
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/virtualMachineScaleSets/*",
        "Microsoft.Compute/disks/write",
        "Microsoft.Compute/disks/read",
        "Microsoft.Compute/disks/delete",
        "Microsoft.DevTestLab/schedules/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/applicationGateways/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/loadBalancers/probes/join/action",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/locations/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/write",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.SqlVirtualMachine/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

虛擬機器使用者登入Virtual Machine User Login

在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user.

動作Actions
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read 取得負載平衡器定義Gets a load balancer definition
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "View Virtual Machines in the portal and login as a regular user.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
  "name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
  "permissions": [
    {
      "actions": [
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/loadBalancers/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Compute/virtualMachines/*/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Compute/virtualMachines/login/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Virtual Machine User Login",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網路功能Networking

CDN 端點參與者CDN Endpoint Contributor

可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 端點讀者CDN Endpoint Reader

可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/endpoints/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Endpoint Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 設定檔參與者CDN Profile Contributor

可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CDN 設定檔讀者CDN Profile Reader

可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read
Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/*
Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view CDN profiles and their endpoints, but can't make changes.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
  "name": "8f96442b-4075-438f-813d-ad51ab4019af",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cdn/edgenodes/read",
        "Microsoft.Cdn/operationresults/*",
        "Microsoft.Cdn/profiles/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CDN Profile Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統網路參與者Classic Network Contributor

可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* 建立和管理傳統網路Create and manage classic networks
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicNetwork/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DNS 區域參與者DNS Zone Contributor

可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* 建立和管理 DNS 區域和記錄Create and manage DNS zones and records
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
  "name": "befefa01-2a29-4197-83a8-272ff33ce314",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/dnsZones/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DNS Zone Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網路參與者Network Contributor

可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/*Microsoft.Network/* 建立和管理網路Create and manage networks
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage networks, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
  "name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Network Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

流量管理員參與者Traffic Manager Contributor

可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/*
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/trafficManagerProfiles/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Traffic Manager Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體Storage

Avere 參與者Avere Contributor

可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Compute/*/readMicrosoft.Compute/*/read
Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/*
Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/*
Microsoft.Compute/disks/*Microsoft.Compute/disks/*
Microsoft.Network/*/readMicrosoft.Network/*/read
Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/*
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 取得虛擬網路子網路定義Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/*/readMicrosoft.Storage/*/read
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read 取得資源群組的資源。Gets the resources for the resource group.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 傳回刪除 Blob 的結果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 傳回寫入 Blob 的結果Returns the result of writing a blob
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can create and manage an Avere vFXT cluster.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/*/read",
        "Microsoft.Compute/availabilitySets/*",
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Network/*/read",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/*/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/resources/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Avere 操作員Avere Operator

供 Avere vFXT 叢集用來管理叢集Used by the Avere vFXT cluster to manage the cluster

動作Actions
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 取得虛擬機器的屬性Get the properties of a virtual machine
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 建立網路介面,或更新現有的網路介面。Creates a network interface or updates an existing network interface.
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read 取得虛擬網路子網路定義Gets a virtual network subnet definition
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 傳回刪除容器的結果Returns the result of deleting a container
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回容器的清單Returns list of containers
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 傳回放置 Blob 容器的結果Returns the result of put blob container
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 傳回刪除 Blob 的結果Returns the result of deleting a blob
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 傳回寫入 Blob 的結果Returns the result of writing a blob
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Used by the Avere vFXT cluster to manage the cluster",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
  "permissions": [
    {
      "actions": [
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Network/networkSecurityGroups/join/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Avere Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份參與者Backup Contributor

可讓您管理備份服務,但無法建立保存庫及授與存取權給其他人Lets you manage backup service, but can't create vaults and give access to others

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/*
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* 管理備份管理上作業的結果Manage results of operation on backup management
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* 在復原服務保存庫的備份網狀架構內建立和管理備份容器Create and manage backup containers inside backup fabrics of Recovery Services vault
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 重新整理容器清單Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 建立和管理備份作業Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 建立和管理備份管理作業的結果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* 建立和管理備份原則Create and manage backup policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 建立和管理可以備份的項目Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* 建立和管理備份項目Create and manage backed up items
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* 建立和管理保存備份項目的容器Create and manage containers holding backup items
Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* 建立和管理備份復原服務保存庫中與備份相關的憑證Create and manage certificates related to backup in Recovery Services vault
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 建立和管理與保存庫相關的擴充資訊Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 建立和管理註冊的身分識別Create and manage registered identities
Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* 建立和管理復原服務保存庫的使用方式Create and manage usage of Recovery Services vault
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 驗證受保護項目上的作業Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 取得所有可保護的容器Get all protectable containers
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup service,but can't create vaults and give access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
  "name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
        "Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/*",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/Vaults/usages/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/write",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份操作員Backup Operator

可讓您管理備份服務,但無法移除備份、建立保存庫及為其他人提供存取權Lets you manage backup services, except removal of backup, vault creation and giving access to others

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 傳回作業的狀態Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action 對受保護的項目執行備份。Performs Backup for Protected Item.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action 為受保護的項目佈建即時項目復原Provision Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 取得受保護項目的復原點。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action 還原受保護項目的復原點。Restore Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action 為受保護的項目撤銷即時項目復原Revoke Instant Item Recovery for Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write 建立備用的受保護項目Create a backup Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 傳回所有已註冊的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action 重新整理容器清單Refreshes the container list
Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* 建立和管理備份作業Create and manage backup jobs
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* 建立和管理備份管理作業的結果Create and manage Results of backup management operations
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 取得原則作業的結果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* 建立和管理可以備份的項目Create and manage items which can be backed up
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 傳回所有受保護項目的清單。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write 「更新資源憑證」作業會更新資源/保存庫的認證憑證。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write 「註冊服務容器」作業可用來向復原服務註冊容器。The Register Service Container operation can be used to register a container with Recovery Service.
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/*
Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action 驗證受保護項目上的作業Validate Operation on Protected Item
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 取得原則作業的狀態。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write 建立已註冊的容器Creates a registered container
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action 執行容器內工作負載的查詢Do inquiry for workloads within a container
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write 建立備份保護用途Create a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 取得備份保護用途Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read 取得所有可保護的容器Get all protectable containers
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 取得容器中的所有項目Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
  "name": "00c29273-979b-4161-815c-10b084fb9324",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
        "Microsoft.RecoveryServices/Vaults/backupJobs/*",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/write",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
        "Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

備份讀取者Backup Reader

可以檢視備份服務,但無法進行變更Can view backup services, but can't make changes

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read 傳回作業的狀態Returns status of the operation
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read 傳回受保護項目的物件詳細資料Returns object details of the Protected Item
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read 取得受保護項目的復原點。Get Recovery Points for Protected Items.
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read 傳回所有已註冊的容器Returns all registered containers
Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read 傳回作業的作業結果。Returns the Result of Job Operation.
Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read 傳回所有作業物件Returns all Job Objects
Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action 匯出作業Export Jobs
Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read 傳回復原服務保存庫的備份作業結果。Returns Backup Operation Result for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read 取得原則作業的結果。Get Results of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read 傳回所有保護原則Returns all Protection Policies
Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read 傳回所有受保護項目的清單。Returns the list of all Protected Items.
Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription
Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services .
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault.
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read 傳回復原服務保存庫的儲存體組態。Returns Storage Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read 傳回復原服務保存庫的組態。Returns Configuration for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read 取得原則作業的狀態。Get Status of Policy Operation.
Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault.
Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read 取得備份保護用途Get a backup Protection Intent
Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read 取得容器中的所有項目Get all items in a container
Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*
Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write 解決警示。Resolves the alert.
Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider
Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read 取得給定作業的作業狀態Gets Operation Status for a given Operation
Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read 列出所有的備份保護用途List all backup Protection Intents
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action 驗證功能Validate Features
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view backup services, but can't make changes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupJobs/read",
        "Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
        "Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
        "Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupconfig/read",
        "Microsoft.RecoveryServices/Vaults/backupOperations/read",
        "Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
        "Microsoft.RecoveryServices/Vaults/backupEngines/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
        "Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
        "Microsoft.RecoveryServices/locations/backupStatus/action",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
        "Microsoft.RecoveryServices/operations/read",
        "Microsoft.RecoveryServices/locations/operationStatus/read",
        "Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Backup Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統儲存體帳戶參與者Classic Storage Account Contributor

可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage classic storage accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role

「傳統儲存體帳戶金鑰操作員」可以列出及重新產生「傳統儲存體帳戶」的金鑰Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts

動作Actions
Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action 重新產生儲存體帳戶的現有存取金鑰。Regenerates the existing access keys for the storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ClassicStorage/storageAccounts/listkeys/action",
        "Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Classic Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料箱參與者Data Box Contributor

可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Databox/*Microsoft.Databox/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage everything under Data Box Service except giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
  "name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Databox/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料箱讀者Data Box Reader

可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Databox/*/readMicrosoft.Databox/*/read
Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action
Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action 列出與訂單相關的未加密認證。Lists the unencrypted credentials related to the order.
Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action 此方法會傳回可用的 SKU 清單。This method returns the list of available skus.
Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action 此方法會執行所有類型的驗證。This method does all type of validations.
Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action 此方法會傳回區域的設定。This method returns the configurations for the region.
Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action 驗證出貨地址,並提供備用的地址 (若有的話)。Validates the shipping address and provides alternate addresses if any.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Databox/*/read",
        "Microsoft.Databox/jobs/listsecrets/action",
        "Microsoft.Databox/jobs/listcredentials/action",
        "Microsoft.Databox/locations/availableSkus/action",
        "Microsoft.Databox/locations/validateInputs/action",
        "Microsoft.Databox/locations/regionConfiguration/action",
        "Microsoft.Databox/locations/validateAddress/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Box Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Lake Analytics 開發人員Data Lake Analytics Developer

可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/*
Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete
Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action
Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write
Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete 刪除 DataLakeAnalytics 帳戶。Delete a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action 授與權限以取消其他使用者所提交的作業。Grant permissions to cancel jobs submitted by other users.
Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write 建立或更新 DataLakeAnalytics 帳戶。Create or update a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write 建立或更新 DataLakeAnalytics 帳戶所連結的 DataLakeStore 帳戶。Create or update a linked DataLakeStore account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete 取消 DataLakeStore 帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a DataLakeStore account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write 建立或更新 DataLakeAnalytics 帳戶所連結的儲存體帳戶。Create or update a linked Storage account of a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete 取消儲存體帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a Storage account from a DataLakeAnalytics account.
Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write 建立或更新防火牆規則。Create or update a firewall rule.
Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete 刪除防火牆規則。Delete a firewall rule.
Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write 建立或更新計算原則。Create or update a compute policy.
Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete 刪除計算原則。Delete a compute policy.
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
  "name": "47b7735b-770e-4598-a7da-8b91488b4c88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.BigAnalytics/accounts/*",
        "Microsoft.DataLakeAnalytics/accounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.BigAnalytics/accounts/Delete",
        "Microsoft.BigAnalytics/accounts/TakeOwnership/action",
        "Microsoft.BigAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
        "Microsoft.DataLakeAnalytics/accounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
        "Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
        "Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
        "Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Lake Analytics Developer",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

讀取者及資料存取Reader and Data Access

可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys.

動作Actions
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action 傳回指定儲存體帳戶的帳戶 SAS 權杖。Returns the Account SAS token for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
  "name": "c12c1c16-33a1-487b-954d-41c89c60f349",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Storage/storageAccounts/ListAccountSas/action",
        "Microsoft.Storage/storageAccounts/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Reader and Data Access",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體帳戶參與者Storage Account Contributor

允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* 建立及管理儲存體帳戶Create and manage storage accounts
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role

允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys.

動作Actions
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action 重新產生指定儲存體帳戶的存取金鑰。Regenerates the access keys for the specified storage account.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
  "name": "81a9662b-bebf-436f-a333-f67b29880f12",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/regeneratekey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Account Key Operator Service Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料參與者Storage Blob Data Contributor

讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete 刪除容器。Delete a container.
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回一個容器或一份容器清單。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write 修改容器的中繼資料或屬性。Modify a container's metadata or properties.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete 刪除 Blob。Delete a blob.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs.
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action 將 blob 從一個路徑移到另一個路徑Moves the blob from one path to another
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write 寫入 blob。Write to a blob.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write and delete access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/write",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料擁有者Storage Blob Data Owner

支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* 容器的完整權限。Full permissions on containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* Blob 的完整權限。Full permissions on blobs.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/*",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 資料讀者Storage Blob Data Reader

讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read 傳回一個容器或一份容器清單。Return a container or a list of containers.
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage blob containers and data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/read",
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體 Blob 委派者Storage Blob Delegator

取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SASFor more information, see Create a user delegation SAS.

動作Actions
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Blob Delegator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor

允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor

允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder.
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action 傳回修改檔案/資料夾權限的結果。Returns the result of modifying permission on a file/folder.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
  "name": "a7264617-510b-434b-a828-9731dc254ea7",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Elevated Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader

允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure File Share over SMB",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
  "name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage File Data SMB Share Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料參與者Storage Queue Data Contributor

讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete 刪除佇列。Delete a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 傳回一個佇列或一份佇列清單。Return a queue or a list of queues.
Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write 修改佇列中繼資料或屬性。Modify queue metadata or properties.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete 從佇列中刪除一或多個訊息。Delete one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write 將訊息新增至佇列。Add a message to a queue.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/write"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料訊息處理者Storage Queue Data Message Processor

從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 瞄核訊息。Peek a message.
Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action 取出和刪除訊息。Retrieve and delete a message.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Processor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料訊息傳送者Storage Queue Data Message Sender

將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action 將訊息新增至佇列。Add a message to a queue.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for sending of Azure Storage queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Message Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

儲存體佇列資料讀者Storage Queue Data Reader

讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.

動作Actions
Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read 傳回佇列或佇列清單。Returns a queue or a list of queues.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for read access to Azure Storage queues and queue messages",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
  "name": "19e7f393-937e-4f77-808e-94535e297925",
  "permissions": [
    {
      "actions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Storage Queue Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

WebWeb

Azure 地圖服務資料讀者Azure Maps Data Reader

授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Grants access to read map related data from an Azure maps account.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.Maps/accounts/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Maps Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

搜尋服務參與者Search Service Contributor

可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* 建立和管理搜尋服務Create and manage search services
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Search services, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Search/searchServices/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Search Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Web 方案參與者Web Plan Contributor

可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* 建立和管理伺服器陣列Create and manage server farms
Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action 加入 App Service 環境Joins an App Service Environment
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the web plans for websites, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/serverFarms/*",
        "Microsoft.Web/hostingEnvironments/Join/Action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Web Plan Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

網站參與者Website Contributor

可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* 建立和管理 Insights 元件Create and manage Insights components
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Web/certificates/*Microsoft.Web/certificates/* 建立和管理網站憑證Create and manage website certificates
Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read 取得指派給主機名稱之網站的名稱。Get names of sites assigned to hostname.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 取得 App Service 方案的屬性Get the properties on an App Service Plan
Microsoft.Web/sites/*Microsoft.Web/sites/* 建立和管理網站 (建立網站也需要相關聯應用程式服務方案的寫入權限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan)
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage websites (not web plans), but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
  "name": "de139f84-1756-47ae-9be6-808fbbe84772",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/certificates/*",
        "Microsoft.Web/listSitesAssignedToHostName/read",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Website Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

容器Containers

AcrDeleteAcrDelete

acr 刪除acr delete

動作Actions
Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete 刪除容器登錄中的成品。Delete artifact in a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr delete",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/artifacts/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrDelete",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrImageSignerAcrImageSigner

ACR 影像簽署者acr image signer

動作Actions
Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write 推送/提取容器登錄的內容信任中繼資料。Push/Pull content trust metadata for a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr image signer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
  "name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/sign/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrImageSigner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPullAcrPull

acr 提取acr pull

動作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 從容器登錄中提取或取得映像。Pull or Get images from a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr pull",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPull",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrPushAcrPush

acr 推送acr push

動作Actions
Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read 從容器登錄中提取或取得映像。Pull or Get images from a container registry.
Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write 將映像推送或寫入至容器登錄。Push or Write images to a container registry.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr push",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
  "name": "8311e382-0749-4cb8-b61a-304f252e45ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/pull/read",
        "Microsoft.ContainerRegistry/registries/push/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrPush",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineReaderAcrQuarantineReader

ACR 隔離資料讀取者acr quarantine data reader

動作Actions
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
  "name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineReader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AcrQuarantineWriterAcrQuarantineWriter

ACR 隔離資料寫入者acr quarantine data writer

動作Actions
Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry
Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write 寫入/修改已隔離映像的隔離狀態Write/Modify quarantine state of quarantined images
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "acr quarantine data writer",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerRegistry/registries/quarantine/read",
        "Microsoft.ContainerRegistry/registries/quarantine/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "AcrQuarantineWriter",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role

列出叢集管理員認證動作。List cluster admin credential action.

動作Actions
Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action 列出受控叢集的 clusterAdmin 認證List the clusterAdmin credential of a managed cluster
Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action 使用清單認證依角色名稱取得受控叢集存取設定檔Get a managed cluster access profile by role name using list credential
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster admin credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
        "Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster Admin Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role

列出叢集使用者認證動作。List cluster user credential action.

動作Actions
Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action 列出受控叢集的 clusterUser 認證List the clusterUser credential of a managed cluster
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "List cluster user credential action.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
  "permissions": [
    {
      "actions": [
        "Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Kubernetes Service Cluster User Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料庫Databases

Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role

可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read 讀取任何集合Read any collection
Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action 讀取資料庫帳戶的唯讀金鑰。Reads the database account readonly keys.
Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read 讀取計量定義Read metric definitions
Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read 讀取計量Read metrics
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read Azure Cosmos DB Accounts data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDB/*/read",
        "Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
        "Microsoft.Insights/MetricDefinitions/read",
        "Microsoft.Insights/Metrics/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Account Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Cosmos DB 操作員Cosmos DB Operator

可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings.

動作Actions
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/*
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
NotActionsNotActions
Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*
Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/*
Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/*
Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
  "name": "230815da-be43-4aae-9cb4-875f7bd000aa",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [
        "Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
        "Microsoft.DocumentDB/databaseAccounts/listKeys/*",
        "Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cosmos DB Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

CosmosBackupOperatorCosmosBackupOperator

可為帳戶的 Cosmos DB 資料庫或容器提交還原要求Can submit restore request for a Cosmos DB database or a container for an account

動作Actions
Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action 提交要求以設定備份Submit a request to configure backup
Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action 提交還原要求Submit a restore request
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can submit restore request for a Cosmos DB database or a container for an account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.DocumentDB/databaseAccounts/backup/action",
        "Microsoft.DocumentDB/databaseAccounts/restore/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "CosmosBackupOperator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DocumentDB 帳戶參與者DocumentDB Account Contributor

可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* 建立及管理 Azure Cosmos DB 帳戶Create and manage Azure Cosmos DB accounts
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage DocumentDB accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
  "name": "5bd9cd88-fe45-4216-938b-f97437e15450",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DocumentDb/databaseAccounts/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DocumentDB Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Redis 快取參與者Redis Cache Contributor

可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Cache/redis/*Microsoft.Cache/redis/* 建立和管理 Redis 快取Create and manage Redis caches
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Redis caches, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
  "name": "e0f68234-74aa-48ed-b826-c38b57376e17",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Cache/redis/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Redis Cache Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL DB 參與者SQL DB Contributor

可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* 建立和管理 SQL 資料庫Create and manage SQL databases
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 編輯稽核原則Edit audit policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 編輯稽核設定Edit audit settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 編輯連接原則Edit connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 編輯資料遮罩原則Edit data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 編輯安全性警示原則Edit security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 編輯安全性計量Edit security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/databases/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL DB Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL 受控執行個體參與者SQL Managed Instance Contributor

可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.

動作Actions
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/*
Microsoft.Network/routeTables/*Microsoft.Network/routeTables/*
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/*
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/*
Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/networkSecurityGroups/*",
        "Microsoft.Network/routeTables/*",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/managedInstances/*",
        "Microsoft.Support/*",
        "Microsoft.Network/virtualNetworks/subnets/*",
        "Microsoft.Network/virtualNetworks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Managed Instance Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL 安全性管理員SQL Security Manager

可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 建立和管理 SQL Server 稽核原則Create and manage SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 建立和管理 SQL Server 稽核設定Create and manage SQL server auditing setting
Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read 擷取指定伺服器上所設定之擴充伺服器 Blob 稽核原則的詳細資料Retrieve details of the extended server blob auditing policy configured on a given server
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 建立和管理 SQL Server 資料庫稽核原則Create and manage SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 建立和管理 SQL Server 資料庫稽核設定Create and manage SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 建立和管理 SQL Server 資料庫連接原則Create and manage SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 建立和管理 SQL Server 資料庫資料遮罩原則Create and manage SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read 擷取指定資料庫上所設定之擴充 Blob 稽核原則的詳細資料Retrieve details of the extended blob auditing policy configured on a given database
Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read 傳回資料庫清單,或取得指定資料庫的屬性。Return the list of databases or gets the properties for the specified database.
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read 取得資料庫結構描述。Get a database schema.
Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read 取得資料庫資料行。Get a database column.
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read 取得資料庫資料表。Get a database table.
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 建立和管理 SQL Server 資料庫安全性警示原則Create and manage SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 建立和管理 SQL Server 資料庫安全性度量Create and manage SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/*
Microsoft.Sql/servers/readMicrosoft.Sql/servers/read 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server.
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 建立和管理 SQL Server 安全性警示原則Create and manage SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
        "Microsoft.Sql/servers/databases/read",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/read",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/read",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/transparentDataEncryption/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/firewallRules/*",
        "Microsoft.Sql/servers/read",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Security Manager",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

SQL Server 參與者SQL Server Contributor

可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read
Microsoft.Sql/servers/*Microsoft.Sql/servers/* 建立和管理 SQL ServerCreate and manage SQL servers
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read 讀取計量定義Read metric definitions
NotActionsNotActions
Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*
Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*
Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/*
Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*
Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/*
Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/*
Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* 編輯 SQL Server 稽核原則Edit SQL server auditing policies
Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* 編輯 SQL Server 稽核設定Edit SQL server auditing settings
Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* 編輯 SQL Server 資料庫稽核原則Edit SQL server database auditing policies
Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* 編輯 SQL Server 資料庫稽核設定Edit SQL server database auditing settings
Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records
Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* 編輯 SQL Server 資料庫連接原則Edit SQL server database connection policies
Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/*
Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* 編輯 SQL Server 資料庫資料遮罩原則Edit SQL server database data masking policies
Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/*
Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*
Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*
Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* 編輯 SQL Server 資料庫安全性警示原則Edit SQL server database security alert policies
Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* 編輯 SQL Server 資料庫安全性度量Edit SQL server database security metrics
Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/*
Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*
Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*
Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/*
Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* 編輯 SQL Server 安全性警示原則Edit SQL server security alert policies
Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Sql/locations/*/read",
        "Microsoft.Sql/servers/*",
        "Microsoft.Support/*",
        "Microsoft.Insights/metrics/read",
        "Microsoft.Insights/metricDefinitions/read"
      ],
      "notActions": [
        "Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
        "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/managedInstances/securityAlertPolicies/*",
        "Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/auditingPolicies/*",
        "Microsoft.Sql/servers/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditingPolicies/*",
        "Microsoft.Sql/servers/databases/auditingSettings/*",
        "Microsoft.Sql/servers/databases/auditRecords/read",
        "Microsoft.Sql/servers/databases/connectionPolicies/*",
        "Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
        "Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
        "Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/securityAlertPolicies/*",
        "Microsoft.Sql/servers/databases/securityMetrics/*",
        "Microsoft.Sql/servers/databases/sensitivityLabels/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
        "Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
        "Microsoft.Sql/servers/extendedAuditingSettings/*",
        "Microsoft.Sql/servers/securityAlertPolicies/*",
        "Microsoft.Sql/servers/vulnerabilityAssessments/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "SQL Server Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

分析Analytics

Azure 事件中樞資料擁有者Azure Event Hubs Data Owner

允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources.

動作Actions
Microsoft.EventHub/*Microsoft.EventHub/*
NotActionsNotActions
none
DataActionsDataActions
Microsoft.EventHub/*Microsoft.EventHub/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
  "name": "f526a384-b230-433a-b45c-95f59c4a2dec",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 事件中樞資料接收者Azure Event Hubs Data Receiver

允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources.

動作Actions
Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows receive access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/consumergroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 事件中樞資料傳送者Azure Event Hubs Data Sender

允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources.

動作Actions
Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows send access to Azure Event Hubs resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
  "name": "2b629674-e913-4c01-ae53-ef4638d8f975",
  "permissions": [
    {
      "actions": [
        "Microsoft.EventHub/*/eventhubs/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.EventHub/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Event Hubs Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Data Factory 參與者Data Factory Contributor

建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them.
Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write 建立或更新 eventSubscriptionCreate or update an eventSubscription
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and manage data factories, as well as child resources within them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
  "name": "673868aa-7521-48a0-acc6-0f60742d39f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.DataFactory/dataFactories/*",
        "Microsoft.DataFactory/factories/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.EventGrid/eventSubscriptions/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Factory Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資料清除者Data Purger

可清除分析資料Can purge analytics data

動作Actions
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action 從 Application Insights 清除資料Purging data from Application Insights
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action 從工作區刪除指定的資料Delete specified data from workspace
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can purge analytics data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/components/*/read",
        "Microsoft.Insights/components/purge/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/purge/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Data Purger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 叢集操作員HDInsight Cluster Operator

可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations.

動作Actions
Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read
Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action 取得 HDInsight 叢集的閘道設定Get gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action 更新 HDInsight 叢集的閘道設定Update gateway settings for HDInsight Cluster
Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and modify HDInsight cluster configurations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
  "name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
  "permissions": [
    {
      "actions": [
        "Microsoft.HDInsight/*/read",
        "Microsoft.HDInsight/clusters/getGatewaySettings/action",
        "Microsoft.HDInsight/clusters/updateGatewaySettings/action",
        "Microsoft.HDInsight/clusters/configurations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Cluster Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

HDInsight 網域服務參與者HDInsight Domain Services Contributor

可讀取、建立、修改和刪除 HDInsight 企業安全性套件所需的網域服務相關作業Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package

動作Actions
Microsoft.AAD/*/readMicrosoft.AAD/*/read
Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read
Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
  "permissions": [
    {
      "actions": [
        "Microsoft.AAD/*/read",
        "Microsoft.AAD/domainServices/*/read",
        "Microsoft.AAD/domainServices/oucontainer/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "HDInsight Domain Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 參與者Log Analytics Contributor

「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/*
Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/*
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/*
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write 安裝或更新 Azure Arc 擴充Installs or Updates an Azure Arc extensions
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.OperationalInsights/*Microsoft.OperationalInsights/*
Microsoft.OperationsManagement/*Microsoft.OperationsManagement/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Automation/automationAccounts/*",
        "Microsoft.ClassicCompute/virtualMachines/extensions/*",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.Compute/virtualMachines/extensions/*",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.OperationalInsights/*",
        "Microsoft.OperationsManagement/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Storage/storageAccounts/listKeys/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Log Analytics 讀者Log Analytics Reader

「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新的引擎進行搜尋。Search using new engine.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 執行搜尋查詢Executes a search query
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read 擷取工作區的共用金鑰。Retrieves the shared keys for the workspace. 這些金鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。These keys are used to connect Microsoft Operational Insights agents to the workspace.
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
  "name": "73c42c96-874c-492b-b04d-ab87d138a893",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.OperationalInsights/workspaces/sharedKeys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Log Analytics Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

區塊鏈Blockchain

區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview)

允許存取區塊鏈成員節點Allows for access to Blockchain Member nodes

動作Actions
Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read 取得或列出現有的區塊鏈成員交易節點。Gets or Lists existing Blockchain Member Transaction Node(s).
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action 連線至區塊鏈成員交易節點。Connects to a Blockchain Member Transaction Node.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for access to Blockchain Member nodes",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
  "permissions": [
    {
      "actions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Blockchain Member Node Access (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

AI + 機器學習AI + machine learning

認知服務參與者Cognitive Services Contributor

可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
Microsoft.Features/features/readMicrosoft.Features/features/read 取得訂用帳戶的功能。Gets the features of a subscription.
Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read 取得給定資源提供者中某個訂用帳戶的功能。Gets the feature of a subscription in a given resource provider.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 讀取記錄定義Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 讀取計量定義Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/*
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.CognitiveServices/*",
        "Microsoft.Features/features/read",
        "Microsoft.Features/providers/features/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務資料讀者 (預覽)Cognitive Services Data Reader (Preview)

可讓您讀取認知服務資料。Lets you read Cognitive Services data.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read Cognitive Services data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services Data Reader (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

認知服務使用者Cognitive Services User

可讓您讀取和列出認知服務的金鑰。Lets you read and list keys of Cognitive Services.

動作Actions
Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read
Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action 列出金鑰List Keys
Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read 讀取傳統計量警示Read a classic metric alert
Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read 讀取資源診斷設定Read a resource diagnostic setting
Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read 讀取記錄定義Read log definitions
Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read 讀取計量定義Read metric definitions
Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read 讀取計量Read metrics
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
Microsoft.CognitiveServices/*Microsoft.CognitiveServices/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and list keys of Cognitive Services.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
  "name": "a97b65f3-24c7-4388-baec-2e87135dc908",
  "permissions": [
    {
      "actions": [
        "Microsoft.CognitiveServices/*/read",
        "Microsoft.CognitiveServices/accounts/listkeys/action",
        "Microsoft.Insights/alertRules/read",
        "Microsoft.Insights/diagnosticSettings/read",
        "Microsoft.Insights/logDefinitions/read",
        "Microsoft.Insights/metricdefinitions/read",
        "Microsoft.Insights/metrics/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.CognitiveServices/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Cognitive Services User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

混合實境Mixed reality

空間錨點帳戶參與者Spatial Anchors Account Contributor

可讓您管理帳戶中的空間錨點,但無法刪除Lets you manage spatial anchors in your account, but not delete them

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 建立空間錨點Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 探索附近的空間錨點Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 取得空間錨點的屬性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找出空間錨點Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空間錨點屬性Update spatial anchors properties
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, but not delete them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

空間錨點帳戶擁有者Spatial Anchors Account Owner

可讓您管理帳戶中的空間錨點,包含刪除Lets you manage spatial anchors in your account, including deleting them

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action 建立空間錨點Create spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete 刪除空間錨點Delete spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 探索附近的空間錨點Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 取得空間錨點的屬性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找出空間錨點Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write 更新空間錨點屬性Update spatial anchors properties
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage spatial anchors in your account, including deleting them",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
  "name": "70bbe301-9835-447d-afdd-19eb3167307c",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

空間錨點帳戶讀者Spatial Anchors Account Reader

可讓您尋找和讀取帳戶中空間錨點的屬性Lets you locate and read properties of spatial anchors in your account

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read 探索附近的空間錨點Discover nearby spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read 取得空間錨點的屬性Get properties of spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read 找出空間錨點Locate spatial anchors
Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you locate and read properties of spatial anchors in your account",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
        "Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Spatial Anchors Account Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

整合Integration

API 管理服務參與者API Management Service Contributor

可管理服務與 APICan manage service and the APIs

動作Actions
Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* 建立和管理 API 管理服務Create and manage API Management service
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service and the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
  "name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API 管理服務操作員角色API Management Service Operator Role

可管理服務,但無法管理 APICan manage service but not the APIs

動作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 讀取 API 管理服務執行個體Read API Management Service instances
Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action 將 API 管理服務備份到使用者所提供之儲存體帳戶中的指定容器Backup API Management Service to the specified container in a user provided storage account
Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete 刪除 API 管理服務執行個體Delete API Management Service instance
Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action 變更 SKU/單位、新增/移除 API 管理服務的區域部署Change SKU/units, add/remove regional deployments of API Management Service
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 讀取 API 管理服務執行個體的中繼資料Read metadata for an API Management Service instance
Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action 從使用者所提供之儲存體帳戶中的指定容器來還原 API 管理服務Restore API Management Service from the specified container in a user provided storage account
Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action 上傳 API 管理服務的 TLS/SSL 憑證Upload TLS/SSL certificate for an API Management Service
Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action 設定、更新或移除 API 管理服務的自訂網域名稱Setup, update or remove custom domain names for an API Management Service
Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write 建立或更新 API 管理服務執行個體Create or Update API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 取得與使用者相關聯的金鑰Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage service but not the APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/backup/action",
        "Microsoft.ApiManagement/service/delete",
        "Microsoft.ApiManagement/service/managedeployments/action",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.ApiManagement/service/restore/action",
        "Microsoft.ApiManagement/service/updatecertificate/action",
        "Microsoft.ApiManagement/service/updatehostname/action",
        "Microsoft.ApiManagement/service/write",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

API 管理服務讀取者角色API Management Service Reader Role

具有服務與 API 的唯讀存取權Read-only access to service and APIs

動作Actions
Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read 讀取 API 管理服務執行個體Read API Management Service instances
Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read 讀取 API 管理服務執行個體的中繼資料Read metadata for an API Management Service instance
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read 取得與使用者相關聯的金鑰Get keys associated with user
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read-only access to service and APIs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
  "name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
  "permissions": [
    {
      "actions": [
        "Microsoft.ApiManagement/service/*/read",
        "Microsoft.ApiManagement/service/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.ApiManagement/service/users/keys/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "API Management Service Reader Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態資料擁有者App Configuration Data Owner

允許完整存取應用程式組態資料。Allows full access to App Configuration data.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write
Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows full access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read",
        "Microsoft.AppConfiguration/configurationStores/*/write",
        "Microsoft.AppConfiguration/configurationStores/*/delete"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

應用程式組態資料讀者App Configuration Data Reader

允許讀取應用程式組態資料。Allows read access to App Configuration data.

動作Actions
none
NotActionsNotActions
none
DataActionsDataActions
Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to App Configuration data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
  "name": "516239f1-63e1-4d78-a4de-a74fb236a071",
  "permissions": [
    {
      "actions": [],
      "notActions": [],
      "dataActions": [
        "Microsoft.AppConfiguration/configurationStores/*/read"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "App Configuration Data Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排資料擁有者Azure Service Bus Data Owner

允許完整存取 Azure 服務匯流排資源。Allows for full access to Azure Service Bus resources.

動作Actions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotActionsNotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*Microsoft.ServiceBus/*
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for full access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
  "name": "090c5cfd-751d-490a-894a-3ce6f1109419",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排資料接收者Azure Service Bus Data Receiver

允許接收 Azure 服務匯流排資源。Allows for receive access to Azure Service Bus resources.

動作Actions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for receive access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/receive/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Receiver",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure 服務匯流排資料傳送者Azure Service Bus Data Sender

允許傳送 Azure 服務匯流排資源。Allows for send access to Azure Service Bus resources.

動作Actions
Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read
Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read
Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read
NotActionsNotActions
none
DataActionsDataActions
Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for send access to Azure Service Bus resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
  "permissions": [
    {
      "actions": [
        "Microsoft.ServiceBus/*/queues/read",
        "Microsoft.ServiceBus/*/topics/read",
        "Microsoft.ServiceBus/*/topics/subscriptions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.ServiceBus/*/send/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Service Bus Data Sender",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Stack 註冊擁有者Azure Stack Registration Owner

可讓您管理 Azure Stack 註冊。Lets you manage Azure Stack registrations.

動作Actions
Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action
Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read 取得 Azure Stack Marketplace 產品的屬性Gets the properties of an Azure Stack Marketplace product
Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read 取得 Azure Stack 註冊的屬性Gets the properties of an Azure Stack registration
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Azure Stack registrations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
  "permissions": [
    {
      "actions": [
        "Microsoft.AzureStack/registrations/products/*/action",
        "Microsoft.AzureStack/registrations/products/read",
        "Microsoft.AzureStack/registrations/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Stack Registration Owner",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 參與者EventGrid EventSubscription Contributor

可讓您管理 EventGrid 事件訂用帳戶作業。Lets you manage EventGrid event subscription operations.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/*
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read 依主題類型列出全域事件訂用帳戶List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read 列出區域事件訂用帳戶List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read 依主題類型列出區域事件訂用帳戶List regional event subscriptions by topictype
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage EventGrid event subscription operations.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/*",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

EventGrid EventSubscription 讀者EventGrid EventSubscription Reader

可讓您讀取 EventGrid 事件訂用帳戶。Lets you read EventGrid event subscriptions.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read 讀取 eventSubscriptionRead an eventSubscription
Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read 依主題類型列出全域事件訂用帳戶List global event subscriptions by topic type
Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read 列出區域事件訂用帳戶List regional event subscriptions
Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read 依主題類型列出區域事件訂用帳戶List regional event subscriptions by topictype
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read EventGrid event subscriptions.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
  "name": "2414bbcf-6497-4faf-8c65-045460748405",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.EventGrid/eventSubscriptions/read",
        "Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/eventSubscriptions/read",
        "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "EventGrid EventSubscription Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Intelligent Systems 帳戶參與者Intelligent Systems Account Contributor

可讓您管理「智慧型系統」帳戶,但無法存取它們。Lets you manage Intelligent Systems accounts, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* 建立及管理 Intelligent Systems 帳戶Create and manage intelligent systems accounts
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Intelligent Systems accounts, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
  "name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.IntelligentSystems/accounts/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Intelligent Systems Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

邏輯應用程式參與者Logic App Contributor

可讓您管理邏輯應用程式,但無法變更對邏輯應用程式的存取。Lets you manage logic apps, but not change access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts.
Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read 傳回具有給定帳戶的儲存體帳戶。Return the storage account with the given account.
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/*
Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* 此為使用者需要透過入口網站存取活動記錄時所需的權限。This permission is necessary for users who need access to Activity Logs via the portal. 列出活動記錄檔中的記錄檔分類。List log categories in Activity Log.
Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* 讀取度量定義 (可用資源的度量類型清單)。Read metric definitions (list of available metric types for a resource).
Microsoft.Logic/*Microsoft.Logic/* 管理 Logic Apps 資源。Manages Logic Apps resources.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* 建立及管理「連線閘道」。Create and manages a Connection Gateway.
Microsoft.Web/connections/*Microsoft.Web/connections/* 建立及管理「連線」。Create and manages a Connection.
Microsoft.Web/customApis/*Microsoft.Web/customApis/* 建立及管理「自訂 API」。Creates and manages a Custom API.
Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 取得 App Service 方案的屬性Get the properties on an App Service Plan
Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action 列出函式秘密。List Function secrets.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage logic app, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicStorage/storageAccounts/listKeys/action",
        "Microsoft.ClassicStorage/storageAccounts/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/diagnosticSettings/*",
        "Microsoft.Insights/logdefinitions/*",
        "Microsoft.Insights/metricDefinitions/*",
        "Microsoft.Logic/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listkeys/action",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*",
        "Microsoft.Web/connections/*",
        "Microsoft.Web/customApis/*",
        "Microsoft.Web/serverFarms/join/action",
        "Microsoft.Web/serverFarms/read",
        "Microsoft.Web/sites/functions/listSecrets/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

邏輯應用程式操作員Logic App Operator

可讓您讀取、啟用及停用邏輯應用程式,但無法編輯或更新邏輯應用程式。Lets you read, enable, and disable logic apps, but not edit or update them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read 讀取 Insights 警示規則Read Insights alert rules
Microsoft.Insights/metricAlerts/*/readMicrosoft.Insights/metricAlerts/*/read
Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read 取得 Logic Apps 的診斷設定Gets diagnostic settings for Logic Apps
Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read 取得 Logic Apps 的可用計量。Gets the available metrics for Logic Apps.
Microsoft.Logic/*/readMicrosoft.Logic/*/read 讀取 Logic Apps 資源。Reads Logic Apps resources.
Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action 停用工作流程。Disables the workflow.
Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action 啟用工作流程。Enables the workflow.
Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action 驗證工作流程。Validates the workflow.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read 取得訂用帳戶作業結果。Get the subscription operation results.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read 讀取「連線閘道」。Read Connection Gateways.
Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read 讀取「連線」。Read Connections.
Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read 讀取「自訂 API」。Read Custom API.
Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read 取得 App Service 方案的屬性Get the properties on an App Service Plan
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read, enable and disable logic app.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*/read",
        "Microsoft.Insights/metricAlerts/*/read",
        "Microsoft.Insights/diagnosticSettings/*/read",
        "Microsoft.Insights/metricDefinitions/*/read",
        "Microsoft.Logic/*/read",
        "Microsoft.Logic/workflows/disable/action",
        "Microsoft.Logic/workflows/enable/action",
        "Microsoft.Logic/workflows/validate/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/subscriptions/operationresults/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Web/connectionGateways/*/read",
        "Microsoft.Web/connections/*/read",
        "Microsoft.Web/customApis/*/read",
        "Microsoft.Web/serverFarms/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Logic App Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

身分識別Identity

受控身分識別參與者Managed Identity Contributor

建立、讀取、更新及刪除使用者指派的身分識別Create, Read, Update, and Delete User Assigned Identity

動作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read 取得現有已指派使用者的身分識別Gets an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write 建立新的已指派使用者的身分識別,或更新與現有已指派使用者之身分識別相關聯的標記Creates a new user assigned identity or updates the tags associated with an existing user assigned identity
Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete 刪除現有已指派使用者的身分識別Deletes an existing user assigned identity
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create, Read, Update, and Delete User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/write",
        "Microsoft.ManagedIdentity/userAssignedIdentities/delete",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

受控身分識別操作員Managed Identity Operator

讀取及指派使用者指派的身分識別Read and Assign User Assigned Identity

動作Actions
Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read
Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read and Assign User Assigned Identity",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
  "name": "f1a07417-d97a-45cb-824c-7a7467783830",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
        "Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Identity Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

安全性Security

Azure Sentinel 參與者Azure Sentinel Contributor

Azure Sentinel 參與者Azure Sentinel Contributor

動作Actions
Microsoft.SecurityInsights/*Microsoft.SecurityInsights/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新的引擎進行搜尋。Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/*
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 取得現有的 OMS 解決方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 針對工作區中的資料執行查詢Run queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read 取得工作區下的資料來源。Get datasources under a workspace.
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Contributor",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
  "name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Sentinel 讀者Azure Sentinel Reader

Azure Sentinel 讀者Azure Sentinel Reader

動作Actions
Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action 檢查使用者授權和使用權Check user authorization and license
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新的引擎進行搜尋。Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.OperationalInsights/workspaces/LinkedServices/readMicrosoft.OperationalInsights/workspaces/LinkedServices/read 取得指定工作區下已連結的服務。Get linked services under given workspace.
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read 取得已儲存的搜尋查詢Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 取得現有的 OMS 解決方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 針對工作區中的資料執行查詢Run queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read 取得工作區下的資料來源。Get datasources under a workspace.
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read 讀取活頁簿Read a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Reader",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/LinkedServices/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Sentinel 回應者Azure Sentinel Responder

Azure Sentinel 回應者Azure Sentinel Responder

動作Actions
Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action 檢查使用者授權和使用權Check user authorization and license
Microsoft.SecurityInsights/cases/*Microsoft.SecurityInsights/cases/*
Microsoft.SecurityInsights/incidents/*Microsoft.SecurityInsights/incidents/*
Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action 使用新的引擎進行搜尋。Search using new engine.
Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read 取得工作區下的資料來源。Get datasources under a workspace.
Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read 取得已儲存的搜尋查詢Gets a saved search query
Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read 取得現有的 OMS 解決方案Get exiting OMS solution
Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read 針對工作區中的資料執行查詢Run queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read
Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read 取得工作區下的資料來源。Get datasources under a workspace.
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read 讀取活頁簿Read a workbook
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Azure Sentinel Responder",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
  "permissions": [
    {
      "actions": [
        "Microsoft.SecurityInsights/*/read",
        "Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
        "Microsoft.SecurityInsights/cases/*",
        "Microsoft.SecurityInsights/incidents/*",
        "Microsoft.OperationalInsights/workspaces/analytics/query/action",
        "Microsoft.OperationalInsights/workspaces/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.OperationalInsights/workspaces/savedSearches/read",
        "Microsoft.OperationsManagement/solutions/read",
        "Microsoft.OperationalInsights/workspaces/query/read",
        "Microsoft.OperationalInsights/workspaces/query/*/read",
        "Microsoft.OperationalInsights/workspaces/dataSources/read",
        "Microsoft.Insights/workbooks/read",
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Sentinel Responder",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Key Vault 參與者Key Vault Contributor

可讓您管理金鑰保存庫,但無法存取它們。Lets you manage key vaults, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.KeyVault/*Microsoft.KeyVault/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action 清除虛刪除的 Key VaultPurge a soft deleted key vault
Microsoft.KeyVault/hsmPools/*Microsoft.KeyVault/hsmPools/*
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage key vaults, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
  "name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.KeyVault/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [
        "Microsoft.KeyVault/locations/deletedVaults/purge/action",
        "Microsoft.KeyVault/hsmPools/*"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Key Vault Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

安全性系統管理員Security Admin

資訊安全中心的檢視和更新權限。View and update permissions for Security Center. 與「安全性讀者」角色的權限相同,還可以更新安全性原則及關閉警示和建議。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* 建立及管理原則指派Create and manage policy assignments
Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* 建立及管理原則定義Create and manage policy definitions
Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* 建立及管理原則集合Create and manage policy sets
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* 建立和管理安全性元件和原則Create and manage security components and policies
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Admin Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Authorization/policyAssignments/*",
        "Microsoft.Authorization/policyDefinitions/*",
        "Microsoft.Authorization/policySetDefinitions/*",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Admin",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

安全性評量參與者Security Assessment Contributor

可讓您將評量推送至資訊安全中心Lets you push assessments to Security Center

動作Actions
Microsoft.Security/assessments/writeMicrosoft.Security/assessments/write 在您的訂用帳戶上建立或更新安全性評量Create or update security assessments on your subscription
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you push assessments to Security Center",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Security/assessments/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Assessment Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

安全性管理員 (舊版)Security Manager (Legacy)

此為舊版角色。This is a legacy role. 請改用「安全性系統管理員」。Please use Security Admin instead.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read 讀取傳統虛擬機器的設定資訊Read configuration information classic virtual machines
Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write 撰寫傳統虛擬機器的設定Write configuration for classic virtual machines
Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read 讀取傳統網路的組態資訊Read configuration information about classic network
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Security/*Microsoft.Security/* 建立和管理安全性元件和原則Create and manage security components and policies
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "This is a legacy role. Please use Security Administrator instead",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.ClassicCompute/*/read",
        "Microsoft.ClassicCompute/virtualMachines/*/write",
        "Microsoft.ClassicNetwork/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Manager (Legacy)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

安全性讀取者Security Reader

資訊安全中心的檢視權限。View permissions for Security Center. 可以檢視建議、警示、安全性原則和安全性狀態,但無法變更。Can view recommendations, alerts, a security policy, and security states, but cannot make changes.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read 檢視記錄分析資料View log analytics data
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Security/*/readMicrosoft.Security/*/read 讀取安全性元件和原則Read security components and policies
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Security Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.operationalInsights/workspaces/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Security/*/read",
        "Microsoft.Support/*",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Security Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

DevOpsDevOps

DevTest Labs 使用者DevTest Labs User

可讓您連線、啟動、重新啟及關閉您 Azure DevTest Labs 中的虛擬機器。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read 取得可用性設定組的屬性Get the properties of an availability set
Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read 讀取虛擬機器的屬性 (VM 大小、執行階段狀態、VM 擴充功能等)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.)
Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action 關閉虛擬機器的電源,並將計算資源釋出Powers off the virtual machine and releases the compute resources
Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read 取得虛擬機器的屬性Get the properties of a virtual machine
Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action 重新啟動虛擬機器Restarts the virtual machine
Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action 啟動虛擬機器Starts the virtual machine
Microsoft.DevTestLab/*/readMicrosoft.DevTestLab/*/read 讀取實驗室的屬性Read the properties of a lab
Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action 在實驗室中宣告隨機的可宣告虛擬機器。Claim a random claimable virtual machine in the lab.
Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action 在實驗室中建立虛擬機器。Create virtual machines in a lab.
Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action 請確認目前的使用者在實驗室中具備有效的設定檔。Ensure the current user has a valid profile in the lab.
Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete 刪除公式。Delete formulas.
Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read 讀取公式。Read formulas.
Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write 新增或修改公式。Add or modify formulas.
Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action 評估實驗室原則。Evaluates lab policy.
Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action 取得現有虛擬機器的擁有權Take ownership of an existing virtual machine
Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action 列出適用的啟動/停止排程 (若有的話)。Lists the applicable start/stop schedules, if any.
Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action 取得代表虛擬機器 RDP 檔案內容的字串Gets a string that represents the contents of the RDP file for the virtual machine
Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action 加入負載平衡器後端位址集區。Joins a load balancer backend address pool. 不可警示。Not Alertable.
Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action 加入負載平衡器輸入 nat 規則。Joins a load balancer inbound nat rule. 不可警示。Not Alertable.
Microsoft.Network/networkInterfaces/*/readMicrosoft.Network/networkInterfaces/*/read 讀取網路介面的屬性 (例如網路介面所屬的所有負載平衡器)Read the properties of a network interface (for example, all the load balancers that the network interface is a part of)
Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action 將虛擬機器加入網路介面。Joins a Virtual Machine to a network interface. 不可警示。Not Alertable.
Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read 取得網路介面定義。Gets a network interface definition.
Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write 建立網路介面,或更新現有的網路介面。Creates a network interface or updates an existing network interface.
Microsoft.Network/publicIPAddresses/*/readMicrosoft.Network/publicIPAddresses/*/read 讀取公用 IP 位址的屬性Read the properties of a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 加入公用 IP 位址。Joins a public ip address. 不可警示。Not Alertable.
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 取得公用 IP 位址定義。Gets a public ip address definition.
Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable.
Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read 取得或列出部署作業。Gets or lists deployment operations.
Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read 取得或列出部署。Gets or lists deployments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account.
NotActionsNotActions
Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read 列出虛擬機器所能更新成的大小Lists available sizes the virtual machine can be updated to
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
  "name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Compute/availabilitySets/read",
        "Microsoft.Compute/virtualMachines/*/read",
        "Microsoft.Compute/virtualMachines/deallocate/action",
        "Microsoft.Compute/virtualMachines/read",
        "Microsoft.Compute/virtualMachines/restart/action",
        "Microsoft.Compute/virtualMachines/start/action",
        "Microsoft.DevTestLab/*/read",
        "Microsoft.DevTestLab/labs/claimAnyVm/action",
        "Microsoft.DevTestLab/labs/createEnvironment/action",
        "Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
        "Microsoft.DevTestLab/labs/formulas/delete",
        "Microsoft.DevTestLab/labs/formulas/read",
        "Microsoft.DevTestLab/labs/formulas/write",
        "Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
        "Microsoft.DevTestLab/labs/virtualMachines/claim/action",
        "Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
        "Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
        "Microsoft.Network/loadBalancers/backendAddressPools/join/action",
        "Microsoft.Network/loadBalancers/inboundNatRules/join/action",
        "Microsoft.Network/networkInterfaces/*/read",
        "Microsoft.Network/networkInterfaces/join/action",
        "Microsoft.Network/networkInterfaces/read",
        "Microsoft.Network/networkInterfaces/write",
        "Microsoft.Network/publicIPAddresses/*/read",
        "Microsoft.Network/publicIPAddresses/join/action",
        "Microsoft.Network/publicIPAddresses/read",
        "Microsoft.Network/virtualNetworks/subnets/join/action",
        "Microsoft.Resources/deployments/operations/read",
        "Microsoft.Resources/deployments/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/listKeys/action"
      ],
      "notActions": [
        "Microsoft.Compute/virtualMachines/vmSizes/read"
      ],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "DevTest Labs User",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

實驗室建立者Lab Creator

可讓您在「Azure 實驗室帳戶」下建立、管理、刪除您的受控實驗室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.LabServices/labAccounts/*/readMicrosoft.LabServices/labAccounts/*/read
Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action 在實驗室帳戶中建立實驗室。Create a lab in a lab account.
Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action
Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action 取得在實驗室帳戶下設定的每個大小類別的區域可用性資訊Get regional availability information for each size category configured under a lab account
Microsoft.LabServices/labAccounts/getPricingAndAvailability/actionMicrosoft.LabServices/labAccounts/getPricingAndAvailability/action 依大小、地理位置和作業系統的各種組合,取得實驗室帳戶的價格和可用性。Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account.
Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/actionMicrosoft.LabServices/labAccounts/getRestrictionsAndUsage/action 取得此訂用帳戶的核心限制及使用量Get core restrictions and usage for this subscription
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you create, manage, delete your managed labs under your Azure Lab Accounts.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.LabServices/labAccounts/*/read",
        "Microsoft.LabServices/labAccounts/createLab/action",
        "Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/action",
        "Microsoft.LabServices/labAccounts/getRegionalAvailability/action",
        "Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
        "Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Lab Creator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

監視Monitor

Application Insights 元件參與者Application Insights Component Contributor

可以管理 Application Insights 元件Can manage Application Insights components

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統警示規則Create and manage classic alert rules
Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* 建立和管理新的警示規則Create and manage new alert rules
Microsoft.Insights/components/*Microsoft.Insights/components/* 建立和管理 Insights 元件Create and manage Insights components
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* 建立和管理 Insights web 測試Create and manage Insights web tests
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage Application Insights components",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
  "name": "ae349356-3a1b-4a5e-921d-050484c6347e",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/metricAlerts/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Component Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Application Insights 快照集偵錯工具Application Insights Snapshot Debugger

給予使用者權限,以便檢視及下載使用 Application Insights 快照偵錯工具所收集的偵錯快照。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 請注意,擁有者參與者角色未包含這些權限。Note that these permissions are not included in the Owner or Contributor roles. 將 Application Insights 快照偵錯者角色指派給使用者時,您必須直接將此角色授與使用者。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 此角色若新增至自訂角色,則無法辨識。The role is not recognized when it is added to a custom role.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Gives user permission to use Application Insights Snapshot Debugger features",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Insights/components/*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Application Insights Snapshot Debugger",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

監視參與者Monitoring Contributor

可以讀取所有監視資料並編輯監視設定。Can read all monitoring data and edit monitoring settings. 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/*
Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/*
Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/*
Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/*
Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Insights/components/*Microsoft.Insights/components/* 建立和管理 Insights 元件Create and manage Insights components
Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server
Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* 列出訂用帳戶中的活動記錄檔事件 (管理事件)。List Activity Log events (management events) in a subscription. 此權限適用於以程式設計方式存取和入口網站存取活動記錄檔。This permission is applicable to both programmatic and portal access to the Activity Log.
Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* 此為使用者需要透過入口網站存取活動記錄時所需的權限。This permission is necessary for users who need access to Activity Logs via the portal. 列出活動記錄檔中的記錄檔分類。List log categories in Activity Log.
Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/*
Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* 讀取度量定義 (可用資源的度量類型清單)。Read metric definitions (list of available metric types for a resource).
Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* 讀取資源的度量。Read metrics for a resource.
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 註冊 Microsoft Insights 提供者Register the Microsoft Insights provider
Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/*
Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* 建立和管理 Insights web 測試Create and manage Insights web tests
Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/*
Microsoft.Insights/privateLinkScopes/*Microsoft.Insights/privateLinkScopes/*
Microsoft.Insights/privateLinkScopeOperationStatuses/*Microsoft.Insights/privateLinkScopeOperationStatuses/*
Microsoft.OperationalInsights/workspaces/writeMicrosoft.OperationalInsights/workspaces/write 建立新的工作區,或藉由提供來自現有工作區的客戶識別碼來連結至現有工作區。Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace.
Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* 讀取/寫入/刪除記錄分析解決方案套件。Read/write/delete log analytics solution packs.
Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* 讀取/寫入/刪除記錄分析已儲存的搜尋。Read/write/delete log analytics saved searches.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 執行搜尋查詢Executes a search query
Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action 擷取工作區的共用金鑰。Retrieves the shared keys for the workspace. 這些金鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。These keys are used to connect Microsoft Operational Insights agents to the workspace.
Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* 讀取/寫入/刪除記錄分析儲存體深入解析設定。Read/write/delete log analytics storage insight configurations.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/*
Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/*
Microsoft.AlertsManagement/smartDetectorAlertRules/*Microsoft.AlertsManagement/smartDetectorAlertRules/*
Microsoft.AlertsManagement/actionRules/*Microsoft.AlertsManagement/actionRules/*
Microsoft.AlertsManagement/smartGroups/*Microsoft.AlertsManagement/smartGroups/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data and update monitoring settings.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.AlertsManagement/alerts/*",
        "Microsoft.AlertsManagement/alertsSummary/*",
        "Microsoft.Insights/actiongroups/*",
        "Microsoft.Insights/activityLogAlerts/*",
        "Microsoft.Insights/AlertRules/*",
        "Microsoft.Insights/components/*",
        "Microsoft.Insights/DiagnosticSettings/*",
        "Microsoft.Insights/eventtypes/*",
        "Microsoft.Insights/LogDefinitions/*",
        "Microsoft.Insights/metricalerts/*",
        "Microsoft.Insights/MetricDefinitions/*",
        "Microsoft.Insights/Metrics/*",
        "Microsoft.Insights/Register/Action",
        "Microsoft.Insights/scheduledqueryrules/*",
        "Microsoft.Insights/webtests/*",
        "Microsoft.Insights/workbooks/*",
        "Microsoft.Insights/privateLinkScopes/*",
        "Microsoft.Insights/privateLinkScopeOperationStatuses/*",
        "Microsoft.OperationalInsights/workspaces/write",
        "Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
        "Microsoft.OperationalInsights/workspaces/savedSearches/*",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.OperationalInsights/workspaces/sharedKeys/action",
        "Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
        "Microsoft.Support/*",
        "Microsoft.WorkloadMonitor/monitors/*",
        "Microsoft.WorkloadMonitor/notificationSettings/*",
        "Microsoft.AlertsManagement/smartDetectorAlertRules/*",
        "Microsoft.AlertsManagement/actionRules/*",
        "Microsoft.AlertsManagement/smartGroups/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

監視計量發行者Monitoring Metrics Publisher

針對 Azure 資源啟用發佈計量Enables publishing metrics against Azure resources

動作Actions
Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action 註冊 Microsoft Insights 提供者Register the Microsoft Insights provider
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write 寫入計量Write metrics
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Enables publishing metrics against Azure resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
  "name": "3913510d-42f4-4e42-8a64-420c390055eb",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/Register/Action",
        "Microsoft.Support/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.Insights/Metrics/Write"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Metrics Publisher",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

監視讀取器Monitoring Reader

可以讀取所有監視資料 (計量、記錄等等)。Can read all monitoring data (metrics, logs, etc.). 請參閱開始使用 Azure 監視器的角色、權限和安全性See also Get started with roles, permissions, and security with Azure Monitor.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action 執行搜尋查詢Executes a search query
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read all monitoring data.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.OperationalInsights/workspaces/search/action",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Monitoring Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

活頁簿參與者Workbook Contributor

可以儲存共用活頁簿。Can save shared workbooks.

動作Actions
Microsoft.Insights/workbooks/writeMicrosoft.Insights/workbooks/write 建立或更新活頁簿Create or update a workbook
Microsoft.Insights/workbooks/deleteMicrosoft.Insights/workbooks/delete 刪除活頁簿Delete a workbook
Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read 讀取活頁簿Read a workbook
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can save shared workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
  "permissions": [
    {
      "actions": [
        "Microsoft.Insights/workbooks/write",
        "Microsoft.Insights/workbooks/delete",
        "Microsoft.Insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

活頁簿讀者Workbook Reader

可以讀取活頁簿。Can read workbooks.

動作Actions
microsoft.insights/workbooks/readmicrosoft.insights/workbooks/read 讀取活頁簿Read a workbook
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read workbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
  "permissions": [
    {
      "actions": [
        "microsoft.insights/workbooks/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Workbook Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

管理和治理Management + governance

自動化作業運算子Automation Job Operator

使用「自動化 Runbook」來建立及管理作業。Create and Manage Jobs using Automation Runbooks.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 讀取混合式 Runbook 背景工作角色資源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 取得 Azure 自動化作業Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 繼續 Azure 自動化作業Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自動化作業Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 取得 Azure 自動化作業串流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暫止 Azure 自動化作業Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 建立 Azure 自動化作業Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 取得作業的輸出Gets the output of a job
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Create and Manage Jobs using Automation Runbooks.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Job Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

自動化運算子Automation Operator

「自動化運算子」能夠啟動、停止、暫止及繼續作業Automation Operators are able to start, stop, suspend, and resume jobs

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read 讀取混合式 Runbook 背景工作角色資源Reads Hybrid Runbook Worker Resources
Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read 取得 Azure 自動化作業Gets an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action 繼續 Azure 自動化作業Resumes an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action 停止 Azure 自動化作業Stops an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read 取得 Azure 自動化作業串流Gets an Azure Automation job stream
Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action 暫止 Azure 自動化作業Suspends an Azure Automation job
Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write 建立 Azure 自動化作業Creates an Azure Automation job
Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read 取得 Azure 自動化作業排程Gets an Azure Automation job schedule
Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write 建立 Azure 自動化作業排程Creates an Azure Automation job schedule
Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read 取得連結至自動化帳戶的工作區Gets the workspace linked to the automation account
Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read 取得 Azure 自動化帳戶Gets an Azure Automation account
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 取得 Azure 自動化 RunbookGets an Azure Automation runbook
Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read 取得 Azure 自動化排程資產Gets an Azure Automation schedule asset
Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write 建立或更新 Azure 自動化排程資產Creates or updates an Azure Automation schedule asset
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read 取得作業的輸出Gets the output of a job
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Automation Operators are able to start, stop, suspend, and resume jobs",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
  "name": "d3881f73-407a-4167-8283-e981cbba0404",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
        "Microsoft.Automation/automationAccounts/jobs/read",
        "Microsoft.Automation/automationAccounts/jobs/resume/action",
        "Microsoft.Automation/automationAccounts/jobs/stop/action",
        "Microsoft.Automation/automationAccounts/jobs/streams/read",
        "Microsoft.Automation/automationAccounts/jobs/suspend/action",
        "Microsoft.Automation/automationAccounts/jobs/write",
        "Microsoft.Automation/automationAccounts/jobSchedules/read",
        "Microsoft.Automation/automationAccounts/jobSchedules/write",
        "Microsoft.Automation/automationAccounts/linkedWorkspace/read",
        "Microsoft.Automation/automationAccounts/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Automation/automationAccounts/schedules/read",
        "Microsoft.Automation/automationAccounts/schedules/write",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Automation/automationAccounts/jobs/output/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

自動化 Runbook 運算子Automation Runbook Operator

讀取 Runbook 屬性 - 以便能夠建立 Runbook 的作業。Read Runbook properties - to be able to create Jobs of the runbook.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read 取得 Azure 自動化 RunbookGets an Azure Automation runbook
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Read Runbook properties - to be able to create Jobs of the runbook.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Automation/automationAccounts/runbooks/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Automation Runbook Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Connected Machine 上線Azure Connected Machine Onboarding

可以讓 Azure Connected Machine 上線。Can onboard Azure Connected Machines.

動作Actions
Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read 讀取任何 Azure Arc 機器Read any Azure Arc machines
Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write 寫入 Azure Arc 機器Writes an Azure Arc machines
Microsoft.GuestConfiguration/guestConfigurationAssignments/readMicrosoft.GuestConfiguration/guestConfigurationAssignments/read 取得來賓組態指派。Get guest configuration assignment.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Onboarding",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Azure Connected Machine 資源管理員Azure Connected Machine Resource Administrator

可以讀取、寫入、刪除 Azure Connected Machine 及使之重新上線。Can read, write, delete and re-onboard Azure Connected Machines.

動作Actions
Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read 讀取任何 Azure Arc 機器Read any Azure Arc machines
Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write 寫入 Azure Arc 機器Writes an Azure Arc machines
Microsoft.HybridCompute/machines/deleteMicrosoft.HybridCompute/machines/delete 刪除 Azure Arc 機器Deletes an Azure Arc machines
Microsoft.HybridCompute/machines/reconnect/actionMicrosoft.HybridCompute/machines/reconnect/action 重新連接 Azure Arc 機器Reconnects an Azure Arc machines
Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write 安裝或更新 Azure Arc 擴充Installs or Updates an Azure Arc extensions
Microsoft.HybridCompute/*/readMicrosoft.HybridCompute/*/read
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can read, write, delete and re-onboard Azure Connected Machines.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
  "name": "cd570a14-e51a-42ad-bac8-bafd67325302",
  "permissions": [
    {
      "actions": [
        "Microsoft.HybridCompute/machines/read",
        "Microsoft.HybridCompute/machines/write",
        "Microsoft.HybridCompute/machines/delete",
        "Microsoft.HybridCompute/machines/reconnect/action",
        "Microsoft.HybridCompute/machines/extensions/write",
        "Microsoft.HybridCompute/*/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Azure Connected Machine Resource Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

帳單讀取器Billing Reader

允許對計費資料進行讀取存取Allows read access to billing data

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Billing/*/readMicrosoft.Billing/*/read 讀取帳單資訊Read Billing information
Microsoft.Commerce/*/readMicrosoft.Commerce/*/read
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to billing data",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Billing/*/read",
        "Microsoft.Commerce/*/read",
        "Microsoft.Consumption/*/read",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Billing Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

藍圖參與者Blueprint Contributor

可以管理藍圖定義,但不能加以指派。Can manage blueprint definitions, but not assign them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Blueprint/blueprints/*Microsoft.Blueprint/blueprints/* 建立和管理藍圖定義或藍圖成品。Create and manage blueprint definitions or blueprint artifacts.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can manage blueprint definitions, but not assign them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
  "name": "41077137-e803-4205-871c-5a86e6a753b4",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprints/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

藍圖操作員Blueprint Operator

可以指派現有已發佈的藍圖,但無法建立新的藍圖。Can assign existing published blueprints, but cannot create new blueprints. 請注意,只有在以使用者指派的受控識別來指派時才有效。Note that this only works if the assignment is done with a user-assigned managed identity.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Blueprint/blueprintAssignments/*Microsoft.Blueprint/blueprintAssignments/* 建立和管理藍圖指派。Create and manage blueprint assignments.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
  "name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Blueprint/blueprintAssignments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Blueprint Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

成本管理參與者Cost Management Contributor

可檢視成本和管理成本組態 (例如預算、匯出)Can view costs and manage cost configuration (e.g. budgets, exports)

動作Actions
Microsoft.Consumption/*Microsoft.Consumption/*
Microsoft.CostManagement/*Microsoft.CostManagement/*
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read 取得組態Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read 讀取建議Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
  "name": "434105ed-43f6-45c7-a02f-909b2ba83430",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*",
        "Microsoft.CostManagement/*",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

成本管理讀者Cost Management Reader

可檢視成本資料和組態 (例如預算、匯出)Can view cost data and configuration (e.g. budgets, exports)

動作Actions
Microsoft.Consumption/*/readMicrosoft.Consumption/*/read
Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read
Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read
Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read 取得訂用帳戶清單。Gets the list of subscriptions.
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read 取得組態Get configurations
Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read 讀取建議Reads recommendations
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Can view cost data and configuration (e.g. budgets, exports)",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
  "name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
  "permissions": [
    {
      "actions": [
        "Microsoft.Consumption/*/read",
        "Microsoft.CostManagement/*/read",
        "Microsoft.Billing/billingPeriods/read",
        "Microsoft.Resources/subscriptions/read",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "Microsoft.Advisor/configurations/read",
        "Microsoft.Advisor/recommendations/read",
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Cost Management Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

階層設定管理員Hierarchy Settings Administrator

允許使用者編輯和刪除階層設定Allows users to edit and delete Hierarchy Settings

動作Actions
Microsoft.Management/managementGroups/settings/writeMicrosoft.Management/managementGroups/settings/write 建立或更新管理群組階層設定。Creates or updates management group hierarchy settings.
Microsoft.Management/managementGroups/settings/deleteMicrosoft.Management/managementGroups/settings/delete 刪除管理群組階層設定。Deletes management group hierarchy settings.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows users to edit and delete Hierarchy Settings",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
  "name": "350f8d15-c687-4448-8ae1-157740a3936d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/settings/write",
        "Microsoft.Management/managementGroups/settings/delete"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Hierarchy Settings Administrator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

受控應用程式參與者角色Managed Application Contributor Role

允許建立受控應用程式資源。Allows for creating managed application resources.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Solutions/applications/*Microsoft.Solutions/applications/*
Microsoft.Solutions/register/actionMicrosoft.Solutions/register/action 向 Solutions 註冊。Register to Solutions.
Microsoft.Resources/subscriptions/resourceGroups/*Microsoft.Resources/subscriptions/resourceGroups/*
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows for creating managed application resources.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
  "name": "641177b8-a67a-45b9-a033-47bc880bb21e",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/*",
        "Microsoft.Solutions/register/action",
        "Microsoft.Resources/subscriptions/resourceGroups/*",
        "Microsoft.Resources/deployments/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Contributor Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

受控應用程式操作員角色Managed Application Operator Role

可讓您讀取受控應用程式資源及對其執行動作Lets you read and perform actions on Managed Application resources

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read 擷取應用程式清單。Retrieves a list of applications.
Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read and perform actions on Managed Application resources",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Solutions/applications/read",
        "Microsoft.Solutions/*/action"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Application Operator Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

受控應用程式讀者Managed Applications Reader

可讓您讀取受控應用程式中的資源及要求 JIT 存取權。Lets you read resources in a managed app and request JIT access.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you read resources in a managed app and request JIT access.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Solutions/jitRequests/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Applications Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

受控服務註冊指派刪除角色Managed Services Registration assignment Delete Role

「受控服務註冊指派刪除角色」可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.

動作Actions
Microsoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/read 取出受控服務註冊指派的清單。Retrieves a list of Managed Services registration assignments.
Microsoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationAssignments/delete 移除受控服務註冊指派。Removes Managed Services registration assignment.
Microsoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/operationStatuses/read 讀取資源的作業狀態。Reads the operation status for the resource.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
  "name": "91c1777a-f3dc-4fae-b103-61d183457e46",
  "permissions": [
    {
      "actions": [
        "Microsoft.ManagedServices/registrationAssignments/read",
        "Microsoft.ManagedServices/registrationAssignments/delete",
        "Microsoft.ManagedServices/operationStatuses/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Managed Services Registration assignment Delete Role",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

管理群組參與者Management Group Contributor

管理群組參與者角色Management Group Contributor Role

動作Actions
Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete 刪除管理群組。Delete management group.
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete 從管理群組中取消訂用帳戶的關聯。De-associates subscription from the management group.
Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write 將現有的訂用帳戶關聯至管理群組。Associates existing subscription with the management group.
Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write 建立或更新管理群組。Create or update a management group.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Contributor Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/delete",
        "Microsoft.Management/managementGroups/read",
        "Microsoft.Management/managementGroups/subscriptions/delete",
        "Microsoft.Management/managementGroups/subscriptions/write",
        "Microsoft.Management/managementGroups/write"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

管理群組讀者Management Group Reader

管理群組讀者角色Management Group Reader Role

動作Actions
Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read 列出已驗證之使用者的管理群組。List management groups for the authenticated user.
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Management Group Reader Role",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
  "name": "ac63b705-f282-497d-ac71-919bf39d939d",
  "permissions": [
    {
      "actions": [
        "Microsoft.Management/managementGroups/read"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Management Group Reader",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

New Relic APM 帳戶參與者New Relic APM Account Contributor

可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法存取它們。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NewRelic.APM/accounts/*NewRelic.APM/accounts/*
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
  "name": "5d28c62d-5b37-4476-8438-e587778df237",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Support/*",
        "NewRelic.APM/accounts/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "New Relic APM Account Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

原則深入解析資料寫入者 (預覽)Policy Insights Data Writer (Preview)

允許讀取資源原則及寫入資源元件原則事件。Allows read access to resource policies and write access to resource component policy events.

動作Actions
Microsoft.Authorization/policyassignments/readMicrosoft.Authorization/policyassignments/read 取得關於原則指派的資訊。Get information about a policy assignment.
Microsoft.Authorization/policydefinitions/readMicrosoft.Authorization/policydefinitions/read 取得關於原則定義的資訊。Get information about a policy definition.
Microsoft.Authorization/policysetdefinitions/readMicrosoft.Authorization/policysetdefinitions/read 取得原則集合定義的相關資訊。Get information about a policy set definition.
NotActionsNotActions
none
DataActionsDataActions
Microsoft.PolicyInsights/checkDataPolicyCompliance/actionMicrosoft.PolicyInsights/checkDataPolicyCompliance/action 根據資料原則檢查給定元件的合規性狀態。Check the compliance status of a given component against data policies.
Microsoft.PolicyInsights/policyEvents/logDataEvents/actionMicrosoft.PolicyInsights/policyEvents/logDataEvents/action 記錄資源元件原則事件。Log the resource component policy events.
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Allows read access to resource policies and write access to resource component policy events.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/policyassignments/read",
        "Microsoft.Authorization/policydefinitions/read",
        "Microsoft.Authorization/policysetdefinitions/read"
      ],
      "notActions": [],
      "dataActions": [
        "Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
        "Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
      ],
      "notDataActions": []
    }
  ],
  "roleName": "Policy Insights Data Writer (Preview)",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

資源原則參與者Resource Policy Contributor

有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.

動作Actions
*/read*/read 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets.
Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* 建立及管理原則指派Create and manage policy assignments
Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* 建立及管理原則定義Create and manage policy definitions
Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* 建立及管理原則集合Create and manage policy sets
Microsoft.PolicyInsights/*Microsoft.PolicyInsights/*
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
  "name": "36243c78-bf99-498c-9df9-86d9f8d28608",
  "permissions": [
    {
      "actions": [
        "*/read",
        "Microsoft.Authorization/policyassignments/*",
        "Microsoft.Authorization/policydefinitions/*",
        "Microsoft.Authorization/policysetdefinitions/*",
        "Microsoft.PolicyInsights/*",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Resource Policy Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Site Recovery 參與者Site Recovery Contributor

可讓您管理 Site Recovery 服務,但無法建立保存庫和指派角色Lets you manage Site Recovery service except vault creation and role assignment

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服務所使用的內部作業AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write 「更新資源憑證」作業會更新資源/保存庫的認證憑證。The Update Resource Certificate operation updates the resource/vault credential certificate.
Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* 建立和管理與保存庫相關的擴充資訊Create and manage extended info related to vault
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* 建立和管理註冊的身分識別Create and manage registered identities
Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* 建立或更新複寫警示設定Create or Update replication alert settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 讀取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* 建立和管理複寫網狀架構Create and manage replication fabrics
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 建立和管理複寫作業Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* 建立和管理複寫原則Create and manage replication policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* 建立和管理復原計劃Create and manage recovery plans
Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* 建立和管理復原服務保存庫的儲存體設定Create and manage storage configuration of Recovery Services vault
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read 「保存庫權杖」作業可用來取得保存庫層級後端作業的保存庫權杖。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 讀取復原服務保存庫的警示Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.RecoveryServices/vaults/replicationOperationStatus/readMicrosoft.RecoveryServices/vaults/replicationOperationStatus/read 讀取任何保存庫複寫作業狀態Read any Vault Replication Operation Status
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you manage Site Recovery service except vault creation and role assignment",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/locations/allocateStamp/action",
        "Microsoft.RecoveryServices/Vaults/certificates/write",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/*",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/*",
        "Microsoft.RecoveryServices/vaults/replicationJobs/*",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/*",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
        "Microsoft.RecoveryServices/Vaults/storageConfig/*",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Contributor",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Site Recovery 操作員Site Recovery Operator

可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業Lets you failover and failback but not perform other Site Recovery management operations

動作Actions
Microsoft.Authorization/*/readMicrosoft.Authorization/*/read 讀取角色和角色指派Read roles and role assignments
Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* 建立和管理傳統計量警示Create and manage a classic metric alert
Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read 取得虛擬網路定義Get the virtual network definition
Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service
Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action AllocateStamp 是服務所使用的內部作業AllocateStamp is internal operation used by service
Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault?
Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault'
Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read
Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation
Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource.
Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read 讀取任何警示設定Read any Alerts Settings
Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read 讀取任何事件Read any Events
Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action 檢查網狀架構的一致性Checks Consistency of the Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read 讀取任何網狀架構Read any Fabrics
Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action 重新關聯閘道Reassociate Gateway
Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action 更新網狀架構的憑證Renew Certificate for Fabric
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read 讀取任何網路Read any Networks
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read 讀取任何網路對應Read any Network Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read 讀取任何保護容器Read any Protection Containers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read 讀取任何可保護的項目Read any Protectable Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action 套用復原點Apply Recovery Point
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action 容錯移轉認可Failover Commit
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action 計劃性容錯移轉Planned Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read 讀取任何受保護的項目Read any Protected Items
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read 讀取任何複寫復原點Read any Replication Recovery Points
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action 修復複寫Repair replication
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action 重新保護受保護的項目ReProtect Protected Item
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action 切換保護容器Switch Protection Container
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action Test FailoverTest Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action 測試容錯移轉清理Test Failover Cleanup
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action 容錯移轉Failover
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action 更新行動服務Update Mobility Service
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read 讀取任何保護容器對應Read any Protection Container Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read 讀取任何復原服務提供者Read any Recovery Services Providers
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action 重新整理提供者Refresh Provider
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read 讀取任何存放裝置分類Read any Storage Classifications
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read 讀取任何存放裝置分類對應Read any Storage Classification Mappings
Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read 讀取任何 vCenterRead any vCenters
Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* 建立和管理複寫作業Create and manage replication jobs
Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read 讀取任何原則Read any Policies
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action 容錯移轉認可復原方案Failover Commit Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action 計劃性容錯移轉復原方案Planned Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read 讀取任何復原方案Read any Recovery Plans
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action 重新保護復原方案ReProtect Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action 測試容錯移轉復原方案Test Failover Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action 測試容錯移轉清理復原方案Test Failover Cleanup Recovery Plan
Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action 容錯移轉復原方案Failover Recovery Plan
Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* 讀取復原服務保存庫的警示Read alerts for the Recovery services vault
Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read
Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read
Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read
Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault.
Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read 「保存庫權杖」作業可用來取得保存庫層級後端作業的保存庫權杖。The Vault Token operation can be used to get Vault Token for vault level backend operations.
Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope
Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* 建立和管理部署Create and manage a deployment
Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read 取得或列出資源群組。Gets or lists resource groups.
Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account.
Microsoft.Support/*Microsoft.Support/* 建立和更新支援票證Create and update a support ticket
NotActionsNotActions
none
DataActionsDataActions
none
NotDataActionsNotDataActions
none
{
  "assignableScopes": [
    "/"
  ],
  "description": "Lets you failover and failback but not perform other Site Recovery management operations",
  "id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
  "name": "494ae006-db33-4328-bf46-533a6560a3ca",
  "permissions": [
    {
      "actions": [
        "Microsoft.Authorization/*/read",
        "Microsoft.Insights/alertRules/*",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.RecoveryServices/locations/allocatedStamp/read",
        "Microsoft.RecoveryServices/locations/allocateStamp/action",
        "Microsoft.RecoveryServices/Vaults/extendedInformation/read",
        "Microsoft.RecoveryServices/Vaults/read",
        "Microsoft.RecoveryServices/Vaults/refreshContainers/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
        "Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
        "Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
        "Microsoft.RecoveryServices/vaults/replicationEvents/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
        "Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
        "Microsoft.RecoveryServices/vaults/replicationJobs/*",
        "Microsoft.RecoveryServices/vaults/replicationPolicies/read",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
        "Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
        "Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
        "Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
        "Microsoft.RecoveryServices/Vaults/storageConfig/read",
        "Microsoft.RecoveryServices/Vaults/tokenInfo/read",
        "Microsoft.RecoveryServices/Vaults/usages/read",
        "Microsoft.RecoveryServices/Vaults/vaultTokens/read",
        "Microsoft.ResourceHealth/availabilityStatuses/read",
        "Microsoft.Resources/deployments/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Storage/storageAccounts/read",
        "Microsoft.Support/*"
      ],
      "notActions": [],
      "dataActions": [],
      "notDataActions": []
    }
  ],
  "roleName": "Site Recovery Operator",
  "roleType": "BuiltInRole",
  "type": "Microsoft.Authorization/roleDefinitions"
}

Site Recovery 讀取者Site Recovery Reader

可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業Lets you view Site Recovery status but not perform other management operations

動作