Azure 內建角色Azure built-in roles
Azure 角色型存取控制 (RBAC) 有數個 Azure 內建角色,可供您指派給使用者、群組、服務主體和受控身分識別。Azure role-based access control (Azure RBAC) has several Azure built-in roles that you can assign to users, groups, service principals, and managed identities. 角色指派是您控制 Azure 資源存取權的方式。Role assignments are the way you control access to Azure resources. 如果內建的角色無法滿足您組織的特定需求,您可以建立自己的 Azure 自訂角色。If the built-in roles don't meet the specific needs of your organization, you can create your own Azure custom roles.
本文列出的 Azure 內建角色不斷演變。This article lists the Azure built-in roles, which are always evolving. 若要取得最新角色,請使用 Get-AzRoleDefinition 或 az role definition list。To get the latest roles, use Get-AzRoleDefinition or az role definition list. 如果要尋找 Azure Active Directory (Azure AD) 的管理員角色,請參閱 Azure Active Directory 中的管理員角色權限。If you are looking for administrator roles for Azure Active Directory (Azure AD), see Administrator role permissions in Azure Active Directory.
全部All
下表提供每個內建角色的簡短說明和唯一識別碼。The following table provides a brief description and the unique ID of each built-in role. 請選取角色名稱,以查看每個角色的 Actions、NotActions、DataActions 及 NotDataActions 清單。Select the role name to see the list of Actions, NotActions, DataActions, and NotDataActions for each role. 如需這些動作的意義及其如何套用至管理和資料平面的相關資訊,請參閱了解 Azure 角色定義。For information about what these actions mean and how they apply to the management and data planes, see Understand Azure role definitions.
| 內建角色Built-in role | 描述Description | IDID |
|---|---|---|
| 一般General | ||
| 參與者Contributor | 可讓您管理一切,但授與對資源的存取除外。Lets you manage everything except granting access to resources. | b24988ac-6180-42a0-ab88-20f7382dd24cb24988ac-6180-42a0-ab88-20f7382dd24c |
| 擁有者Owner | 可讓您管理一切,包括對資源的存取。Lets you manage everything, including access to resources. | 8e3af657-a8ff-443c-a75c-2fe8c4bcb6358e3af657-a8ff-443c-a75c-2fe8c4bcb635 |
| 讀取者Reader | 可讓您檢視所有項目,但是無法進行變更。Lets you view everything, but not make any changes. | acdd72a7-3385-48ef-bd42-f606fba81ae7acdd72a7-3385-48ef-bd42-f606fba81ae7 |
| 使用者存取系統管理員User Access Administrator | 可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources. | 18d7d88d-d35e-4fb5-a5c3-7773c20a72d918d7d88d-d35e-4fb5-a5c3-7773c20a72d9 |
| 計算Compute | ||
| 傳統虛擬機器參與者Classic Virtual Machine Contributor | 可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | d73bb868-a0df-4d4d-bd69-98a00b01fccbd73bb868-a0df-4d4d-bd69-98a00b01fccb |
| 虛擬機器系統管理員登入Virtual Machine Administrator Login | 在入口網站中檢視虛擬機器並以系統管理員身分登入View Virtual Machines in the portal and login as administrator | 1c0163c0-47e6-4577-8991-ea5c82e286e41c0163c0-47e6-4577-8991-ea5c82e286e4 |
| 虛擬機器參與者Virtual Machine Contributor | 可讓您管理虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to. | 9980e02c-c2be-4d73-94e8-173b1dc7cf3c9980e02c-c2be-4d73-94e8-173b1dc7cf3c |
| 虛擬機器使用者登入Virtual Machine User Login | 在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user. | fb879df8-f326-4884-b1cf-06f3ad86be52fb879df8-f326-4884-b1cf-06f3ad86be52 |
| 網路功能Networking | ||
| CDN 端點參與者CDN Endpoint Contributor | 可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users. | 426e0c7f-0c7e-4658-b36f-ff54d6c29b45426e0c7f-0c7e-4658-b36f-ff54d6c29b45 |
| CDN 端點讀者CDN Endpoint Reader | 可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes. | 871e35f6-b5c1-49cc-a043-bde969a0f2cd871e35f6-b5c1-49cc-a043-bde969a0f2cd |
| CDN 設定檔參與者CDN Profile Contributor | 可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users. | ec156ff8-a8d1-4d15-830c-5b80698ca432ec156ff8-a8d1-4d15-830c-5b80698ca432 |
| CDN 設定檔讀者CDN Profile Reader | 可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes. | 8f96442b-4075-438f-813d-ad51ab4019af8f96442b-4075-438f-813d-ad51ab4019af |
| 傳統網路參與者Classic Network Contributor | 可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them. | b34d265f-36f7-4a0d-a4d4-e158ca92e90fb34d265f-36f7-4a0d-a4d4-e158ca92e90f |
| DNS 區域參與者DNS Zone Contributor | 可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them. | befefa01-2a29-4197-83a8-272ff33ce314befefa01-2a29-4197-83a8-272ff33ce314 |
| 網路參與者Network Contributor | 可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them. | 4d97b98b-1d4f-4787-a291-c67834d212e74d97b98b-1d4f-4787-a291-c67834d212e7 |
| 流量管理員參與者Traffic Manager Contributor | 可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them. | a4b10055-b0c7-44c2-b00f-c7b5b3550cf7a4b10055-b0c7-44c2-b00f-c7b5b3550cf7 |
| StorageStorage | ||
| Avere 參與者Avere Contributor | 可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster. | 4f8fab4f-1852-4a58-a46a-8eaf358af14a4f8fab4f-1852-4a58-a46a-8eaf358af14a |
| Avere 操作員Avere Operator | 供 Avere vFXT 叢集用來管理叢集Used by the Avere vFXT cluster to manage the cluster | c025889f-8102-4ebf-b32c-fc0c6f0c6bd9c025889f-8102-4ebf-b32c-fc0c6f0c6bd9 |
| 備份參與者Backup Contributor | 可讓您管理備份服務,但無法建立保存庫及授與存取權給其他人Lets you manage backup service, but can't create vaults and give access to others | 5e467623-bb1f-42f4-a55d-6e525e11384b5e467623-bb1f-42f4-a55d-6e525e11384b |
| 備份操作員Backup Operator | 可讓您管理備份服務,但無法移除備份、建立保存庫及為其他人提供存取權Lets you manage backup services, except removal of backup, vault creation and giving access to others | 00c29273-979b-4161-815c-10b084fb932400c29273-979b-4161-815c-10b084fb9324 |
| 備份讀取者Backup Reader | 可以檢視備份服務,但無法進行變更Can view backup services, but can't make changes | a795c7a0-d4a2-40c1-ae25-d81f01202912a795c7a0-d4a2-40c1-ae25-d81f01202912 |
| 傳統儲存體帳戶參與者Classic Storage Account Contributor | 可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them. | 86e8f5dc-a6e9-4c67-9d15-de283e8eac2586e8f5dc-a6e9-4c67-9d15-de283e8eac25 |
| 傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role | 「傳統儲存體帳戶金鑰操作員」可以列出及重新產生「傳統儲存體帳戶」的金鑰Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts | 985d6b00-f706-48f5-a6fe-d0ca12fb668d985d6b00-f706-48f5-a6fe-d0ca12fb668d |
| 資料箱參與者Data Box Contributor | 可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others. | add466c9-e687-43fc-8d98-dfcf8d720be5add466c9-e687-43fc-8d98-dfcf8d720be5 |
| 資料箱讀者Data Box Reader | 可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others. | 028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027 |
| Data Lake Analytics 開發人員Data Lake Analytics Developer | 可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts. | 47b7735b-770e-4598-a7da-8b91488b4c8847b7735b-770e-4598-a7da-8b91488b4c88 |
| 讀取者及資料存取Reader and Data Access | 可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys. | c12c1c16-33a1-487b-954d-41c89c60f349c12c1c16-33a1-487b-954d-41c89c60f349 |
| 儲存體帳戶參與者Storage Account Contributor | 允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization. | 17d1049b-9a84-46fb-8f53-869881c3d3ab17d1049b-9a84-46fb-8f53-869881c3d3ab |
| 儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role | 允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys. | 81a9662b-bebf-436f-a333-f67b29880f1281a9662b-bebf-436f-a333-f67b29880f12 |
| 儲存體 Blob 資料參與者Storage Blob Data Contributor | 讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | ba92f5b4-2d11-453d-a403-e96b0029c9feba92f5b4-2d11-453d-a403-e96b0029c9fe |
| 儲存體 Blob 資料擁有者Storage Blob Data Owner | 支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | b7e6dc6d-f1e8-4753-8033-0f276bb0955bb7e6dc6d-f1e8-4753-8033-0f276bb0955b |
| 儲存體 Blob 資料讀者Storage Blob Data Reader | 讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 2a2b9908-6ea1-4ae2-8e65-a410df84e7d12a2b9908-6ea1-4ae2-8e65-a410df84e7d1 |
| 儲存體 Blob 委派者Storage Blob Delegator | 取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SAS。For more information, see Create a user delegation SAS. | db58b8e5-c6ad-4a2a-8342-4190687cbf4adb58b8e5-c6ad-4a2a-8342-4190687cbf4a |
| 儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor | 允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers. | 0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb |
| 儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor | 允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers. | a7264617-510b-434b-a828-9731dc254ea7a7264617-510b-434b-a828-9731dc254ea7 |
| 儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader | 允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers. | aba4ae5f-2193-4029-9191-0cb91df5e314aba4ae5f-2193-4029-9191-0cb91df5e314 |
| 儲存體佇列資料參與者Storage Queue Data Contributor | 讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 974c5e8b-45b9-4653-ba55-5f855dd0fb88974c5e8b-45b9-4653-ba55-5f855dd0fb88 |
| 儲存體佇列資料訊息處理者Storage Queue Data Message Processor | 從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 8a0f0c08-91a1-4084-bc3d-661d67233fed8a0f0c08-91a1-4084-bc3d-661d67233fed |
| 儲存體佇列資料訊息傳送者Storage Queue Data Message Sender | 將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | c6a89b2d-59bc-44d0-9896-0f6e12d7b80ac6a89b2d-59bc-44d0-9896-0f6e12d7b80a |
| 儲存體佇列資料讀者Storage Queue Data Reader | 讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations. | 19e7f393-937e-4f77-808e-94535e29792519e7f393-937e-4f77-808e-94535e297925 |
| WebWeb | ||
| Azure 地圖服務資料讀者Azure Maps Data Reader | 授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account. | 423170ca-a8f6-4b0f-8487-9e4eb8f49bfa423170ca-a8f6-4b0f-8487-9e4eb8f49bfa |
| 搜尋服務參與者Search Service Contributor | 可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them. | 7ca78c08-252a-4471-8644-bb5ff32d4ba07ca78c08-252a-4471-8644-bb5ff32d4ba0 |
| Web 方案參與者Web Plan Contributor | 可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them. | 2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b |
| 網站參與者Website Contributor | 可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them. | de139f84-1756-47ae-9be6-808fbbe84772de139f84-1756-47ae-9be6-808fbbe84772 |
| 容器Containers | ||
| AcrDeleteAcrDelete | acr 刪除acr delete | c2f4ef07-c644-48eb-af81-4b1b4947fb11c2f4ef07-c644-48eb-af81-4b1b4947fb11 |
| AcrImageSignerAcrImageSigner | ACR 影像簽署者acr image signer | 6cef56e8-d556-48e5-a04f-b8e64114680f6cef56e8-d556-48e5-a04f-b8e64114680f |
| AcrPullAcrPull | acr 提取acr pull | 7f951dda-4ed3-4680-a7ca-43fe172d538d7f951dda-4ed3-4680-a7ca-43fe172d538d |
| AcrPushAcrPush | acr 推送acr push | 8311e382-0749-4cb8-b61a-304f252e45ec8311e382-0749-4cb8-b61a-304f252e45ec |
| AcrQuarantineReaderAcrQuarantineReader | ACR 隔離資料讀取者acr quarantine data reader | cdda3590-29a3-44f6-95f2-9f980659eb04cdda3590-29a3-44f6-95f2-9f980659eb04 |
| AcrQuarantineWriterAcrQuarantineWriter | ACR 隔離資料寫入者acr quarantine data writer | c8d4ff99-41c3-41a8-9f60-21dfdad59608c8d4ff99-41c3-41a8-9f60-21dfdad59608 |
| Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role | 列出叢集管理員認證動作。List cluster admin credential action. | 0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be80ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8 |
| Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role | 列出叢集使用者認證動作。List cluster user credential action. | 4abbcc35-e782-43d8-92c5-2d3f1bd2253f4abbcc35-e782-43d8-92c5-2d3f1bd2253f |
| 資料庫Databases | ||
| Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role | 可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts. | fbdf93bf-df7d-467e-a4d2-9458aa1360c8fbdf93bf-df7d-467e-a4d2-9458aa1360c8 |
| Cosmos DB 操作員Cosmos DB Operator | 可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings. | 230815da-be43-4aae-9cb4-875f7bd000aa230815da-be43-4aae-9cb4-875f7bd000aa |
| CosmosBackupOperatorCosmosBackupOperator | 可為帳戶的 Cosmos DB 資料庫或容器提交還原要求Can submit restore request for a Cosmos DB database or a container for an account | db7b14f2-5adf-42da-9f96-f2ee17bab5cbdb7b14f2-5adf-42da-9f96-f2ee17bab5cb |
| DocumentDB 帳戶參與者DocumentDB Account Contributor | 可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB. | 5bd9cd88-fe45-4216-938b-f97437e154505bd9cd88-fe45-4216-938b-f97437e15450 |
| Redis 快取參與者Redis Cache Contributor | 可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them. | e0f68234-74aa-48ed-b826-c38b57376e17e0f68234-74aa-48ed-b826-c38b57376e17 |
| SQL DB 參與者SQL DB Contributor | 可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers. | 9b7fa17d-e63e-47b0-bb0a-15c516ac86ec9b7fa17d-e63e-47b0-bb0a-15c516ac86ec |
| SQL 受控執行個體參與者SQL Managed Instance Contributor | 可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others. | 4939a1f6-9ae0-4e48-a1e0-f2cbe897382d4939a1f6-9ae0-4e48-a1e0-f2cbe897382d |
| SQL 安全性管理員SQL Security Manager | 可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them. | 056cd41c-7e88-42e1-933e-88ba6a50c9c3056cd41c-7e88-42e1-933e-88ba6a50c9c3 |
| SQL Server 參與者SQL Server Contributor | 可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies. | 6d8ee4ec-f05a-4a1d-8b00-a9b17e38b4376d8ee4ec-f05a-4a1d-8b00-a9b17e38b437 |
| 分析Analytics | ||
| Azure 事件中樞資料擁有者Azure Event Hubs Data Owner | 允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources. | f526a384-b230-433a-b45c-95f59c4a2decf526a384-b230-433a-b45c-95f59c4a2dec |
| Azure 事件中樞資料接收者Azure Event Hubs Data Receiver | 允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources. | a638d3c7-ab3a-418d-83e6-5f17a39d4fdea638d3c7-ab3a-418d-83e6-5f17a39d4fde |
| Azure 事件中樞資料傳送者Azure Event Hubs Data Sender | 允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources. | 2b629674-e913-4c01-ae53-ef4638d8f9752b629674-e913-4c01-ae53-ef4638d8f975 |
| Data Factory 參與者Data Factory Contributor | 建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them. | 673868aa-7521-48a0-acc6-0f60742d39f5673868aa-7521-48a0-acc6-0f60742d39f5 |
| 資料清除者Data Purger | 可清除分析資料Can purge analytics data | 150f5e0c-0603-4f03-8c7f-cf70034c4e90150f5e0c-0603-4f03-8c7f-cf70034c4e90 |
| HDInsight 叢集操作員HDInsight Cluster Operator | 可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations. | 61ed4efc-fab3-44fd-b111-e24485cc132a61ed4efc-fab3-44fd-b111-e24485cc132a |
| HDInsight 網域服務參與者HDInsight Domain Services Contributor | 可讀取、建立、修改和刪除 HDInsight 企業安全性套件所需的網域服務相關作業Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package | 8d8d5a11-05d3-4bda-a417-a08778121c7c8d8d5a11-05d3-4bda-a417-a08778121c7c |
| Log Analytics 參與者Log Analytics Contributor | 「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources. | 92aaf0da-9dab-42b6-94a3-d43ce8d1629392aaf0da-9dab-42b6-94a3-d43ce8d16293 |
| Log Analytics 讀者Log Analytics Reader | 「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources. | 73c42c96-874c-492b-b04d-ab87d138a89373c42c96-874c-492b-b04d-ab87d138a893 |
| 區塊鏈Blockchain | ||
| 區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview) | 允許存取區塊鏈成員節點Allows for access to Blockchain Member nodes | 31a002a1-acaf-453e-8a5b-297c9ca1ea2431a002a1-acaf-453e-8a5b-297c9ca1ea24 |
| AI + 機器學習AI + machine learning | ||
| 認知服務參與者Cognitive Services Contributor | 可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services. | 25fbc0a9-bd7c-42a3-aa1a-3b75d497ee6825fbc0a9-bd7c-42a3-aa1a-3b75d497ee68 |
| 認知服務資料讀者 (預覽)Cognitive Services Data Reader (Preview) | 可讓您讀取認知服務資料。Lets you read Cognitive Services data. | b59867f0-fa02-499b-be73-45a86b5b3e1cb59867f0-fa02-499b-be73-45a86b5b3e1c |
| 認知服務使用者Cognitive Services User | 可讓您讀取和列出認知服務的金鑰。Lets you read and list keys of Cognitive Services. | a97b65f3-24c7-4388-baec-2e87135dc908a97b65f3-24c7-4388-baec-2e87135dc908 |
| 混合實境Mixed reality | ||
| 空間錨點帳戶參與者Spatial Anchors Account Contributor | 可讓您管理帳戶中的空間錨點,但無法刪除Lets you manage spatial anchors in your account, but not delete them | 8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c8278bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827 |
| 空間錨點帳戶擁有者Spatial Anchors Account Owner | 可讓您管理帳戶中的空間錨點,包含刪除Lets you manage spatial anchors in your account, including deleting them | 70bbe301-9835-447d-afdd-19eb3167307c70bbe301-9835-447d-afdd-19eb3167307c |
| 空間錨點帳戶讀者Spatial Anchors Account Reader | 可讓您尋找和讀取帳戶中空間錨點的屬性Lets you locate and read properties of spatial anchors in your account | 5d51204f-eb77-4b1c-b86a-2ec626c494135d51204f-eb77-4b1c-b86a-2ec626c49413 |
| 整合Integration | ||
| API 管理服務參與者API Management Service Contributor | 可管理服務與 APICan manage service and the APIs | 312a565d-c81f-4fd8-895a-4e21e48d571c312a565d-c81f-4fd8-895a-4e21e48d571c |
| API 管理服務操作員角色API Management Service Operator Role | 可管理服務,但無法管理 APICan manage service but not the APIs | e022efe7-f5ba-4159-bbe4-b44f577e9b61e022efe7-f5ba-4159-bbe4-b44f577e9b61 |
| API 管理服務讀取者角色API Management Service Reader Role | 具有服務與 API 的唯讀存取權Read-only access to service and APIs | 71522526-b88f-4d52-b57f-d31fc3546d0d71522526-b88f-4d52-b57f-d31fc3546d0d |
| 應用程式組態資料擁有者App Configuration Data Owner | 允許完整存取應用程式組態資料。Allows full access to App Configuration data. | 5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b |
| 應用程式組態資料讀者App Configuration Data Reader | 允許讀取應用程式組態資料。Allows read access to App Configuration data. | 516239f1-63e1-4d78-a4de-a74fb236a071516239f1-63e1-4d78-a4de-a74fb236a071 |
| Azure 服務匯流排資料擁有者Azure Service Bus Data Owner | 允許完整存取 Azure 服務匯流排資源。Allows for full access to Azure Service Bus resources. | 090c5cfd-751d-490a-894a-3ce6f1109419090c5cfd-751d-490a-894a-3ce6f1109419 |
| Azure 服務匯流排資料接收者Azure Service Bus Data Receiver | 允許接收 Azure 服務匯流排資源。Allows for receive access to Azure Service Bus resources. | 4f6d3b9b-027b-4f4c-9142-0e5a2a2247e04f6d3b9b-027b-4f4c-9142-0e5a2a2247e0 |
| Azure 服務匯流排資料傳送者Azure Service Bus Data Sender | 允許傳送 Azure 服務匯流排資源。Allows for send access to Azure Service Bus resources. | 69a216fc-b8fb-44d8-bc22-1f3c2cd27a3969a216fc-b8fb-44d8-bc22-1f3c2cd27a39 |
| Azure Stack 註冊擁有者Azure Stack Registration Owner | 可讓您管理 Azure Stack 註冊。Lets you manage Azure Stack registrations. | 6f12a6df-dd06-4f3e-bcb1-ce8be600526a6f12a6df-dd06-4f3e-bcb1-ce8be600526a |
| EventGrid EventSubscription 參與者EventGrid EventSubscription Contributor | 可讓您管理 EventGrid 事件訂用帳戶作業。Lets you manage EventGrid event subscription operations. | 428e0ff0-5e57-4d9c-a221-2c70d0e0a443428e0ff0-5e57-4d9c-a221-2c70d0e0a443 |
| EventGrid EventSubscription 讀者EventGrid EventSubscription Reader | 可讓您讀取 EventGrid 事件訂用帳戶。Lets you read EventGrid event subscriptions. | 2414bbcf-6497-4faf-8c65-0454607484052414bbcf-6497-4faf-8c65-045460748405 |
| Intelligent Systems 帳戶參與者Intelligent Systems Account Contributor | 可讓您管理「智慧型系統」帳戶,但無法存取它們。Lets you manage Intelligent Systems accounts, but not access to them. | 03a6d094-3444-4b3d-88af-7477090a9e5e03a6d094-3444-4b3d-88af-7477090a9e5e |
| 邏輯應用程式參與者Logic App Contributor | 可讓您管理邏輯應用程式,但無法變更對邏輯應用程式的存取。Lets you manage logic apps, but not change access to them. | 87a39d53-fc1b-424a-814c-f7e04687dc9e87a39d53-fc1b-424a-814c-f7e04687dc9e |
| 邏輯應用程式操作員Logic App Operator | 可讓您讀取、啟用及停用邏輯應用程式,但無法編輯或更新邏輯應用程式。Lets you read, enable, and disable logic apps, but not edit or update them. | 515c2055-d9d4-4321-b1b9-bd0c9a0f79fe515c2055-d9d4-4321-b1b9-bd0c9a0f79fe |
| 身分識別Identity | ||
| 受控身分識別參與者Managed Identity Contributor | 建立、讀取、更新及刪除使用者指派的身分識別Create, Read, Update, and Delete User Assigned Identity | e40ec5ca-96e0-45a2-b4ff-59039f2c2b59e40ec5ca-96e0-45a2-b4ff-59039f2c2b59 |
| 受控身分識別操作員Managed Identity Operator | 讀取及指派使用者指派的身分識別Read and Assign User Assigned Identity | f1a07417-d97a-45cb-824c-7a7467783830f1a07417-d97a-45cb-824c-7a7467783830 |
| 安全性Security | ||
| Azure Sentinel 參與者Azure Sentinel Contributor | Azure Sentinel 參與者Azure Sentinel Contributor | ab8e14d6-4a74-4a29-9ba8-549422addadeab8e14d6-4a74-4a29-9ba8-549422addade |
| Azure Sentinel 讀者Azure Sentinel Reader | Azure Sentinel 讀者Azure Sentinel Reader | 8d289c81-5878-46d4-8554-54e1e3d8b5cb8d289c81-5878-46d4-8554-54e1e3d8b5cb |
| Azure Sentinel 回應者Azure Sentinel Responder | Azure Sentinel 回應者Azure Sentinel Responder | 3e150937-b8fe-4cfb-8069-0eaf05ecd0563e150937-b8fe-4cfb-8069-0eaf05ecd056 |
| Key Vault 參與者Key Vault Contributor | 可讓您管理金鑰保存庫,但無法存取它們。Lets you manage key vaults, but not access to them. | f25e0fa2-a7c8-4377-a976-54943a77a395f25e0fa2-a7c8-4377-a976-54943a77a395 |
| 安全性系統管理員Security Admin | 資訊安全中心的檢視和更新權限。View and update permissions for Security Center. 與「安全性讀者」角色的權限相同,還可以更新安全性原則及關閉警示和建議。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations. | fb1c8493-542b-48eb-b624-b4c8fea62acdfb1c8493-542b-48eb-b624-b4c8fea62acd |
| 安全性評量參與者Security Assessment Contributor | 可讓您將評量推送至資訊安全中心Lets you push assessments to Security Center | 612c2aa1-cb24-443b-ac28-3ab7272de6f5612c2aa1-cb24-443b-ac28-3ab7272de6f5 |
| 安全性管理員 (舊版)Security Manager (Legacy) | 此為舊版角色。This is a legacy role. 請改用「安全性系統管理員」。Please use Security Admin instead. | e3d13bf0-dd5a-482e-ba6b-9b8433878d10e3d13bf0-dd5a-482e-ba6b-9b8433878d10 |
| 安全性讀取者Security Reader | 資訊安全中心的檢視權限。View permissions for Security Center. 可以檢視建議、警示、安全性原則和安全性狀態,但無法變更。Can view recommendations, alerts, a security policy, and security states, but cannot make changes. | 39bc4728-0917-49c7-9d2c-d95423bc2eb439bc4728-0917-49c7-9d2c-d95423bc2eb4 |
| DevOpsDevOps | ||
| DevTest Labs 使用者DevTest Labs User | 可讓您連線、啟動、重新啟及關閉您 Azure DevTest Labs 中的虛擬機器。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs. | 76283e04-6283-4c54-8f91-bcf1374a3c6476283e04-6283-4c54-8f91-bcf1374a3c64 |
| 實驗室建立者Lab Creator | 可讓您在「Azure 實驗室帳戶」下建立、管理、刪除您的受控實驗室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts. | b97fb8bc-a8b2-4522-a38b-dd33c7e65eadb97fb8bc-a8b2-4522-a38b-dd33c7e65ead |
| 監視Monitor | ||
| Application Insights 元件參與者Application Insights Component Contributor | 可以管理 Application Insights 元件Can manage Application Insights components | ae349356-3a1b-4a5e-921d-050484c6347eae349356-3a1b-4a5e-921d-050484c6347e |
| Application Insights 快照集偵錯工具Application Insights Snapshot Debugger | 給予使用者權限,以便檢視及下載使用 Application Insights 快照偵錯工具所收集的偵錯快照。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 請注意,擁有者或參與者角色未包含這些權限。Note that these permissions are not included in the Owner or Contributor roles. 將 Application Insights 快照偵錯者角色指派給使用者時,您必須直接將此角色授與使用者。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 此角色若新增至自訂角色,則無法辨識。The role is not recognized when it is added to a custom role. | 08954f03-6346-4c2e-81c0-ec3a5cfae23b08954f03-6346-4c2e-81c0-ec3a5cfae23b |
| 監視參與者Monitoring Contributor | 可以讀取所有監視資料並編輯監視設定。Can read all monitoring data and edit monitoring settings. 請參閱開始使用 Azure 監視器的角色、權限和安全性。See also Get started with roles, permissions, and security with Azure Monitor. | 749f88d5-cbae-40b8-bcfc-e573ddc772fa749f88d5-cbae-40b8-bcfc-e573ddc772fa |
| 監視計量發行者Monitoring Metrics Publisher | 針對 Azure 資源啟用發佈計量Enables publishing metrics against Azure resources | 3913510d-42f4-4e42-8a64-420c390055eb3913510d-42f4-4e42-8a64-420c390055eb |
| 監視讀取器Monitoring Reader | 可以讀取所有監視資料 (計量、記錄等等)。Can read all monitoring data (metrics, logs, etc.). 請參閱開始使用 Azure 監視器的角色、權限和安全性。See also Get started with roles, permissions, and security with Azure Monitor. | 43d0d8ad-25c7-4714-9337-8ba259a9fe0543d0d8ad-25c7-4714-9337-8ba259a9fe05 |
| 活頁簿參與者Workbook Contributor | 可以儲存共用活頁簿。Can save shared workbooks. | e8ddcd69-c73f-4f9f-9844-4100522f16ade8ddcd69-c73f-4f9f-9844-4100522f16ad |
| 活頁簿讀者Workbook Reader | 可以讀取活頁簿。Can read workbooks. | b279062a-9be3-42a0-92ae-8b3cf002ec4db279062a-9be3-42a0-92ae-8b3cf002ec4d |
| 管理和治理Management + governance | ||
| 自動化作業運算子Automation Job Operator | 使用「自動化 Runbook」來建立及管理作業。Create and Manage Jobs using Automation Runbooks. | 4fe576fe-1146-4730-92eb-48519fa6bf9f4fe576fe-1146-4730-92eb-48519fa6bf9f |
| 自動化運算子Automation Operator | 「自動化運算子」能夠啟動、停止、暫止及繼續作業Automation Operators are able to start, stop, suspend, and resume jobs | d3881f73-407a-4167-8283-e981cbba0404d3881f73-407a-4167-8283-e981cbba0404 |
| 自動化 Runbook 運算子Automation Runbook Operator | 讀取 Runbook 屬性 - 以便能夠建立 Runbook 的作業。Read Runbook properties - to be able to create Jobs of the runbook. | 5fb5aef8-1081-4b8e-bb16-9d5d0385bab55fb5aef8-1081-4b8e-bb16-9d5d0385bab5 |
| Azure Connected Machine 上線Azure Connected Machine Onboarding | 可以讓 Azure Connected Machine 上線。Can onboard Azure Connected Machines. | b64e21ea-ac4e-4cdf-9dc9-5b892992bee7b64e21ea-ac4e-4cdf-9dc9-5b892992bee7 |
| Azure Connected Machine 資源管理員Azure Connected Machine Resource Administrator | 可以讀取、寫入、刪除 Azure Connected Machine 及使之重新上線。Can read, write, delete and re-onboard Azure Connected Machines. | cd570a14-e51a-42ad-bac8-bafd67325302cd570a14-e51a-42ad-bac8-bafd67325302 |
| 帳單讀取器Billing Reader | 允許對計費資料進行讀取存取Allows read access to billing data | fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64 |
| 藍圖參與者Blueprint Contributor | 可以管理藍圖定義,但不能加以指派。Can manage blueprint definitions, but not assign them. | 41077137-e803-4205-871c-5a86e6a753b441077137-e803-4205-871c-5a86e6a753b4 |
| 藍圖操作員Blueprint Operator | 可以指派現有已發佈的藍圖,但無法建立新的藍圖。Can assign existing published blueprints, but cannot create new blueprints. 請注意,只有在以使用者指派的受控識別來指派時才有效。Note that this only works if the assignment is done with a user-assigned managed identity. | 437d2ced-4a38-4302-8479-ed2bcb43d090437d2ced-4a38-4302-8479-ed2bcb43d090 |
| 成本管理參與者Cost Management Contributor | 可檢視成本和管理成本組態 (例如預算、匯出)Can view costs and manage cost configuration (e.g. budgets, exports) | 434105ed-43f6-45c7-a02f-909b2ba83430434105ed-43f6-45c7-a02f-909b2ba83430 |
| 成本管理讀者Cost Management Reader | 可檢視成本資料和組態 (例如預算、匯出)Can view cost data and configuration (e.g. budgets, exports) | 72fafb9e-0641-4937-9268-a91bfd8191a372fafb9e-0641-4937-9268-a91bfd8191a3 |
| 階層設定管理員Hierarchy Settings Administrator | 允許使用者編輯和刪除階層設定Allows users to edit and delete Hierarchy Settings | 350f8d15-c687-4448-8ae1-157740a3936d350f8d15-c687-4448-8ae1-157740a3936d |
| 受控應用程式參與者角色Managed Application Contributor Role | 允許建立受控應用程式資源。Allows for creating managed application resources. | 641177b8-a67a-45b9-a033-47bc880bb21e641177b8-a67a-45b9-a033-47bc880bb21e |
| 受控應用程式操作員角色Managed Application Operator Role | 可讓您讀取受控應用程式資源及對其執行動作Lets you read and perform actions on Managed Application resources | c7393b34-138c-406f-901b-d8cf2b17e6aec7393b34-138c-406f-901b-d8cf2b17e6ae |
| 受控應用程式讀者Managed Applications Reader | 可讓您讀取受控應用程式中的資源及要求 JIT 存取權。Lets you read resources in a managed app and request JIT access. | b9331d33-8a36-4f8c-b097-4f54124fdb44b9331d33-8a36-4f8c-b097-4f54124fdb44 |
| 受控服務註冊指派刪除角色Managed Services Registration assignment Delete Role | 「受控服務註冊指派刪除角色」可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant. | 91c1777a-f3dc-4fae-b103-61d183457e4691c1777a-f3dc-4fae-b103-61d183457e46 |
| 管理群組參與者Management Group Contributor | 管理群組參與者角色Management Group Contributor Role | 5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c |
| 管理群組讀者Management Group Reader | 管理群組讀者角色Management Group Reader Role | ac63b705-f282-497d-ac71-919bf39d939dac63b705-f282-497d-ac71-919bf39d939d |
| New Relic APM 帳戶參與者New Relic APM Account Contributor | 可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法存取它們。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them. | 5d28c62d-5b37-4476-8438-e587778df2375d28c62d-5b37-4476-8438-e587778df237 |
| 原則深入解析資料寫入者 (預覽)Policy Insights Data Writer (Preview) | 允許讀取資源原則及寫入資源元件原則事件。Allows read access to resource policies and write access to resource component policy events. | 66bb4e9e-b016-4a94-8249-4c0511c2be8466bb4e9e-b016-4a94-8249-4c0511c2be84 |
| 資源原則參與者Resource Policy Contributor | 有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy. | 36243c78-bf99-498c-9df9-86d9f8d2860836243c78-bf99-498c-9df9-86d9f8d28608 |
| Site Recovery 參與者Site Recovery Contributor | 可讓您管理 Site Recovery 服務,但無法建立保存庫和指派角色Lets you manage Site Recovery service except vault creation and role assignment | 6670b86e-a3f7-4917-ac9b-5d6ab1be45676670b86e-a3f7-4917-ac9b-5d6ab1be4567 |
| Site Recovery 操作員Site Recovery Operator | 可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業Lets you failover and failback but not perform other Site Recovery management operations | 494ae006-db33-4328-bf46-533a6560a3ca494ae006-db33-4328-bf46-533a6560a3ca |
| Site Recovery 讀取者Site Recovery Reader | 可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業Lets you view Site Recovery status but not perform other management operations | dbaa88c4-0c30-4179-9fb3-46319faa6149dbaa88c4-0c30-4179-9fb3-46319faa6149 |
| 支援要求參與者Support Request Contributor | 可讓您建立及管理支援要求Lets you create and manage Support requests | cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24ecfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e |
| 標記參與者Tag Contributor | 可讓您管理實體上的標記,無需提供對實體本身的存取。Lets you manage tags on entities, without providing access to the entities themselves. | 4a9ae827-6dc8-4573-8ac7-8239d42aa03f4a9ae827-6dc8-4573-8ac7-8239d42aa03f |
| 其他Other | ||
| BizTalk 參與者BizTalk Contributor | 可讓您管理 BizTalk 服務,但無法存取它們。Lets you manage BizTalk services, but not access to them. | 5e3c6656-6cfa-4708-81fe-0de47ac733425e3c6656-6cfa-4708-81fe-0de47ac73342 |
| 排程器工作集合參與者Scheduler Job Collections Contributor | 可讓您管理「排程器」工作集合,但無法存取它們。Lets you manage Scheduler job collections, but not access to them. | 188a0f2f-5c9e-469b-ae67-2aa5ce574b94188a0f2f-5c9e-469b-ae67-2aa5ce574b94 |
一般General
參與者Contributor
可讓您管理一切,但授與對資源的存取除外。Lets you manage everything except granting access to resources.
| 動作Actions | |
| * | 建立和管理所有類型的資源Create and manage resources of all types |
| NotActionsNotActions | |
| Microsoft.Authorization/*/DeleteMicrosoft.Authorization/*/Delete | 刪除角色、原則指派、原則定義和原則集定義Delete roles, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/*/WriteMicrosoft.Authorization/*/Write | 建立角色、角色指派、原則指派、原則定義和原則集定義Create roles, role assignments, policy assignments, policy definitions and policy set definitions |
| Microsoft.Authorization/elevateAccess/ActionMicrosoft.Authorization/elevateAccess/Action | 對呼叫者授與租用戶範圍的使用者存取系統管理員存取權Grants the caller User Access Administrator access at the tenant scope |
| Microsoft.Blueprint/blueprintAssignments/writeMicrosoft.Blueprint/blueprintAssignments/write | 建立或更新任何藍圖指派Create or update any blueprint assignments |
| Microsoft.Blueprint/blueprintAssignments/deleteMicrosoft.Blueprint/blueprintAssignments/delete | 刪除任何藍圖指派Delete any blueprint assignments |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything except access to resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"name": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"permissions": [
{
"actions": [
"*"
],
"notActions": [
"Microsoft.Authorization/*/Delete",
"Microsoft.Authorization/*/Write",
"Microsoft.Authorization/elevateAccess/Action",
"Microsoft.Blueprint/blueprintAssignments/write",
"Microsoft.Blueprint/blueprintAssignments/delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
擁有者Owner
可讓您管理一切,包括對資源的存取。Lets you manage everything, including access to resources.
| 動作Actions | |
| * | 建立和管理所有類型的資源Create and manage resources of all types |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything, including access to resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"name": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"permissions": [
{
"actions": [
"*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
讀取者Reader
可讓您檢視所有項目,但是無法進行變更。Lets you view everything, but not make any changes.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything, but not make any changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7",
"name": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"permissions": [
{
"actions": [
"*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
使用者存取系統管理員User Access Administrator
可讓您管理 Azure 資源的使用者存取。Lets you manage user access to Azure resources.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Authorization/*Microsoft.Authorization/* | 管理授權Manage authorization |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage user access to Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"name": "18d7d88d-d35e-4fb5-a5c3-7773c20a72d9",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "User Access Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
計算Compute
傳統虛擬機器參與者Classic Virtual Machine Contributor
可讓您管理傳統虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ClassicCompute/domainNames/*Microsoft.ClassicCompute/domainNames/* | 建立和管理傳統運算網域名稱Create and manage classic compute domain names |
| Microsoft.ClassicCompute/virtualMachines/*Microsoft.ClassicCompute/virtualMachines/* | 建立和管理虛擬機器Create and manage virtual machines |
| Microsoft.ClassicNetwork/networkSecurityGroups/join/actionMicrosoft.ClassicNetwork/networkSecurityGroups/join/action | |
| Microsoft.ClassicNetwork/reservedIps/link/actionMicrosoft.ClassicNetwork/reservedIps/link/action | 連結保留的 IPLink a reserved Ip |
| Microsoft.ClassicNetwork/reservedIps/readMicrosoft.ClassicNetwork/reservedIps/read | 取得保留的 IPGets the reserved Ips |
| Microsoft.ClassicNetwork/virtualNetworks/join/actionMicrosoft.ClassicNetwork/virtualNetworks/join/action | 加入虛擬網路。Joins the virtual network. |
| Microsoft.ClassicNetwork/virtualNetworks/readMicrosoft.ClassicNetwork/virtualNetworks/read | 取得虛擬網路。Get the virtual network. |
| Microsoft.ClassicStorage/storageAccounts/disks/readMicrosoft.ClassicStorage/storageAccounts/disks/read | 傳回儲存體帳戶磁碟。Returns the storage account disk. |
| Microsoft.ClassicStorage/storageAccounts/images/readMicrosoft.ClassicStorage/storageAccounts/images/read | 傳回儲存體帳戶映像。Returns the storage account image. (已淘汰。(Deprecated. 使用 'Microsoft.ClassicStorage/storageAccounts/vmImages')Use 'Microsoft.ClassicStorage/storageAccounts/vmImages') |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | 傳回具有給定帳戶的儲存體帳戶。Return the storage account with the given account. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"name": "d73bb868-a0df-4d4d-bd69-98a00b01fccb",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/domainNames/*",
"Microsoft.ClassicCompute/virtualMachines/*",
"Microsoft.ClassicNetwork/networkSecurityGroups/join/action",
"Microsoft.ClassicNetwork/reservedIps/link/action",
"Microsoft.ClassicNetwork/reservedIps/read",
"Microsoft.ClassicNetwork/virtualNetworks/join/action",
"Microsoft.ClassicNetwork/virtualNetworks/read",
"Microsoft.ClassicStorage/storageAccounts/disks/read",
"Microsoft.ClassicStorage/storageAccounts/images/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器系統管理員登入Virtual Machine Administrator Login
在入口網站中檢視虛擬機器並以系統管理員身分登入View Virtual Machines in the portal and login as administrator
| 動作Actions | |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 取得公用 IP 位址定義。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 取得負載平衡器定義Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 取得網路介面定義。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user |
| Microsoft.Compute/virtualMachines/loginAsAdmin/actionMicrosoft.Compute/virtualMachines/loginAsAdmin/action | 以 Windows 系統管理員或 Linux 根使用者權限登入虛擬機器Log in to a virtual machine with Windows administrator or Linux root user privileges |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as administrator",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4",
"name": "1c0163c0-47e6-4577-8991-ea5c82e286e4",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action",
"Microsoft.Compute/virtualMachines/loginAsAdmin/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine Administrator Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器參與者Virtual Machine Contributor
可讓您管理虛擬機器 (不含虛擬機器所連接的虛擬網路或儲存體帳戶),但無法存取它們。Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | 建立和管理運算可用性集合Create and manage compute availability sets |
| Microsoft.Compute/locations/*Microsoft.Compute/locations/* | 建立和管理運算位置Create and manage compute locations |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | 建立和管理虛擬機器Create and manage virtual machines |
| Microsoft.Compute/virtualMachineScaleSets/*Microsoft.Compute/virtualMachineScaleSets/* | 建立和管理虛擬機器擴展集Create and manage virtual machine scale sets |
| Microsoft.Compute/disks/writeMicrosoft.Compute/disks/write | 建立新的磁碟,或更新現有磁碟Creates a new Disk or updates an existing one |
| Microsoft.Compute/disks/readMicrosoft.Compute/disks/read | 取得磁碟的屬性Get the properties of a Disk |
| Microsoft.Compute/disks/deleteMicrosoft.Compute/disks/delete | 刪除磁碟Deletes the Disk |
| Microsoft.DevTestLab/schedules/*Microsoft.DevTestLab/schedules/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/applicationGateways/backendAddressPools/join/actionMicrosoft.Network/applicationGateways/backendAddressPools/join/action | 加入應用程式閘道後端位址集區。Joins an application gateway backend address pool. 不可警示。Not Alertable. |
| Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | 加入負載平衡器後端位址集區。Joins a load balancer backend address pool. 不可警示。Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatPools/join/actionMicrosoft.Network/loadBalancers/inboundNatPools/join/action | 加入負載平衡器輸入 NAT 集區。Joins a load balancer inbound NAT pool. 不可警示。Not alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | 加入負載平衡器輸入 nat 規則。Joins a load balancer inbound nat rule. 不可警示。Not Alertable. |
| Microsoft.Network/loadBalancers/probes/join/actionMicrosoft.Network/loadBalancers/probes/join/action | 允許使用負載平衡器的探查。Allows using probes of a load balancer. 例如,使用此權限,VM 擴展集的 healthProbe 屬性就可以參考探查。For example, with this permission healthProbe property of VM scale set can reference the probe. 不可警示。Not alertable. |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 取得負載平衡器定義Gets a load balancer definition |
| Microsoft.Network/locations/*Microsoft.Network/locations/* | 建立和管理網路位置Create and manage network locations |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | 建立和管理網路介面Create and manage network interfaces |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read | 取得網路安全性群組定義Gets a network security group definition |
| Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | 加入公用 IP 位址。Joins a public ip address. 不可警示。Not Alertable. |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 取得公用 IP 位址定義。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable. |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 建立備份保護用途Create a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細資料Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 建立備用的受保護項目Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupPolicies/writeMicrosoft.RecoveryServices/Vaults/backupPolicies/write | 建立保護原則Creates Protection Policy |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.SqlVirtualMachine/*Microsoft.SqlVirtualMachine/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage virtual machines, but not access to them, and not the virtual network or storage account they're connected to.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"name": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/locations/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/virtualMachineScaleSets/*",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/disks/delete",
"Microsoft.DevTestLab/schedules/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/applicationGateways/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/loadBalancers/probes/join/action",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/locations/*",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Network/networkSecurityGroups/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/*/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/write",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.SqlVirtualMachine/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Virtual Machine Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
虛擬機器使用者登入Virtual Machine User Login
在入口網站中檢視虛擬機器並以一般使用者身分登入。View Virtual Machines in the portal and login as a regular user.
| 動作Actions | |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 取得公用 IP 位址定義。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.Network/loadBalancers/readMicrosoft.Network/loadBalancers/read | 取得負載平衡器定義Gets a load balancer definition |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 取得網路介面定義。Gets a network interface definition. |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Compute/virtualMachines/login/actionMicrosoft.Compute/virtualMachines/login/action | 以一般使用者身分登入虛擬機器Log in to a virtual machine as a regular user |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "View Virtual Machines in the portal and login as a regular user.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52",
"name": "fb879df8-f326-4884-b1cf-06f3ad86be52",
"permissions": [
{
"actions": [
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/loadBalancers/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Compute/virtualMachines/*/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Compute/virtualMachines/login/action"
],
"notDataActions": []
}
],
"roleName": "Virtual Machine User Login",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
網路功能Networking
CDN 端點參與者CDN Endpoint Contributor
可管理 CDN 端點,但無法將存取權授與其他使用者。Can manage CDN endpoints, but can't grant access to other users.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*Microsoft.Cdn/profiles/endpoints/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"name": "426e0c7f-0c7e-4658-b36f-ff54d6c29b45",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 端點讀者CDN Endpoint Reader
可檢視 CDN 端點,但無法變更。Can view CDN endpoints, but can't make changes.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/endpoints/*/readMicrosoft.Cdn/profiles/endpoints/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"name": "871e35f6-b5c1-49cc-a043-bde969a0f2cd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/endpoints/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Endpoint Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 設定檔參與者CDN Profile Contributor
可管理 CDN 設定檔及其端點,但無法將存取權授與其他使用者。Can manage CDN profiles and their endpoints, but can't grant access to other users.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*Microsoft.Cdn/profiles/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage CDN profiles and their endpoints, but can't grant access to other users.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432",
"name": "ec156ff8-a8d1-4d15-830c-5b80698ca432",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CDN 設定檔讀者CDN Profile Reader
可檢視 CDN 設定檔及其端點,但無法變更。Can view CDN profiles and their endpoints, but can't make changes.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Cdn/edgenodes/readMicrosoft.Cdn/edgenodes/read | |
| Microsoft.Cdn/operationresults/*Microsoft.Cdn/operationresults/* | |
| Microsoft.Cdn/profiles/*/readMicrosoft.Cdn/profiles/*/read | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can view CDN profiles and their endpoints, but can't make changes.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af",
"name": "8f96442b-4075-438f-813d-ad51ab4019af",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cdn/edgenodes/read",
"Microsoft.Cdn/operationresults/*",
"Microsoft.Cdn/profiles/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CDN Profile Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
傳統網路參與者Classic Network Contributor
可讓您管理傳統網路,但無法存取它們。Lets you manage classic networks, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ClassicNetwork/*Microsoft.ClassicNetwork/* | 建立和管理傳統網路Create and manage classic networks |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"name": "b34d265f-36f7-4a0d-a4d4-e158ca92e90f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicNetwork/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DNS 區域參與者DNS Zone Contributor
可讓您管理 Azure DNS 中的 DNS 區域與記錄集,但無法讓您控制誰可存取它們。Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/dnsZones/*Microsoft.Network/dnsZones/* | 建立和管理 DNS 區域和記錄Create and manage DNS zones and records |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DNS zones and record sets in Azure DNS, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
"name": "befefa01-2a29-4197-83a8-272ff33ce314",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/dnsZones/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DNS Zone Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
網路參與者Network Contributor
可讓您管理網路,但無法存取它們。Lets you manage networks, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/*Microsoft.Network/* | 建立和管理網路Create and manage networks |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage networks, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7",
"name": "4d97b98b-1d4f-4787-a291-c67834d212e7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Network Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
流量管理員參與者Traffic Manager Contributor
可讓您管理「流量管理員」設定檔,但無法控制誰可以存取它們。Lets you manage Traffic Manager profiles, but does not let you control who has access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/trafficManagerProfiles/*Microsoft.Network/trafficManagerProfiles/* | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Traffic Manager profiles, but does not let you control who has access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"name": "a4b10055-b0c7-44c2-b00f-c7b5b3550cf7",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/trafficManagerProfiles/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Traffic Manager Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體Storage
Avere 參與者Avere Contributor
可以建立和管理 Avere vFXT 叢集。Can create and manage an Avere vFXT cluster.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Compute/*/readMicrosoft.Compute/*/read | |
| Microsoft.Compute/availabilitySets/*Microsoft.Compute/availabilitySets/* | |
| Microsoft.Compute/virtualMachines/*Microsoft.Compute/virtualMachines/* | |
| Microsoft.Compute/disks/*Microsoft.Compute/disks/* | |
| Microsoft.Network/*/readMicrosoft.Network/*/read | |
| Microsoft.Network/networkInterfaces/*Microsoft.Network/networkInterfaces/* | |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable. |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/*/readMicrosoft.Storage/*/read | |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | 建立及管理儲存體帳戶Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Resources/subscriptions/resourceGroups/resources/readMicrosoft.Resources/subscriptions/resourceGroups/resources/read | 取得資源群組的資源。Gets the resources for the resource group. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 傳回刪除 Blob 的結果Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 傳回寫入 Blob 的結果Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can create and manage an Avere vFXT cluster.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"name": "4f8fab4f-1852-4a58-a46a-8eaf358af14a",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/*/read",
"Microsoft.Compute/availabilitySets/*",
"Microsoft.Compute/virtualMachines/*",
"Microsoft.Compute/disks/*",
"Microsoft.Network/*/read",
"Microsoft.Network/networkInterfaces/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/deployments/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/*/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/resources/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Avere 操作員Avere Operator
供 Avere vFXT 叢集用來管理叢集Used by the Avere vFXT cluster to manage the cluster
| 動作Actions | |
| Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | 取得虛擬機器的屬性Get the properties of a virtual machine |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 取得網路介面定義。Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | 建立網路介面,或更新現有的網路介面。Creates a network interface or updates an existing network interface. |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.Network/virtualNetworks/subnets/readMicrosoft.Network/virtualNetworks/subnets/read | 取得虛擬網路子網路定義Gets a virtual network subnet definition |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable. |
| Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action | 加入網路安全性群組。Joins a network security group. 不可警示。Not Alertable. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | 傳回刪除容器的結果Returns the result of deleting a container |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 傳回容器的清單Returns list of containers |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | 傳回放置 Blob 容器的結果Returns the result of put blob container |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 傳回刪除 Blob 的結果Returns the result of deleting a blob |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回 Blob 或 Blob 清單Returns a blob or a list of blobs |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 傳回寫入 Blob 的結果Returns the result of writing a blob |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Used by the Avere vFXT cluster to manage the cluster",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"name": "c025889f-8102-4ebf-b32c-fc0c6f0c6bd9",
"permissions": [
{
"actions": [
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.Network/virtualNetworks/subnets/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/networkSecurityGroups/join/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Avere Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份參與者Backup Contributor
可讓您管理備份服務,但無法建立保存庫及授與存取權給其他人Lets you manage backup service, but can't create vaults and give access to others
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.RecoveryServices/locations/*Microsoft.RecoveryServices/locations/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/* | 管理備份管理上作業的結果Manage results of operation on backup management |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/* | 在復原服務保存庫的備份網狀架構內建立和管理備份容器Create and manage backup containers inside backup fabrics of Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 重新整理容器清單Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | 建立和管理備份作業Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 建立和管理備份管理作業的結果Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/*Microsoft.RecoveryServices/Vaults/backupPolicies/* | 建立和管理備份原則Create and manage backup policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 建立和管理可以備份的項目Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/*Microsoft.RecoveryServices/Vaults/backupProtectedItems/* | 建立和管理備份項目Create and manage backed up items |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*Microsoft.RecoveryServices/Vaults/backupProtectionContainers/* | 建立和管理保存備份項目的容器Create and manage containers holding backup items |
| Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*Microsoft.RecoveryServices/Vaults/backupSecurityPIN/* | |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/*Microsoft.RecoveryServices/Vaults/certificates/* | 建立和管理備份復原服務保存庫中與備份相關的憑證Create and manage certificates related to backup in Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | 建立和管理與保存庫相關的擴充資訊Create and manage extended info related to vault |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 建立和管理註冊的身分識別Create and manage registered identities |
| Microsoft.RecoveryServices/Vaults/usages/*Microsoft.RecoveryServices/Vaults/usages/* | 建立和管理復原服務保存庫的使用方式Create and manage usage of Recovery Services vault |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupconfig/*Microsoft.RecoveryServices/Vaults/backupconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 驗證受保護項目上的作業Validate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/writeMicrosoft.RecoveryServices/Vaults/write | 「建立保存庫」作業會建立 'vault' 類型的 Azure 資源Create Vault operation creates an Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/* | |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 取得所有可保護的容器Get all protectable containers |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 取得給定作業的作業狀態Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有的備份保護用途List all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup service,but can't create vaults and give access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b",
"name": "5e467623-bb1f-42f4-a55d-6e525e11384b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/*",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/*",
"Microsoft.RecoveryServices/Vaults/backupSecurityPIN/*",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/*",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/Vaults/usages/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/write",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/*",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份操作員Backup Operator
可讓您管理備份服務,但無法移除備份、建立保存庫及為其他人提供存取權Lets you manage backup services, except removal of backup, vault creation and giving access to others
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 傳回作業的狀態Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action | 對受保護的項目執行備份。Performs Backup for Protected Item. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細資料Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action | 為受保護的項目佈建即時項目復原Provision Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 取得受保護項目的復原點。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action | 還原受保護項目的復原點。Restore Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action | 為受保護的項目撤銷即時項目復原Revoke Instant Item Recovery for Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write | 建立備用的受保護項目Create a backup Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 傳回所有已註冊的容器Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action | 重新整理容器清單Refreshes the container list |
| Microsoft.RecoveryServices/Vaults/backupJobs/*Microsoft.RecoveryServices/Vaults/backupJobs/* | 建立和管理備份作業Create and manage backup jobs |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/*Microsoft.RecoveryServices/Vaults/backupOperationResults/* | 建立和管理備份管理作業的結果Create and manage Results of backup management operations |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 取得原則作業的結果。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectableItems/*Microsoft.RecoveryServices/Vaults/backupProtectableItems/* | 建立和管理可以備份的項目Create and manage items which can be backed up |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | 傳回所有受保護項目的清單。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | 「更新資源憑證」作業會更新資源/保存庫的認證憑證。The Update Resource Certificate operation updates the resource/vault credential certificate. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/extendedInformation/writeMicrosoft.RecoveryServices/Vaults/extendedInformation/write | 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/writeMicrosoft.RecoveryServices/Vaults/registeredIdentities/write | 「註冊服務容器」作業可用來向復原服務註冊容器。The Register Service Container operation can be used to register a container with Recovery Service. |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/*Microsoft.RecoveryServices/Vaults/backupstorageconfig/* | |
| Microsoft.RecoveryServices/Vaults/backupValidateOperation/actionMicrosoft.RecoveryServices/Vaults/backupValidateOperation/action | 驗證受保護項目上的作業Validate Operation on Protected Item |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | 取得原則作業的狀態。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write | 建立已註冊的容器Creates a registered container |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/actionMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action | 執行容器內工作負載的查詢Do inquiry for workloads within a container |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/writeMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write | 建立備份保護用途Create a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 取得備份保護用途Get a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read | 取得所有可保護的容器Get all protectable containers |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 取得容器中的所有項目Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/locations/backupPreValidateProtection/actionMicrosoft.RecoveryServices/locations/backupPreValidateProtection/action | |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能Validate Features |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 取得給定作業的作業狀態Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有的備份保護用途List all backup Protection Intents |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage backup services, except removal of backup, vault creation and giving access to others",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324",
"name": "00c29273-979b-4161-815c-10b084fb9324",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/backup/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/provisionInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/restore/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/revokeInstantItemRecovery/action",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/refreshContainers/action",
"Microsoft.RecoveryServices/Vaults/backupJobs/*",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/*",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectableItems/*",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/write",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/write",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/*",
"Microsoft.RecoveryServices/Vaults/backupValidateOperation/action",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/inquire/action",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/write",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectableContainers/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/locations/backupPreValidateProtection/action",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
備份讀取者Backup Reader
可以檢視備份服務,但無法進行變更Can view backup services, but can't make changes
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/operationResults/read | 傳回作業的狀態Returns status of the operation |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read | 取得對保護容器執行之作業的結果。Gets result of Operation performed on Protection Container. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read | 取得對受保護項目執行之作業的結果。Gets Result of Operation Performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read | 傳回對受保護項目執行之作業的狀態。Returns the status of Operation performed on Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read | 傳回受保護項目的物件詳細資料Returns object details of the Protected Item |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read | 取得受保護項目的復原點。Get Recovery Points for Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read | 傳回所有已註冊的容器Returns all registered containers |
| Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/readMicrosoft.RecoveryServices/Vaults/backupJobs/operationResults/read | 傳回作業的作業結果。Returns the Result of Job Operation. |
| Microsoft.RecoveryServices/Vaults/backupJobs/readMicrosoft.RecoveryServices/Vaults/backupJobs/read | 傳回所有作業物件Returns all Job Objects |
| Microsoft.RecoveryServices/Vaults/backupJobsExport/actionMicrosoft.RecoveryServices/Vaults/backupJobsExport/action | 匯出作業Export Jobs |
| Microsoft.RecoveryServices/Vaults/backupOperationResults/readMicrosoft.RecoveryServices/Vaults/backupOperationResults/read | 傳回復原服務保存庫的備份作業結果。Returns Backup Operation Result for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operationResults/read | 取得原則作業的結果。Get Results of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/readMicrosoft.RecoveryServices/Vaults/backupPolicies/read | 傳回所有保護原則Returns all Protection Policies |
| Microsoft.RecoveryServices/Vaults/backupProtectedItems/readMicrosoft.RecoveryServices/Vaults/backupProtectedItems/read | 傳回所有受保護項目的清單。Returns the list of all Protected Items. |
| Microsoft.RecoveryServices/Vaults/backupProtectionContainers/readMicrosoft.RecoveryServices/Vaults/backupProtectionContainers/read | 傳回屬於訂用帳戶的所有容器Returns all containers belonging to the subscription |
| Microsoft.RecoveryServices/Vaults/backupUsageSummaries/readMicrosoft.RecoveryServices/Vaults/backupUsageSummaries/read | 傳回復原服務之受保護項目和受保護伺服器的摘要。Returns summaries for Protected Items and Protected Servers for a Recovery Services . |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/readMicrosoft.RecoveryServices/Vaults/monitoringAlerts/read | 取得復原服務保存庫的警示。Gets the alerts for the Recovery services vault. |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/Vaults/backupstorageconfig/readMicrosoft.RecoveryServices/Vaults/backupstorageconfig/read | 傳回復原服務保存庫的儲存體組態。Returns Storage Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupconfig/readMicrosoft.RecoveryServices/Vaults/backupconfig/read | 傳回復原服務保存庫的組態。Returns Configuration for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupOperations/readMicrosoft.RecoveryServices/Vaults/backupOperations/read | 傳回復原服務保存庫的備份作業狀態。Returns Backup Operation Status for Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/backupPolicies/operations/readMicrosoft.RecoveryServices/Vaults/backupPolicies/operations/read | 取得原則作業的狀態。Get Status of Policy Operation. |
| Microsoft.RecoveryServices/Vaults/backupEngines/readMicrosoft.RecoveryServices/Vaults/backupEngines/read | 傳回已向保存庫註冊的所有備份管理伺服器。Returns all the backup management servers registered with vault. |
| Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/readMicrosoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read | 取得備份保護用途Get a backup Protection Intent |
| Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/readMicrosoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read | 取得容器中的所有項目Get all items in a container |
| Microsoft.RecoveryServices/locations/backupStatus/actionMicrosoft.RecoveryServices/locations/backupStatus/action | 檢查復原服務保存庫的備份狀態Check Backup Status for Recovery Services Vaults |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*Microsoft.RecoveryServices/Vaults/monitoringConfigurations/* | |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/writeMicrosoft.RecoveryServices/Vaults/monitoringAlerts/write | 解決警示。Resolves the alert. |
| Microsoft.RecoveryServices/operations/readMicrosoft.RecoveryServices/operations/read | 作業會傳回資源提供者的作業清單Operation returns the list of Operations for a Resource Provider |
| Microsoft.RecoveryServices/locations/operationStatus/readMicrosoft.RecoveryServices/locations/operationStatus/read | 取得給定作業的作業狀態Gets Operation Status for a given Operation |
| Microsoft.RecoveryServices/Vaults/backupProtectionIntents/readMicrosoft.RecoveryServices/Vaults/backupProtectionIntents/read | 列出所有的備份保護用途List all backup Protection Intents |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/locations/backupValidateFeatures/actionMicrosoft.RecoveryServices/locations/backupValidateFeatures/action | 驗證功能Validate Features |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can view backup services, but can't make changes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912",
"name": "a795c7a0-d4a2-40c1-ae25-d81f01202912",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/operationsStatus/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/protectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupJobs/read",
"Microsoft.RecoveryServices/Vaults/backupJobsExport/action",
"Microsoft.RecoveryServices/Vaults/backupOperationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operationResults/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/read",
"Microsoft.RecoveryServices/Vaults/backupProtectedItems/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionContainers/read",
"Microsoft.RecoveryServices/Vaults/backupUsageSummaries/read",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/Vaults/backupstorageconfig/read",
"Microsoft.RecoveryServices/Vaults/backupconfig/read",
"Microsoft.RecoveryServices/Vaults/backupOperations/read",
"Microsoft.RecoveryServices/Vaults/backupPolicies/operations/read",
"Microsoft.RecoveryServices/Vaults/backupEngines/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/backupProtectionIntent/read",
"Microsoft.RecoveryServices/Vaults/backupFabrics/protectionContainers/items/read",
"Microsoft.RecoveryServices/locations/backupStatus/action",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/*",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/write",
"Microsoft.RecoveryServices/operations/read",
"Microsoft.RecoveryServices/locations/operationStatus/read",
"Microsoft.RecoveryServices/Vaults/backupProtectionIntents/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/locations/backupValidateFeatures/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Backup Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
傳統儲存體帳戶參與者Classic Storage Account Contributor
可讓您管理傳統儲存體帳戶,但無法存取它們。Lets you manage classic storage accounts, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ClassicStorage/storageAccounts/*Microsoft.ClassicStorage/storageAccounts/* | 建立及管理儲存體帳戶Create and manage storage accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage classic storage accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"name": "86e8f5dc-a6e9-4c67-9d15-de283e8eac25",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
傳統儲存體帳戶金鑰操作員服務角色Classic Storage Account Key Operator Service Role
「傳統儲存體帳戶金鑰操作員」可以列出及重新產生「傳統儲存體帳戶」的金鑰Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts
| 動作Actions | |
| Microsoft.ClassicStorage/storageAccounts/listkeys/actionMicrosoft.ClassicStorage/storageAccounts/listkeys/action | 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/regeneratekey/actionMicrosoft.ClassicStorage/storageAccounts/regeneratekey/action | 重新產生儲存體帳戶的現有存取金鑰。Regenerates the existing access keys for the storage account. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Classic Storage Account Key Operators are allowed to list and regenerate keys on Classic Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"name": "985d6b00-f706-48f5-a6fe-d0ca12fb668d",
"permissions": [
{
"actions": [
"Microsoft.ClassicStorage/storageAccounts/listkeys/action",
"Microsoft.ClassicStorage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Classic Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料箱參與者Data Box Contributor
可讓您管理資料箱服務下的所有項目,為他人賦予存取權除外。Lets you manage everything under Data Box Service except giving access to others.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Databox/*Microsoft.Databox/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage everything under Data Box Service except giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5",
"name": "add466c9-e687-43fc-8d98-dfcf8d720be5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Databox/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料箱讀者Data Box Reader
可讓您管理資料箱服務,建立訂單或編輯訂單詳細資料和為他人賦予存取權除外。Lets you manage Data Box Service except creating order or editing order details and giving access to others.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Databox/*/readMicrosoft.Databox/*/read | |
| Microsoft.Databox/jobs/listsecrets/actionMicrosoft.Databox/jobs/listsecrets/action | |
| Microsoft.Databox/jobs/listcredentials/actionMicrosoft.Databox/jobs/listcredentials/action | 列出與訂單相關的未加密認證。Lists the unencrypted credentials related to the order. |
| Microsoft.Databox/locations/availableSkus/actionMicrosoft.Databox/locations/availableSkus/action | 此方法會傳回可用的 SKU 清單。This method returns the list of available skus. |
| Microsoft.Databox/locations/validateInputs/actionMicrosoft.Databox/locations/validateInputs/action | 此方法會執行所有類型的驗證。This method does all type of validations. |
| Microsoft.Databox/locations/regionConfiguration/actionMicrosoft.Databox/locations/regionConfiguration/action | 此方法會傳回區域的設定。This method returns the configurations for the region. |
| Microsoft.Databox/locations/validateAddress/actionMicrosoft.Databox/locations/validateAddress/action | 驗證出貨地址,並提供備用的地址 (若有的話)。Validates the shipping address and provides alternate addresses if any. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Data Box Service except creating order or editing order details and giving access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"name": "028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Databox/*/read",
"Microsoft.Databox/jobs/listsecrets/action",
"Microsoft.Databox/jobs/listcredentials/action",
"Microsoft.Databox/locations/availableSkus/action",
"Microsoft.Databox/locations/validateInputs/action",
"Microsoft.Databox/locations/regionConfiguration/action",
"Microsoft.Databox/locations/validateAddress/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Box Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Lake Analytics 開發人員Data Lake Analytics Developer
可讓您提交、監視及管理您自己的作業,但無法建立或刪除 Data Lake Analytics 帳戶。Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.BigAnalytics/accounts/*Microsoft.BigAnalytics/accounts/* | |
| Microsoft.DataLakeAnalytics/accounts/*Microsoft.DataLakeAnalytics/accounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.BigAnalytics/accounts/DeleteMicrosoft.BigAnalytics/accounts/Delete | |
| Microsoft.BigAnalytics/accounts/TakeOwnership/actionMicrosoft.BigAnalytics/accounts/TakeOwnership/action | |
| Microsoft.BigAnalytics/accounts/WriteMicrosoft.BigAnalytics/accounts/Write | |
| Microsoft.DataLakeAnalytics/accounts/DeleteMicrosoft.DataLakeAnalytics/accounts/Delete | 刪除 DataLakeAnalytics 帳戶。Delete a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/TakeOwnership/actionMicrosoft.DataLakeAnalytics/accounts/TakeOwnership/action | 授與權限以取消其他使用者所提交的作業。Grant permissions to cancel jobs submitted by other users. |
| Microsoft.DataLakeAnalytics/accounts/WriteMicrosoft.DataLakeAnalytics/accounts/Write | 建立或更新 DataLakeAnalytics 帳戶。Create or update a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write | 建立或更新 DataLakeAnalytics 帳戶所連結的 DataLakeStore 帳戶。Create or update a linked DataLakeStore account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete | 取消 DataLakeStore 帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a DataLakeStore account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/WriteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Write | 建立或更新 DataLakeAnalytics 帳戶所連結的儲存體帳戶。Create or update a linked Storage account of a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/storageAccounts/DeleteMicrosoft.DataLakeAnalytics/accounts/storageAccounts/Delete | 取消儲存體帳戶與 DataLakeAnalytics 帳戶的連結。Unlink a Storage account from a DataLakeAnalytics account. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/WriteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Write | 建立或更新防火牆規則。Create or update a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/firewallRules/DeleteMicrosoft.DataLakeAnalytics/accounts/firewallRules/Delete | 刪除防火牆規則。Delete a firewall rule. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/WriteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Write | 建立或更新計算原則。Create or update a compute policy. |
| Microsoft.DataLakeAnalytics/accounts/computePolicies/DeleteMicrosoft.DataLakeAnalytics/accounts/computePolicies/Delete | 刪除計算原則。Delete a compute policy. |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you submit, monitor, and manage your own jobs but not create or delete Data Lake Analytics accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88",
"name": "47b7735b-770e-4598-a7da-8b91488b4c88",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.BigAnalytics/accounts/*",
"Microsoft.DataLakeAnalytics/accounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.BigAnalytics/accounts/Delete",
"Microsoft.BigAnalytics/accounts/TakeOwnership/action",
"Microsoft.BigAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/TakeOwnership/action",
"Microsoft.DataLakeAnalytics/accounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Write",
"Microsoft.DataLakeAnalytics/accounts/storageAccounts/Delete",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Write",
"Microsoft.DataLakeAnalytics/accounts/firewallRules/Delete",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Write",
"Microsoft.DataLakeAnalytics/accounts/computePolicies/Delete"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Lake Analytics Developer",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
讀取者及資料存取Reader and Data Access
可讓您檢視所有內容,但無法讓您刪除或建立儲存體帳戶或內含的資源。Lets you view everything but will not let you delete or create a storage account or contained resource. 也可透過存取儲存體帳戶金鑰,對儲存體帳戶中內含的所有資料進行讀取/寫入存取。It will also allow read/write access to all data contained in a storage account via access to storage account keys.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/ListAccountSas/actionMicrosoft.Storage/storageAccounts/ListAccountSas/action | 傳回指定儲存體帳戶的帳戶 SAS 權杖。Returns the Account SAS token for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you view everything but will not let you delete or create a storage account or contained resource. It will also allow read/write access to all data contained in a storage account via access to storage account keys.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349",
"name": "c12c1c16-33a1-487b-954d-41c89c60f349",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Storage/storageAccounts/ListAccountSas/action",
"Microsoft.Storage/storageAccounts/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Reader and Data Access",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體帳戶參與者Storage Account Contributor
允許管理儲存體帳戶。Permits management of storage accounts. 支援存取帳戶金鑰,以透過共用金鑰授權來存取資料。Provides access to the account key, which can be used to access data via Shared Key authorization.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/*Microsoft.Storage/storageAccounts/* | 建立及管理儲存體帳戶Create and manage storage accounts |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage storage accounts, including accessing storage account keys which provide full access to storage account data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab",
"name": "17d1049b-9a84-46fb-8f53-869881c3d3ab",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體帳戶金鑰操作員服務角色Storage Account Key Operator Service Role
允許列出及重新產生儲存體帳戶存取金鑰。Permits listing and regenerating storage account access keys.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/regeneratekey/actionMicrosoft.Storage/storageAccounts/regeneratekey/action | 重新產生指定儲存體帳戶的存取金鑰。Regenerates the access keys for the specified storage account. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Storage Account Key Operators are allowed to list and regenerate keys on Storage Accounts",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12",
"name": "81a9662b-bebf-436f-a333-f67b29880f12",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/regeneratekey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Account Key Operator Service Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料參與者Storage Blob Data Contributor
讀取、寫入和刪除 Azure 儲存體的容器和 blob。Read, write, and delete Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/delete | 刪除容器。Delete a container. |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 傳回一個容器或一份容器清單。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/containers/writeMicrosoft.Storage/storageAccounts/blobServices/containers/write | 修改容器的中繼資料或屬性。Modify a container's metadata or properties. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/deleteMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/delete | 刪除 Blob。Delete a blob. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs. |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/actionMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/move/action | 將 blob 從一個路徑移到另一個路徑Moves the blob from one path to another |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/writeMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/write | 寫入 blob。Write to a blob. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write and delete access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"name": "ba92f5b4-2d11-453d-a403-e96b0029c9fe",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料擁有者Storage Blob Data Owner
支援完整存取 Azure 儲存體 blob 容器和資料,包括指派 POSIX 存取控制。Provides full access to Azure Storage blob containers and data, including assigning POSIX access control. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/*Microsoft.Storage/storageAccounts/blobServices/containers/* | 容器的完整權限。Full permissions on containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*Microsoft.Storage/storageAccounts/blobServices/containers/blobs/* | Blob 的完整權限。Full permissions on blobs. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Storage blob containers and data, including assigning POSIX access control.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"name": "b7e6dc6d-f1e8-4753-8033-0f276bb0955b",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/*",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 資料讀者Storage Blob Data Reader
讀取和列出 Azure 儲存體的容器和 blob。Read and list Azure Storage containers and blobs. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/containers/read | 傳回一個容器或一份容器清單。Return a container or a list of containers. |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/blobServices/containers/blobs/readMicrosoft.Storage/storageAccounts/blobServices/containers/blobs/read | 傳回一個 blob 或一份 blob 清單。Return a blob or a list of blobs. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage blob containers and data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"name": "2a2b9908-6ea1-4ae2-8e65-a410df84e7d1",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
],
"notDataActions": []
}
],
"roleName": "Storage Blob Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體 Blob 委派者Storage Blob Delegator
取得使用者委派金鑰,以針對使用 Azure AD 認證所簽署的容器或 blob,建立共用存取簽章。Get a user delegation key, which can then be used to create a shared access signature for a container or blob that is signed with Azure AD credentials. 如需詳細資訊,請參閱建立使用者委派 SAS。For more information, see Create a user delegation SAS.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | 傳回 Blob 服務的使用者委派金鑰。Returns a user delegation key for the Blob service. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for generation of a user delegation key which can be used to sign SAS tokens",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"name": "db58b8e5-c6ad-4a2a-8342-4190687cbf4a",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Storage Blob Delegator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用參與者Storage File Data SMB Share Contributor
允許讀取、寫入及刪除 Azure 檔案共用上的檔案/目錄。Allows for read, write, and delete access on files/directories in Azure file shares. 此角色在 Windows 檔案伺服器上沒有內建的對等項。This role has no built-in equivalent on Windows file servers.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"name": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用提升權限的參與者Storage File Data SMB Share Elevated Contributor
允許對 Azure 檔案共用上的檔案/目錄,讀取、寫入、刪除和修改 ACL。Allows for read, write, delete, and modify ACLs on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「變更」檔案共用 ACL。This role is equivalent to a file share ACL of change on Windows file servers.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/writeMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/write | 傳回寫入檔案或建立資料夾的結果。Returns the result of writing a file or creating a folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/deleteMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/delete | 傳回刪除檔案/資料夾的結果。Returns the result of deleting a file/folder. |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/actionMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action | 傳回修改檔案/資料夾權限的結果。Returns the result of modifying permission on a file/folder. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, delete and modify NTFS permission access in Azure Storage file shares over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7",
"name": "a7264617-510b-434b-a828-9731dc254ea7",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/write",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/delete",
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/modifypermissions/action"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Elevated Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體檔案資料 SMB 共用讀者Storage File Data SMB Share Reader
允許讀取 Azure 檔案共用上的檔案/目錄。Allows for read access on files/directories in Azure file shares. 此角色相當於 Windows 檔案伺服器上的「讀取」檔案共用 ACL。This role is equivalent to a file share ACL of read on Windows file servers.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/fileServices/fileshares/files/readMicrosoft.Storage/storageAccounts/fileServices/fileshares/files/read | 傳回一個檔案/資料夾,或一份檔案/資料夾清單。Returns a file/folder or a list of files/folders. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure File Share over SMB",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314",
"name": "aba4ae5f-2193-4029-9191-0cb91df5e314",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/fileServices/fileshares/files/read"
],
"notDataActions": []
}
],
"roleName": "Storage File Data SMB Share Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料參與者Storage Queue Data Contributor
讀取、寫入及刪除 Azure 儲存體的佇列和佇列訊息。Read, write, and delete Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/delete | 刪除佇列。Delete a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | 傳回一個佇列或一份佇列清單。Return a queue or a list of queues. |
| Microsoft.Storage/storageAccounts/queueServices/queues/writeMicrosoft.Storage/storageAccounts/queueServices/queues/write | 修改佇列中繼資料或屬性。Modify queue metadata or properties. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/deleteMicrosoft.Storage/storageAccounts/queueServices/queues/messages/delete | 從佇列中刪除一或多個訊息。Delete one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/writeMicrosoft.Storage/storageAccounts/queueServices/queues/messages/write | 將訊息新增至佇列。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read, write, and delete access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"name": "974c5e8b-45b9-4653-ba55-5f855dd0fb88",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/write"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/delete",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/write"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料訊息處理者Storage Queue Data Message Processor
從 Azure 儲存體佇列中瞄核、擷取和刪除訊息。Peek, retrieve, and delete a message from an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 瞄核訊息。Peek a message. |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/process/action | 取出和刪除訊息。Retrieve and delete a message. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for peek, receive, and delete access to Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed",
"name": "8a0f0c08-91a1-4084-bc3d-661d67233fed",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read",
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/process/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Processor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料訊息傳送者Storage Queue Data Message Sender
將訊息新增至 Azure 儲存體佇列。Add messages to an Azure Storage queue. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/actionMicrosoft.Storage/storageAccounts/queueServices/queues/messages/add/action | 將訊息新增至佇列。Add a message to a queue. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for sending of Azure Storage queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"name": "c6a89b2d-59bc-44d0-9896-0f6e12d7b80a",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/add/action"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Message Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
儲存體佇列資料讀者Storage Queue Data Reader
讀取和列出 Azure 儲存體的佇列和佇列訊息。Read and list Azure Storage queues and queue messages. 若要了解特定資料作業所需的動作,請參閱呼叫 blob 和佇列資料作業的權限。To learn which actions are required for a given data operation, see Permissions for calling blob and queue data operations.
| 動作Actions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/readMicrosoft.Storage/storageAccounts/queueServices/queues/read | 傳回佇列或佇列清單。Returns a queue or a list of queues. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Storage/storageAccounts/queueServices/queues/messages/readMicrosoft.Storage/storageAccounts/queueServices/queues/messages/read | 從佇列中瞄核或取出一或多個訊息。Peek or retrieve one or more messages from a queue. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for read access to Azure Storage queues and queue messages",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925",
"name": "19e7f393-937e-4f77-808e-94535e297925",
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/queueServices/queues/messages/read"
],
"notDataActions": []
}
],
"roleName": "Storage Queue Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
WebWeb
Azure 地圖服務資料讀者Azure Maps Data Reader
授權從 Azure 地圖服務帳戶讀取地圖相關資料。Grants access to read map related data from an Azure maps account.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Maps/accounts/*/readMicrosoft.Maps/accounts/*/read | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Grants access to read map related data from an Azure maps account.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"name": "423170ca-a8f6-4b0f-8487-9e4eb8f49bfa",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.Maps/accounts/*/read"
],
"notDataActions": []
}
],
"roleName": "Azure Maps Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
搜尋服務參與者Search Service Contributor
可讓您管理「搜尋」服務,但無法存取它們。Lets you manage Search services, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Search/searchServices/*Microsoft.Search/searchServices/* | 建立和管理搜尋服務Create and manage search services |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Search services, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"name": "7ca78c08-252a-4471-8644-bb5ff32d4ba0",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Search/searchServices/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Search Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Web 方案參與者Web Plan Contributor
可讓您管理網站的 Web 方案,但無法存取它們。Lets you manage the web plans for websites, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Web/serverFarms/*Microsoft.Web/serverFarms/* | 建立和管理伺服器陣列Create and manage server farms |
| Microsoft.Web/hostingEnvironments/Join/ActionMicrosoft.Web/hostingEnvironments/Join/Action | 加入 App Service 環境Joins an App Service Environment |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the web plans for websites, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"name": "2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/serverFarms/*",
"Microsoft.Web/hostingEnvironments/Join/Action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Web Plan Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
網站參與者Website Contributor
可讓您管理網站 (非 Web 方案),但無法存取它們。Lets you manage websites (not web plans), but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | 建立和管理 Insights 元件Create and manage Insights components |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Web/certificates/*Microsoft.Web/certificates/* | 建立和管理網站憑證Create and manage website certificates |
| Microsoft.Web/listSitesAssignedToHostName/readMicrosoft.Web/listSitesAssignedToHostName/read | 取得指派給主機名稱之網站的名稱。Get names of sites assigned to hostname. |
| Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action | |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | 取得 App Service 方案的屬性Get the properties on an App Service Plan |
| Microsoft.Web/sites/*Microsoft.Web/sites/* | 建立和管理網站 (建立網站也需要相關聯應用程式服務方案的寫入權限)Create and manage websites (site creation also requires write permissions to the associated App Service Plan) |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage websites (not web plans), but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772",
"name": "de139f84-1756-47ae-9be6-808fbbe84772",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/certificates/*",
"Microsoft.Web/listSitesAssignedToHostName/read",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Website Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
容器Containers
AcrDeleteAcrDelete
acr 刪除acr delete
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/artifacts/deleteMicrosoft.ContainerRegistry/registries/artifacts/delete | 刪除容器登錄中的成品。Delete artifact in a container registry. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr delete",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"name": "c2f4ef07-c644-48eb-af81-4b1b4947fb11",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/artifacts/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrDelete",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrImageSignerAcrImageSigner
ACR 影像簽署者acr image signer
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/sign/writeMicrosoft.ContainerRegistry/registries/sign/write | 推送/提取容器登錄的內容信任中繼資料。Push/Pull content trust metadata for a container registry. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr image signer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f",
"name": "6cef56e8-d556-48e5-a04f-b8e64114680f",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/sign/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrImageSigner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPullAcrPull
acr 提取acr pull
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | 從容器登錄中提取或取得映像。Pull or Get images from a container registry. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr pull",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",
"name": "7f951dda-4ed3-4680-a7ca-43fe172d538d",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPull",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrPushAcrPush
acr 推送acr push
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/pull/readMicrosoft.ContainerRegistry/registries/pull/read | 從容器登錄中提取或取得映像。Pull or Get images from a container registry. |
| Microsoft.ContainerRegistry/registries/push/writeMicrosoft.ContainerRegistry/registries/push/write | 將映像推送或寫入至容器登錄。Push or Write images to a container registry. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr push",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec",
"name": "8311e382-0749-4cb8-b61a-304f252e45ec",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/pull/read",
"Microsoft.ContainerRegistry/registries/push/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrPush",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineReaderAcrQuarantineReader
ACR 隔離資料讀取者acr quarantine data reader
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04",
"name": "cdda3590-29a3-44f6-95f2-9f980659eb04",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineReader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AcrQuarantineWriterAcrQuarantineWriter
ACR 隔離資料寫入者acr quarantine data writer
| 動作Actions | |
| Microsoft.ContainerRegistry/registries/quarantine/readMicrosoft.ContainerRegistry/registries/quarantine/read | 從容器登錄中提取或取得隔離的映像Pull or Get quarantined images from container registry |
| Microsoft.ContainerRegistry/registries/quarantine/writeMicrosoft.ContainerRegistry/registries/quarantine/write | 寫入/修改已隔離映像的隔離狀態Write/Modify quarantine state of quarantined images |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "acr quarantine data writer",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"name": "c8d4ff99-41c3-41a8-9f60-21dfdad59608",
"permissions": [
{
"actions": [
"Microsoft.ContainerRegistry/registries/quarantine/read",
"Microsoft.ContainerRegistry/registries/quarantine/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "AcrQuarantineWriter",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service 叢集管理員角色Azure Kubernetes Service Cluster Admin Role
列出叢集管理員認證動作。List cluster admin credential action.
| 動作Actions | |
| Microsoft.ContainerService/managedClusters/listClusterAdminCredential/actionMicrosoft.ContainerService/managedClusters/listClusterAdminCredential/action | 列出受控叢集的 clusterAdmin 認證List the clusterAdmin credential of a managed cluster |
| Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/actionMicrosoft.ContainerService/managedClusters/accessProfiles/listCredential/action | 使用清單認證依角色名稱取得受控叢集存取設定檔Get a managed cluster access profile by role name using list credential |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "List cluster admin credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"name": "0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterAdminCredential/action",
"Microsoft.ContainerService/managedClusters/accessProfiles/listCredential/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster Admin Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Kubernetes Service 叢集使用者角色Azure Kubernetes Service Cluster User Role
列出叢集使用者認證動作。List cluster user credential action.
| 動作Actions | |
| Microsoft.ContainerService/managedClusters/listClusterUserCredential/actionMicrosoft.ContainerService/managedClusters/listClusterUserCredential/action | 列出受控叢集的 clusterUser 認證List the clusterUser credential of a managed cluster |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "List cluster user credential action.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"name": "4abbcc35-e782-43d8-92c5-2d3f1bd2253f",
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/listClusterUserCredential/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Kubernetes Service Cluster User Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料庫Databases
Cosmos DB 帳戶讀者角色Cosmos DB Account Reader Role
可以讀取 Azure Cosmos DB 帳戶資料。Can read Azure Cosmos DB account data. 請參閱 DocumentDB 帳戶參與者以管理 Azure Cosmos DB 帳戶。See DocumentDB Account Contributor for managing Azure Cosmos DB accounts.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.DocumentDB/*/readMicrosoft.DocumentDB/*/read | 讀取任何集合Read any collection |
| Microsoft.DocumentDB/databaseAccounts/readonlykeys/actionMicrosoft.DocumentDB/databaseAccounts/readonlykeys/action | 讀取資料庫帳戶的唯讀金鑰。Reads the database account readonly keys. |
| Microsoft.Insights/MetricDefinitions/readMicrosoft.Insights/MetricDefinitions/read | 讀取計量定義Read metric definitions |
| Microsoft.Insights/Metrics/readMicrosoft.Insights/Metrics/read | 讀取計量Read metrics |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can read Azure Cosmos DB Accounts data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"name": "fbdf93bf-df7d-467e-a4d2-9458aa1360c8",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDB/*/read",
"Microsoft.DocumentDB/databaseAccounts/readonlykeys/action",
"Microsoft.Insights/MetricDefinitions/read",
"Microsoft.Insights/Metrics/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Account Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Cosmos DB 操作員Cosmos DB Operator
可讓您管理 Azure Cosmos DB 帳戶,但無法存取其中的資料。Lets you manage Azure Cosmos DB accounts, but not access data in them. 防止存取帳戶金鑰和連接字串。Prevents access to account keys and connection strings.
| 動作Actions | |
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable. |
| NotActionsNotActions | |
| Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*Microsoft.DocumentDB/databaseAccounts/readonlyKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/regenerateKey/*Microsoft.DocumentDB/databaseAccounts/regenerateKey/* | |
| Microsoft.DocumentDB/databaseAccounts/listKeys/*Microsoft.DocumentDB/databaseAccounts/listKeys/* | |
| Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/* | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Cosmos DB accounts, but not access data in them. Prevents access to account keys and connection strings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa",
"name": "230815da-be43-4aae-9cb4-875f7bd000aa",
"permissions": [
{
"actions": [
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [
"Microsoft.DocumentDB/databaseAccounts/readonlyKeys/*",
"Microsoft.DocumentDB/databaseAccounts/regenerateKey/*",
"Microsoft.DocumentDB/databaseAccounts/listKeys/*",
"Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cosmos DB Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
CosmosBackupOperatorCosmosBackupOperator
可為帳戶的 Cosmos DB 資料庫或容器提交還原要求Can submit restore request for a Cosmos DB database or a container for an account
| 動作Actions | |
| Microsoft.DocumentDB/databaseAccounts/backup/actionMicrosoft.DocumentDB/databaseAccounts/backup/action | 提交要求以設定備份Submit a request to configure backup |
| Microsoft.DocumentDB/databaseAccounts/restore/actionMicrosoft.DocumentDB/databaseAccounts/restore/action | 提交還原要求Submit a restore request |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can submit restore request for a Cosmos DB database or a container for an account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"name": "db7b14f2-5adf-42da-9f96-f2ee17bab5cb",
"permissions": [
{
"actions": [
"Microsoft.DocumentDB/databaseAccounts/backup/action",
"Microsoft.DocumentDB/databaseAccounts/restore/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "CosmosBackupOperator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DocumentDB 帳戶參與者DocumentDB Account Contributor
可以管理 Azure Cosmos DB 帳戶。Can manage Azure Cosmos DB accounts. Azure Cosmos DB 先前稱為 DocumentDB。Azure Cosmos DB is formerly known as DocumentDB.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.DocumentDb/databaseAccounts/*Microsoft.DocumentDb/databaseAccounts/* | 建立及管理 Azure Cosmos DB 帳戶Create and manage Azure Cosmos DB accounts |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage DocumentDB accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450",
"name": "5bd9cd88-fe45-4216-938b-f97437e15450",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DocumentDb/databaseAccounts/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DocumentDB Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Redis 快取參與者Redis Cache Contributor
可讓您管理 Redis 快取,但無法存取它們。Lets you manage Redis caches, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Cache/redis/*Microsoft.Cache/redis/* | 建立和管理 Redis 快取Create and manage Redis caches |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Redis caches, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17",
"name": "e0f68234-74aa-48ed-b826-c38b57376e17",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Cache/redis/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Redis Cache Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL DB 參與者SQL DB Contributor
可讓您管理 SQL 資料庫,但無法存取它們。Lets you manage SQL databases, but not access to them. 此外,您也無法管理其安全性相關原則或其父 SQL 伺服器。Also, you can't manage their security-related policies or their parent SQL servers.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/databases/*Microsoft.Sql/servers/databases/* | 建立和管理 SQL 資料庫Create and manage SQL databases |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 讀取計量Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 讀取計量定義Read metric definitions |
| NotActionsNotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 編輯稽核原則Edit audit policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 編輯稽核設定Edit audit settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 編輯連接原則Edit connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 編輯資料遮罩原則Edit data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 編輯安全性警示原則Edit security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 編輯安全性計量Edit security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL databases, but not access to them. Also, you can't manage their security-related policies or their parent SQL servers.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"name": "9b7fa17d-e63e-47b0-bb0a-15c516ac86ec",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/databases/*",
"Microsoft.Sql/servers/read",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL DB Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL 受控執行個體參與者SQL Managed Instance Contributor
可讓您管理 SQL 受控執行個體和必要的網路設定,但無法將存取權授與其他人。Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.
| 動作Actions | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Network/networkSecurityGroups/*Microsoft.Network/networkSecurityGroups/* | |
| Microsoft.Network/routeTables/*Microsoft.Network/routeTables/* | |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/managedInstances/*Microsoft.Sql/managedInstances/* | |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Network/virtualNetworks/subnets/*Microsoft.Network/virtualNetworks/subnets/* | |
| Microsoft.Network/virtualNetworks/*Microsoft.Network/virtualNetworks/* | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 讀取計量Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 讀取計量定義Read metric definitions |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL Managed Instances and required network configuration, but can't give access to others.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"name": "4939a1f6-9ae0-4e48-a1e0-f2cbe897382d",
"permissions": [
{
"actions": [
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Network/networkSecurityGroups/*",
"Microsoft.Network/routeTables/*",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/managedInstances/*",
"Microsoft.Support/*",
"Microsoft.Network/virtualNetworks/subnets/*",
"Microsoft.Network/virtualNetworks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Managed Instance Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL 安全性管理員SQL Security Manager
可讓您管理 SQL 伺服器及資料庫的安全性相關原則,但無法存取它們。Lets you manage the security-related policies of SQL servers and databases, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/actionMicrosoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action | 將資源 (例如,儲存體帳戶或 SQL Database) 加入至子網路。Joins resource such as storage account or SQL database to a subnet. 不可警示。Not alertable. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*Microsoft.Sql/managedInstances/databases/transparentDataEncryption/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | 建立和管理 SQL Server 稽核原則Create and manage SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | 建立和管理 SQL Server 稽核設定Create and manage SQL server auditing setting |
| Microsoft.Sql/servers/extendedAuditingSettings/readMicrosoft.Sql/servers/extendedAuditingSettings/read | 擷取指定伺服器上所設定之擴充伺服器 Blob 稽核原則的詳細資料Retrieve details of the extended server blob auditing policy configured on a given server |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 建立和管理 SQL Server 資料庫稽核原則Create and manage SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 建立和管理 SQL Server 資料庫稽核設定Create and manage SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 建立和管理 SQL Server 資料庫連接原則Create and manage SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 建立和管理 SQL Server 資料庫資料遮罩原則Create and manage SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/readMicrosoft.Sql/servers/databases/extendedAuditingSettings/read | 擷取指定資料庫上所設定之擴充 Blob 稽核原則的詳細資料Retrieve details of the extended blob auditing policy configured on a given database |
| Microsoft.Sql/servers/databases/readMicrosoft.Sql/servers/databases/read | 傳回資料庫清單,或取得指定資料庫的屬性。Return the list of databases or gets the properties for the specified database. |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/readMicrosoft.Sql/servers/databases/schemas/read | 取得資料庫結構描述。Get a database schema. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/readMicrosoft.Sql/servers/databases/schemas/tables/columns/read | 取得資料庫資料行。Get a database column. |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/readMicrosoft.Sql/servers/databases/schemas/tables/read | 取得資料庫資料表。Get a database table. |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 建立和管理 SQL Server 資料庫安全性警示原則Create and manage SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 建立和管理 SQL Server 資料庫安全性度量Create and manage SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/transparentDataEncryption/*Microsoft.Sql/servers/databases/transparentDataEncryption/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/firewallRules/*Microsoft.Sql/servers/firewallRules/* | |
| Microsoft.Sql/servers/readMicrosoft.Sql/servers/read | 傳回伺服器清單,或取得指定伺服器的屬性。Return the list of servers or gets the properties for the specified server. |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | 建立和管理 SQL Server 安全性警示原則Create and manage SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage the security-related policies of SQL servers and databases, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"name": "056cd41c-7e88-42e1-933e-88ba6a50c9c3",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/subnets/joinViaServiceEndpoint/action",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/transparentDataEncryption/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/read",
"Microsoft.Sql/servers/databases/read",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/read",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/read",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/transparentDataEncryption/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/firewallRules/*",
"Microsoft.Sql/servers/read",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Security Manager",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
SQL Server 參與者SQL Server Contributor
可讓您管理 SQL 伺服器及資料庫,但無法存取這些伺服器及資料庫,也無法存取其安全性相關原則。Lets you manage SQL servers and databases, but not access to them, and not their security-related policies.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Sql/locations/*/readMicrosoft.Sql/locations/*/read | |
| Microsoft.Sql/servers/*Microsoft.Sql/servers/* | 建立和管理 SQL ServerCreate and manage SQL servers |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 讀取計量Read metrics |
| Microsoft.Insights/metricDefinitions/readMicrosoft.Insights/metricDefinitions/read | 讀取計量定義Read metric definitions |
| NotActionsNotActions | |
| Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*Microsoft.Sql/managedInstances/databases/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/databases/sensitivityLabels/*Microsoft.Sql/managedInstances/databases/sensitivityLabels/* | |
| Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/managedInstances/securityAlertPolicies/*Microsoft.Sql/managedInstances/securityAlertPolicies/* | |
| Microsoft.Sql/managedInstances/vulnerabilityAssessments/*Microsoft.Sql/managedInstances/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/auditingPolicies/*Microsoft.Sql/servers/auditingPolicies/* | 編輯 SQL Server 稽核原則Edit SQL server auditing policies |
| Microsoft.Sql/servers/auditingSettings/*Microsoft.Sql/servers/auditingSettings/* | 編輯 SQL Server 稽核設定Edit SQL server auditing settings |
| Microsoft.Sql/servers/databases/auditingPolicies/*Microsoft.Sql/servers/databases/auditingPolicies/* | 編輯 SQL Server 資料庫稽核原則Edit SQL server database auditing policies |
| Microsoft.Sql/servers/databases/auditingSettings/*Microsoft.Sql/servers/databases/auditingSettings/* | 編輯 SQL Server 資料庫稽核設定Edit SQL server database auditing settings |
| Microsoft.Sql/servers/databases/auditRecords/readMicrosoft.Sql/servers/databases/auditRecords/read | 擷取資料庫 Blob 稽核記錄Retrieve the database blob audit records |
| Microsoft.Sql/servers/databases/connectionPolicies/*Microsoft.Sql/servers/databases/connectionPolicies/* | 編輯 SQL Server 資料庫連接原則Edit SQL server database connection policies |
| Microsoft.Sql/servers/databases/currentSensitivityLabels/*Microsoft.Sql/servers/databases/currentSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/dataMaskingPolicies/*Microsoft.Sql/servers/databases/dataMaskingPolicies/* | 編輯 SQL Server 資料庫資料遮罩原則Edit SQL server database data masking policies |
| Microsoft.Sql/servers/databases/extendedAuditingSettings/*Microsoft.Sql/servers/databases/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*Microsoft.Sql/servers/databases/recommendedSensitivityLabels/* | |
| Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/securityAlertPolicies/*Microsoft.Sql/servers/databases/securityAlertPolicies/* | 編輯 SQL Server 資料庫安全性警示原則Edit SQL server database security alert policies |
| Microsoft.Sql/servers/databases/securityMetrics/*Microsoft.Sql/servers/databases/securityMetrics/* | 編輯 SQL Server 資料庫安全性度量Edit SQL server database security metrics |
| Microsoft.Sql/servers/databases/sensitivityLabels/*Microsoft.Sql/servers/databases/sensitivityLabels/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessments/*Microsoft.Sql/servers/databases/vulnerabilityAssessments/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/* | |
| Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/* | |
| Microsoft.Sql/servers/extendedAuditingSettings/*Microsoft.Sql/servers/extendedAuditingSettings/* | |
| Microsoft.Sql/servers/securityAlertPolicies/*Microsoft.Sql/servers/securityAlertPolicies/* | 編輯 SQL Server 安全性警示原則Edit SQL server security alert policies |
| Microsoft.Sql/servers/vulnerabilityAssessments/*Microsoft.Sql/servers/vulnerabilityAssessments/* | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage SQL servers and databases, but not access to them, and not their security -related policies.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"name": "6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Sql/locations/*/read",
"Microsoft.Sql/servers/*",
"Microsoft.Support/*",
"Microsoft.Insights/metrics/read",
"Microsoft.Insights/metricDefinitions/read"
],
"notActions": [
"Microsoft.Sql/managedInstances/databases/currentSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/databases/sensitivityLabels/*",
"Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/managedInstances/securityAlertPolicies/*",
"Microsoft.Sql/managedInstances/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/auditingPolicies/*",
"Microsoft.Sql/servers/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditingPolicies/*",
"Microsoft.Sql/servers/databases/auditingSettings/*",
"Microsoft.Sql/servers/databases/auditRecords/read",
"Microsoft.Sql/servers/databases/connectionPolicies/*",
"Microsoft.Sql/servers/databases/currentSensitivityLabels/*",
"Microsoft.Sql/servers/databases/dataMaskingPolicies/*",
"Microsoft.Sql/servers/databases/extendedAuditingSettings/*",
"Microsoft.Sql/servers/databases/recommendedSensitivityLabels/*",
"Microsoft.Sql/servers/databases/schemas/tables/columns/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/securityAlertPolicies/*",
"Microsoft.Sql/servers/databases/securityMetrics/*",
"Microsoft.Sql/servers/databases/sensitivityLabels/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessments/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentScans/*",
"Microsoft.Sql/servers/databases/vulnerabilityAssessmentSettings/*",
"Microsoft.Sql/servers/extendedAuditingSettings/*",
"Microsoft.Sql/servers/securityAlertPolicies/*",
"Microsoft.Sql/servers/vulnerabilityAssessments/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "SQL Server Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
分析Analytics
Azure 事件中樞資料擁有者Azure Event Hubs Data Owner
允許完整存取 Azure 事件中樞資源。Allows for full access to Azure Event Hubs resources.
| 動作Actions | |
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*Microsoft.EventHub/* | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec",
"name": "f526a384-b230-433a-b45c-95f59c4a2dec",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中樞資料接收者Azure Event Hubs Data Receiver
允許接收 Azure 事件中樞資源。Allows receive access to Azure Event Hubs resources.
| 動作Actions | |
| Microsoft.EventHub/*/eventhubs/consumergroups/readMicrosoft.EventHub/*/eventhubs/consumergroups/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/receive/actionMicrosoft.EventHub/*/receive/action | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows receive access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"name": "a638d3c7-ab3a-418d-83e6-5f17a39d4fde",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/consumergroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 事件中樞資料傳送者Azure Event Hubs Data Sender
允許傳送 Azure 事件中樞資源。Allows send access to Azure Event Hubs resources.
| 動作Actions | |
| Microsoft.EventHub/*/eventhubs/readMicrosoft.EventHub/*/eventhubs/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.EventHub/*/send/actionMicrosoft.EventHub/*/send/action | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows send access to Azure Event Hubs resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975",
"name": "2b629674-e913-4c01-ae53-ef4638d8f975",
"permissions": [
{
"actions": [
"Microsoft.EventHub/*/eventhubs/read"
],
"notActions": [],
"dataActions": [
"Microsoft.EventHub/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Event Hubs Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Data Factory 參與者Data Factory Contributor
建立和管理 Data Factory,以及其中的子資源。Create and manage data factories, as well as child resources within them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.DataFactory/dataFactories/*Microsoft.DataFactory/dataFactories/* | 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them. |
| Microsoft.DataFactory/factories/*Microsoft.DataFactory/factories/* | 建立和管理 Data Factory 以及其中的子資源。Create and manage data factories, and child resources within them. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.EventGrid/eventSubscriptions/writeMicrosoft.EventGrid/eventSubscriptions/write | 建立或更新 eventSubscriptionCreate or update an eventSubscription |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Create and manage data factories, as well as child resources within them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5",
"name": "673868aa-7521-48a0-acc6-0f60742d39f5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.DataFactory/dataFactories/*",
"Microsoft.DataFactory/factories/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.EventGrid/eventSubscriptions/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Factory Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資料清除者Data Purger
可清除分析資料Can purge analytics data
| 動作Actions | |
| Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
| Microsoft.Insights/components/purge/actionMicrosoft.Insights/components/purge/action | 從 Application Insights 清除資料Purging data from Application Insights |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.OperationalInsights/workspaces/purge/actionMicrosoft.OperationalInsights/workspaces/purge/action | 從工作區刪除指定的資料Delete specified data from workspace |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can purge analytics data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"name": "150f5e0c-0603-4f03-8c7f-cf70034c4e90",
"permissions": [
{
"actions": [
"Microsoft.Insights/components/*/read",
"Microsoft.Insights/components/purge/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/purge/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Data Purger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 叢集操作員HDInsight Cluster Operator
可讓您讀取和修改 HDInsight 叢集設定。Lets you read and modify HDInsight cluster configurations.
| 動作Actions | |
| Microsoft.HDInsight/*/readMicrosoft.HDInsight/*/read | |
| Microsoft.HDInsight/clusters/getGatewaySettings/actionMicrosoft.HDInsight/clusters/getGatewaySettings/action | 取得 HDInsight 叢集的閘道設定Get gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/updateGatewaySettings/actionMicrosoft.HDInsight/clusters/updateGatewaySettings/action | 更新 HDInsight 叢集的閘道設定Update gateway settings for HDInsight Cluster |
| Microsoft.HDInsight/clusters/configurations/*Microsoft.HDInsight/clusters/configurations/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 取得或列出部署作業。Gets or lists deployment operations. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and modify HDInsight cluster configurations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a",
"name": "61ed4efc-fab3-44fd-b111-e24485cc132a",
"permissions": [
{
"actions": [
"Microsoft.HDInsight/*/read",
"Microsoft.HDInsight/clusters/getGatewaySettings/action",
"Microsoft.HDInsight/clusters/updateGatewaySettings/action",
"Microsoft.HDInsight/clusters/configurations/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Authorization/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Cluster Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
HDInsight 網域服務參與者HDInsight Domain Services Contributor
可讀取、建立、修改和刪除 HDInsight 企業安全性套件所需的網域服務相關作業Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package
| 動作Actions | |
| Microsoft.AAD/*/readMicrosoft.AAD/*/read | |
| Microsoft.AAD/domainServices/*/readMicrosoft.AAD/domainServices/*/read | |
| Microsoft.AAD/domainServices/oucontainer/*Microsoft.AAD/domainServices/oucontainer/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can Read, Create, Modify and Delete Domain Services related operations needed for HDInsight Enterprise Security Package",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c",
"name": "8d8d5a11-05d3-4bda-a417-a08778121c7c",
"permissions": [
{
"actions": [
"Microsoft.AAD/*/read",
"Microsoft.AAD/domainServices/*/read",
"Microsoft.AAD/domainServices/oucontainer/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "HDInsight Domain Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 參與者Log Analytics Contributor
「Log Analytics 參與者」角色可以讀取所有監視資料和編輯監視設定。Log Analytics Contributor can read all monitoring data and edit monitoring settings. 編輯監視設定包括將 VM 延伸模組新增至 VM、讀取儲存體帳戶金鑰以便能夠設定從「Azure 儲存體」收集記錄、建立及設定「自動化」帳戶、新增解決方案,以及設定所有 Azure 資源上的 Azure 診斷。Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Automation/automationAccounts/*Microsoft.Automation/automationAccounts/* | |
| Microsoft.ClassicCompute/virtualMachines/extensions/*Microsoft.ClassicCompute/virtualMachines/extensions/* | |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts. |
| Microsoft.Compute/virtualMachines/extensions/*Microsoft.Compute/virtualMachines/extensions/* | |
| Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充Installs or Updates an Azure Arc extensions |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.OperationalInsights/*Microsoft.OperationalInsights/* | |
| Microsoft.OperationsManagement/*Microsoft.OperationsManagement/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Contributor can read all monitoring data and edit monitoring settings. Editing monitoring settings includes adding the VM extension to VMs; reading storage account keys to be able to configure collection of logs from Azure Storage; creating and configuring Automation accounts; adding solutions; and configuring Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"name": "92aaf0da-9dab-42b6-94a3-d43ce8d16293",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Automation/automationAccounts/*",
"Microsoft.ClassicCompute/virtualMachines/extensions/*",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.Compute/virtualMachines/extensions/*",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.OperationalInsights/*",
"Microsoft.OperationsManagement/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Storage/storageAccounts/listKeys/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Log Analytics 讀者Log Analytics Reader
「Log Analytics 讀者」可以檢視和搜尋所有監視資料,以及檢視監視設定,包括檢視所有 Azure 資源上的 Azure 診斷設定。Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新的引擎進行搜尋。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢Executes a search query |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.OperationalInsights/workspaces/sharedKeys/readMicrosoft.OperationalInsights/workspaces/sharedKeys/read | 擷取工作區的共用金鑰。Retrieves the shared keys for the workspace. 這些金鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Log Analytics Reader can view and search all monitoring data as well as and view monitoring settings, including viewing the configuration of Azure diagnostics on all Azure resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893",
"name": "73c42c96-874c-492b-b04d-ab87d138a893",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.OperationalInsights/workspaces/sharedKeys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Log Analytics Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
區塊鏈Blockchain
區塊鏈成員節點存取 (預覽)Blockchain Member Node Access (Preview)
允許存取區塊鏈成員節點Allows for access to Blockchain Member nodes
| 動作Actions | |
| Microsoft.Blockchain/blockchainMembers/transactionNodes/readMicrosoft.Blockchain/blockchainMembers/transactionNodes/read | 取得或列出現有的區塊鏈成員交易節點。Gets or Lists existing Blockchain Member Transaction Node(s). |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/actionMicrosoft.Blockchain/blockchainMembers/transactionNodes/connect/action | 連線至區塊鏈成員交易節點。Connects to a Blockchain Member Transaction Node. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for access to Blockchain Member nodes",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"name": "31a002a1-acaf-453e-8a5b-297c9ca1ea24",
"permissions": [
{
"actions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Blockchain/blockchainMembers/transactionNodes/connect/action"
],
"notDataActions": []
}
],
"roleName": "Blockchain Member Node Access (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
AI + 機器學習AI + machine learning
認知服務參與者Cognitive Services Contributor
可讓您建立、讀取、更新、刪除及管理認知服務的金鑰。Lets you create, read, update, delete and manage keys of Cognitive Services.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| Microsoft.Features/features/readMicrosoft.Features/features/read | 取得訂用帳戶的功能。Gets the features of a subscription. |
| Microsoft.Features/providers/features/readMicrosoft.Features/providers/features/read | 取得給定資源提供者中某個訂用帳戶的功能。Gets the feature of a subscription in a given resource provider. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | 讀取記錄定義Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | 讀取計量定義Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 讀取計量Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 取得或列出部署作業。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 取得訂用帳戶清單。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourcegroups/deployments/*Microsoft.Resources/subscriptions/resourcegroups/deployments/* | |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, read, update, delete and manage keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"name": "25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.CognitiveServices/*",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourcegroups/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cognitive Services Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務資料讀者 (預覽)Cognitive Services Data Reader (Preview)
可讓您讀取認知服務資料。Lets you read Cognitive Services data.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read Cognitive Services data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c",
"name": "b59867f0-fa02-499b-be73-45a86b5b3e1c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*/read"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services Data Reader (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
認知服務使用者Cognitive Services User
可讓您讀取和列出認知服務的金鑰。Lets you read and list keys of Cognitive Services.
| 動作Actions | |
| Microsoft.CognitiveServices/*/readMicrosoft.CognitiveServices/*/read | |
| Microsoft.CognitiveServices/accounts/listkeys/actionMicrosoft.CognitiveServices/accounts/listkeys/action | 列出金鑰List Keys |
| Microsoft.Insights/alertRules/readMicrosoft.Insights/alertRules/read | 讀取傳統計量警示Read a classic metric alert |
| Microsoft.Insights/diagnosticSettings/readMicrosoft.Insights/diagnosticSettings/read | 讀取資源診斷設定Read a resource diagnostic setting |
| Microsoft.Insights/logDefinitions/readMicrosoft.Insights/logDefinitions/read | 讀取記錄定義Read log definitions |
| Microsoft.Insights/metricdefinitions/readMicrosoft.Insights/metricdefinitions/read | 讀取計量定義Read metric definitions |
| Microsoft.Insights/metrics/readMicrosoft.Insights/metrics/read | 讀取計量Read metrics |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 取得或列出部署作業。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 取得訂用帳戶清單。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.CognitiveServices/*Microsoft.CognitiveServices/* | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and list keys of Cognitive Services.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908",
"name": "a97b65f3-24c7-4388-baec-2e87135dc908",
"permissions": [
{
"actions": [
"Microsoft.CognitiveServices/*/read",
"Microsoft.CognitiveServices/accounts/listkeys/action",
"Microsoft.Insights/alertRules/read",
"Microsoft.Insights/diagnosticSettings/read",
"Microsoft.Insights/logDefinitions/read",
"Microsoft.Insights/metricdefinitions/read",
"Microsoft.Insights/metrics/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [
"Microsoft.CognitiveServices/*"
],
"notDataActions": []
}
],
"roleName": "Cognitive Services User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
混合實境Mixed reality
空間錨點帳戶參與者Spatial Anchors Account Contributor
可讓您管理帳戶中的空間錨點,但無法刪除Lets you manage spatial anchors in your account, but not delete them
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 建立空間錨點Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 探索附近的空間錨點Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 取得空間錨點的屬性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找出空間錨點Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 更新空間錨點屬性Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, but not delete them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"name": "8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
空間錨點帳戶擁有者Spatial Anchors Account Owner
可讓您管理帳戶中的空間錨點,包含刪除Lets you manage spatial anchors in your account, including deleting them
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/create/actionMicrosoft.MixedReality/SpatialAnchorsAccounts/create/action | 建立空間錨點Create spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/deleteMicrosoft.MixedReality/SpatialAnchorsAccounts/delete | 刪除空間錨點Delete spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 探索附近的空間錨點Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 取得空間錨點的屬性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找出空間錨點Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| Microsoft.MixedReality/SpatialAnchorsAccounts/writeMicrosoft.MixedReality/SpatialAnchorsAccounts/write | 更新空間錨點屬性Update spatial anchors properties |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage spatial anchors in your account, including deleting them",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c",
"name": "70bbe301-9835-447d-afdd-19eb3167307c",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/create/action",
"Microsoft.MixedReality/SpatialAnchorsAccounts/delete",
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/write"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
空間錨點帳戶讀者Spatial Anchors Account Reader
可讓您尋找和讀取帳戶中空間錨點的屬性Lets you locate and read properties of spatial anchors in your account
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/readMicrosoft.MixedReality/SpatialAnchorsAccounts/discovery/read | 探索附近的空間錨點Discover nearby spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/properties/readMicrosoft.MixedReality/SpatialAnchorsAccounts/properties/read | 取得空間錨點的屬性Get properties of spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/query/readMicrosoft.MixedReality/SpatialAnchorsAccounts/query/read | 找出空間錨點Locate spatial anchors |
| Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/readMicrosoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read | 提交診斷資料,以協助改善 Azure 空間錨點服務的品質Submit diagnostics data to help improve the quality of the Azure Spatial Anchors service |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you locate and read properties of spatial anchors in your account",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413",
"name": "5d51204f-eb77-4b1c-b86a-2ec626c49413",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.MixedReality/SpatialAnchorsAccounts/discovery/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/properties/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/query/read",
"Microsoft.MixedReality/SpatialAnchorsAccounts/submitdiag/read"
],
"notDataActions": []
}
],
"roleName": "Spatial Anchors Account Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
整合Integration
API 管理服務參與者API Management Service Contributor
可管理服務與 APICan manage service and the APIs
| 動作Actions | |
| Microsoft.ApiManagement/service/*Microsoft.ApiManagement/service/* | 建立和管理 API 管理服務Create and manage API Management service |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service and the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c",
"name": "312a565d-c81f-4fd8-895a-4e21e48d571c",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服務操作員角色API Management Service Operator Role
可管理服務,但無法管理 APICan manage service but not the APIs
| 動作Actions | |
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | 讀取 API 管理服務執行個體Read API Management Service instances |
| Microsoft.ApiManagement/service/backup/actionMicrosoft.ApiManagement/service/backup/action | 將 API 管理服務備份到使用者所提供之儲存體帳戶中的指定容器Backup API Management Service to the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/deleteMicrosoft.ApiManagement/service/delete | 刪除 API 管理服務執行個體Delete API Management Service instance |
| Microsoft.ApiManagement/service/managedeployments/actionMicrosoft.ApiManagement/service/managedeployments/action | 變更 SKU/單位、新增/移除 API 管理服務的區域部署Change SKU/units, add/remove regional deployments of API Management Service |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | 讀取 API 管理服務執行個體的中繼資料Read metadata for an API Management Service instance |
| Microsoft.ApiManagement/service/restore/actionMicrosoft.ApiManagement/service/restore/action | 從使用者所提供之儲存體帳戶中的指定容器來還原 API 管理服務Restore API Management Service from the specified container in a user provided storage account |
| Microsoft.ApiManagement/service/updatecertificate/actionMicrosoft.ApiManagement/service/updatecertificate/action | 上傳 API 管理服務的 TLS/SSL 憑證Upload TLS/SSL certificate for an API Management Service |
| Microsoft.ApiManagement/service/updatehostname/actionMicrosoft.ApiManagement/service/updatehostname/action | 設定、更新或移除 API 管理服務的自訂網域名稱Setup, update or remove custom domain names for an API Management Service |
| Microsoft.ApiManagement/service/writeMicrosoft.ApiManagement/service/write | 建立或更新 API 管理服務執行個體Create or Update API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰Get keys associated with user |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage service but not the APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"name": "e022efe7-f5ba-4159-bbe4-b44f577e9b61",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/backup/action",
"Microsoft.ApiManagement/service/delete",
"Microsoft.ApiManagement/service/managedeployments/action",
"Microsoft.ApiManagement/service/read",
"Microsoft.ApiManagement/service/restore/action",
"Microsoft.ApiManagement/service/updatecertificate/action",
"Microsoft.ApiManagement/service/updatehostname/action",
"Microsoft.ApiManagement/service/write",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
API 管理服務讀取者角色API Management Service Reader Role
具有服務與 API 的唯讀存取權Read-only access to service and APIs
| 動作Actions | |
| Microsoft.ApiManagement/service/*/readMicrosoft.ApiManagement/service/*/read | 讀取 API 管理服務執行個體Read API Management Service instances |
| Microsoft.ApiManagement/service/readMicrosoft.ApiManagement/service/read | 讀取 API 管理服務執行個體的中繼資料Read metadata for an API Management Service instance |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.ApiManagement/service/users/keys/readMicrosoft.ApiManagement/service/users/keys/read | 取得與使用者相關聯的金鑰Get keys associated with user |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Read-only access to service and APIs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d",
"name": "71522526-b88f-4d52-b57f-d31fc3546d0d",
"permissions": [
{
"actions": [
"Microsoft.ApiManagement/service/*/read",
"Microsoft.ApiManagement/service/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.ApiManagement/service/users/keys/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "API Management Service Reader Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
應用程式組態資料擁有者App Configuration Data Owner
允許完整存取應用程式組態資料。Allows full access to App Configuration data.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| Microsoft.AppConfiguration/configurationStores/*/writeMicrosoft.AppConfiguration/configurationStores/*/write | |
| Microsoft.AppConfiguration/configurationStores/*/deleteMicrosoft.AppConfiguration/configurationStores/*/delete | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows full access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"name": "5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read",
"Microsoft.AppConfiguration/configurationStores/*/write",
"Microsoft.AppConfiguration/configurationStores/*/delete"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
應用程式組態資料讀者App Configuration Data Reader
允許讀取應用程式組態資料。Allows read access to App Configuration data.
| 動作Actions | |
| 無none | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.AppConfiguration/configurationStores/*/readMicrosoft.AppConfiguration/configurationStores/*/read | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to App Configuration data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071",
"name": "516239f1-63e1-4d78-a4de-a74fb236a071",
"permissions": [
{
"actions": [],
"notActions": [],
"dataActions": [
"Microsoft.AppConfiguration/configurationStores/*/read"
],
"notDataActions": []
}
],
"roleName": "App Configuration Data Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排資料擁有者Azure Service Bus Data Owner
允許完整存取 Azure 服務匯流排資源。Allows for full access to Azure Service Bus resources.
| 動作Actions | |
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*Microsoft.ServiceBus/* | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for full access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419",
"name": "090c5cfd-751d-490a-894a-3ce6f1109419",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排資料接收者Azure Service Bus Data Receiver
允許接收 Azure 服務匯流排資源。Allows for receive access to Azure Service Bus resources.
| 動作Actions | |
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/receive/actionMicrosoft.ServiceBus/*/receive/action | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for receive access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"name": "4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/receive/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Receiver",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure 服務匯流排資料傳送者Azure Service Bus Data Sender
允許傳送 Azure 服務匯流排資源。Allows for send access to Azure Service Bus resources.
| 動作Actions | |
| Microsoft.ServiceBus/*/queues/readMicrosoft.ServiceBus/*/queues/read | |
| Microsoft.ServiceBus/*/topics/readMicrosoft.ServiceBus/*/topics/read | |
| Microsoft.ServiceBus/*/topics/subscriptions/readMicrosoft.ServiceBus/*/topics/subscriptions/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.ServiceBus/*/send/actionMicrosoft.ServiceBus/*/send/action | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for send access to Azure Service Bus resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"name": "69a216fc-b8fb-44d8-bc22-1f3c2cd27a39",
"permissions": [
{
"actions": [
"Microsoft.ServiceBus/*/queues/read",
"Microsoft.ServiceBus/*/topics/read",
"Microsoft.ServiceBus/*/topics/subscriptions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.ServiceBus/*/send/action"
],
"notDataActions": []
}
],
"roleName": "Azure Service Bus Data Sender",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Stack 註冊擁有者Azure Stack Registration Owner
可讓您管理 Azure Stack 註冊。Lets you manage Azure Stack registrations.
| 動作Actions | |
| Microsoft.AzureStack/registrations/products/*/actionMicrosoft.AzureStack/registrations/products/*/action | |
| Microsoft.AzureStack/registrations/products/readMicrosoft.AzureStack/registrations/products/read | 取得 Azure Stack Marketplace 產品的屬性Gets the properties of an Azure Stack Marketplace product |
| Microsoft.AzureStack/registrations/readMicrosoft.AzureStack/registrations/read | 取得 Azure Stack 註冊的屬性Gets the properties of an Azure Stack registration |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Azure Stack registrations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"name": "6f12a6df-dd06-4f3e-bcb1-ce8be600526a",
"permissions": [
{
"actions": [
"Microsoft.AzureStack/registrations/products/*/action",
"Microsoft.AzureStack/registrations/products/read",
"Microsoft.AzureStack/registrations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Stack Registration Owner",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 參與者EventGrid EventSubscription Contributor
可讓您管理 EventGrid 事件訂用帳戶作業。Lets you manage EventGrid event subscription operations.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/*Microsoft.EventGrid/eventSubscriptions/* | |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂用帳戶List global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶List regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依主題類型列出區域事件訂用帳戶List regional event subscriptions by topictype |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage EventGrid event subscription operations.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"name": "428e0ff0-5e57-4d9c-a221-2c70d0e0a443",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/*",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
EventGrid EventSubscription 讀者EventGrid EventSubscription Reader
可讓您讀取 EventGrid 事件訂用帳戶。Lets you read EventGrid event subscriptions.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.EventGrid/eventSubscriptions/readMicrosoft.EventGrid/eventSubscriptions/read | 讀取 eventSubscriptionRead an eventSubscription |
| Microsoft.EventGrid/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/topicTypes/eventSubscriptions/read | 依主題類型列出全域事件訂用帳戶List global event subscriptions by topic type |
| Microsoft.EventGrid/locations/eventSubscriptions/readMicrosoft.EventGrid/locations/eventSubscriptions/read | 列出區域事件訂用帳戶List regional event subscriptions |
| Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/readMicrosoft.EventGrid/locations/topicTypes/eventSubscriptions/read | 依主題類型列出區域事件訂用帳戶List regional event subscriptions by topictype |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read EventGrid event subscriptions.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405",
"name": "2414bbcf-6497-4faf-8c65-045460748405",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.EventGrid/eventSubscriptions/read",
"Microsoft.EventGrid/topicTypes/eventSubscriptions/read",
"Microsoft.EventGrid/locations/eventSubscriptions/read",
"Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "EventGrid EventSubscription Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Intelligent Systems 帳戶參與者Intelligent Systems Account Contributor
可讓您管理「智慧型系統」帳戶,但無法存取它們。Lets you manage Intelligent Systems accounts, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.IntelligentSystems/accounts/*Microsoft.IntelligentSystems/accounts/* | 建立及管理 Intelligent Systems 帳戶Create and manage intelligent systems accounts |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Intelligent Systems accounts, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e",
"name": "03a6d094-3444-4b3d-88af-7477090a9e5e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.IntelligentSystems/accounts/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Intelligent Systems Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
邏輯應用程式參與者Logic App Contributor
可讓您管理邏輯應用程式,但無法變更對邏輯應用程式的存取。Lets you manage logic apps, but not change access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ClassicStorage/storageAccounts/listKeys/actionMicrosoft.ClassicStorage/storageAccounts/listKeys/action | 列出儲存體帳戶的存取金鑰。Lists the access keys for the storage accounts. |
| Microsoft.ClassicStorage/storageAccounts/readMicrosoft.ClassicStorage/storageAccounts/read | 傳回具有給定帳戶的儲存體帳戶。Return the storage account with the given account. |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* | |
| Microsoft.Insights/diagnosticSettings/*Microsoft.Insights/diagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/logdefinitions/*Microsoft.Insights/logdefinitions/* | 此為使用者需要透過入口網站存取活動記錄時所需的權限。This permission is necessary for users who need access to Activity Logs via the portal. 列出活動記錄檔中的記錄檔分類。List log categories in Activity Log. |
| Microsoft.Insights/metricDefinitions/*Microsoft.Insights/metricDefinitions/* | 讀取度量定義 (可用資源的度量類型清單)。Read metric definitions (list of available metric types for a resource). |
| Microsoft.Logic/*Microsoft.Logic/* | 管理 Logic Apps 資源。Manages Logic Apps resources. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/listkeys/actionMicrosoft.Storage/storageAccounts/listkeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Web/connectionGateways/*Microsoft.Web/connectionGateways/* | 建立及管理「連線閘道」。Create and manages a Connection Gateway. |
| Microsoft.Web/connections/*Microsoft.Web/connections/* | 建立及管理「連線」。Create and manages a Connection. |
| Microsoft.Web/customApis/*Microsoft.Web/customApis/* | 建立及管理「自訂 API」。Creates and manages a Custom API. |
| Microsoft.Web/serverFarms/join/actionMicrosoft.Web/serverFarms/join/action | |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | 取得 App Service 方案的屬性Get the properties on an App Service Plan |
| Microsoft.Web/sites/functions/listSecrets/actionMicrosoft.Web/sites/functions/listSecrets/action | 列出函式秘密。List Function secrets. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage logic app, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e",
"name": "87a39d53-fc1b-424a-814c-f7e04687dc9e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicStorage/storageAccounts/listKeys/action",
"Microsoft.ClassicStorage/storageAccounts/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/diagnosticSettings/*",
"Microsoft.Insights/logdefinitions/*",
"Microsoft.Insights/metricDefinitions/*",
"Microsoft.Logic/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listkeys/action",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*",
"Microsoft.Web/connections/*",
"Microsoft.Web/customApis/*",
"Microsoft.Web/serverFarms/join/action",
"Microsoft.Web/serverFarms/read",
"Microsoft.Web/sites/functions/listSecrets/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
邏輯應用程式操作員Logic App Operator
可讓您讀取、啟用及停用邏輯應用程式,但無法編輯或更新邏輯應用程式。Lets you read, enable, and disable logic apps, but not edit or update them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*/readMicrosoft.Insights/alertRules/*/read | 讀取 Insights 警示規則Read Insights alert rules |
| Microsoft.Insights/metricAlerts/*/readMicrosoft.Insights/metricAlerts/*/read | |
| Microsoft.Insights/diagnosticSettings/*/readMicrosoft.Insights/diagnosticSettings/*/read | 取得 Logic Apps 的診斷設定Gets diagnostic settings for Logic Apps |
| Microsoft.Insights/metricDefinitions/*/readMicrosoft.Insights/metricDefinitions/*/read | 取得 Logic Apps 的可用計量。Gets the available metrics for Logic Apps. |
| Microsoft.Logic/*/readMicrosoft.Logic/*/read | 讀取 Logic Apps 資源。Reads Logic Apps resources. |
| Microsoft.Logic/workflows/disable/actionMicrosoft.Logic/workflows/disable/action | 停用工作流程。Disables the workflow. |
| Microsoft.Logic/workflows/enable/actionMicrosoft.Logic/workflows/enable/action | 啟用工作流程。Enables the workflow. |
| Microsoft.Logic/workflows/validate/actionMicrosoft.Logic/workflows/validate/action | 驗證工作流程。Validates the workflow. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 取得或列出部署作業。Gets or lists deployment operations. |
| Microsoft.Resources/subscriptions/operationresults/readMicrosoft.Resources/subscriptions/operationresults/read | 取得訂用帳戶作業結果。Get the subscription operation results. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Web/connectionGateways/*/readMicrosoft.Web/connectionGateways/*/read | 讀取「連線閘道」。Read Connection Gateways. |
| Microsoft.Web/connections/*/readMicrosoft.Web/connections/*/read | 讀取「連線」。Read Connections. |
| Microsoft.Web/customApis/*/readMicrosoft.Web/customApis/*/read | 讀取「自訂 API」。Read Custom API. |
| Microsoft.Web/serverFarms/readMicrosoft.Web/serverFarms/read | 取得 App Service 方案的屬性Get the properties on an App Service Plan |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read, enable and disable logic app.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"name": "515c2055-d9d4-4321-b1b9-bd0c9a0f79fe",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*/read",
"Microsoft.Insights/metricAlerts/*/read",
"Microsoft.Insights/diagnosticSettings/*/read",
"Microsoft.Insights/metricDefinitions/*/read",
"Microsoft.Logic/*/read",
"Microsoft.Logic/workflows/disable/action",
"Microsoft.Logic/workflows/enable/action",
"Microsoft.Logic/workflows/validate/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/subscriptions/operationresults/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Web/connectionGateways/*/read",
"Microsoft.Web/connections/*/read",
"Microsoft.Web/customApis/*/read",
"Microsoft.Web/serverFarms/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Logic App Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
身分識別Identity
受控身分識別參與者Managed Identity Contributor
建立、讀取、更新及刪除使用者指派的身分識別Create, Read, Update, and Delete User Assigned Identity
| 動作Actions | |
| Microsoft.ManagedIdentity/userAssignedIdentities/readMicrosoft.ManagedIdentity/userAssignedIdentities/read | 取得現有已指派使用者的身分識別Gets an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/writeMicrosoft.ManagedIdentity/userAssignedIdentities/write | 建立新的已指派使用者的身分識別,或更新與現有已指派使用者之身分識別相關聯的標記Creates a new user assigned identity or updates the tags associated with an existing user assigned identity |
| Microsoft.ManagedIdentity/userAssignedIdentities/deleteMicrosoft.ManagedIdentity/userAssignedIdentities/delete | 刪除現有已指派使用者的身分識別Deletes an existing user assigned identity |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Create, Read, Update, and Delete User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"name": "e40ec5ca-96e0-45a2-b4ff-59039f2c2b59",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/write",
"Microsoft.ManagedIdentity/userAssignedIdentities/delete",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控身分識別操作員Managed Identity Operator
讀取及指派使用者指派的身分識別Read and Assign User Assigned Identity
| 動作Actions | |
| Microsoft.ManagedIdentity/userAssignedIdentities/*/readMicrosoft.ManagedIdentity/userAssignedIdentities/*/read | |
| Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/actionMicrosoft.ManagedIdentity/userAssignedIdentities/*/assign/action | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Read and Assign User Assigned Identity",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
"name": "f1a07417-d97a-45cb-824c-7a7467783830",
"permissions": [
{
"actions": [
"Microsoft.ManagedIdentity/userAssignedIdentities/*/read",
"Microsoft.ManagedIdentity/userAssignedIdentities/*/assign/action",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Identity Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性Security
Azure Sentinel 參與者Azure Sentinel Contributor
Azure Sentinel 參與者Azure Sentinel Contributor
| 動作Actions | |
| Microsoft.SecurityInsights/*Microsoft.SecurityInsights/* | |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新的引擎進行搜尋。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* | |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 取得現有的 OMS 解決方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 針對工作區中的資料執行查詢Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 取得工作區下的資料來源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/* | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Contributor",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade",
"name": "ab8e14d6-4a74-4a29-9ba8-549422addade",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/*",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Sentinel 讀者Azure Sentinel Reader
Azure Sentinel 讀者Azure Sentinel Reader
| 動作Actions | |
| Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read | |
| Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action | 檢查使用者授權和使用權Check user authorization and license |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新的引擎進行搜尋。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.OperationalInsights/workspaces/LinkedServices/readMicrosoft.OperationalInsights/workspaces/LinkedServices/read | 取得指定工作區下已連結的服務。Get linked services under given workspace. |
| Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read | 取得已儲存的搜尋查詢Gets a saved search query |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 取得現有的 OMS 解決方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 針對工作區中的資料執行查詢Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 取得工作區下的資料來源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 讀取活頁簿Read a workbook |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Reader",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"name": "8d289c81-5878-46d4-8554-54e1e3d8b5cb",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/LinkedServices/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Sentinel 回應者Azure Sentinel Responder
Azure Sentinel 回應者Azure Sentinel Responder
| 動作Actions | |
| Microsoft.SecurityInsights/*/readMicrosoft.SecurityInsights/*/read | |
| Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionMicrosoft.SecurityInsights/dataConnectorsCheckRequirements/action | 檢查使用者授權和使用權Check user authorization and license |
| Microsoft.SecurityInsights/cases/*Microsoft.SecurityInsights/cases/* | |
| Microsoft.SecurityInsights/incidents/*Microsoft.SecurityInsights/incidents/* | |
| Microsoft.OperationalInsights/workspaces/analytics/query/actionMicrosoft.OperationalInsights/workspaces/analytics/query/action | 使用新的引擎進行搜尋。Search using new engine. |
| Microsoft.OperationalInsights/workspaces/*/readMicrosoft.OperationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 取得工作區下的資料來源。Get datasources under a workspace. |
| Microsoft.OperationalInsights/workspaces/savedSearches/readMicrosoft.OperationalInsights/workspaces/savedSearches/read | 取得已儲存的搜尋查詢Gets a saved search query |
| Microsoft.OperationsManagement/solutions/readMicrosoft.OperationsManagement/solutions/read | 取得現有的 OMS 解決方案Get exiting OMS solution |
| Microsoft.OperationalInsights/workspaces/query/readMicrosoft.OperationalInsights/workspaces/query/read | 針對工作區中的資料執行查詢Run queries over the data in the workspace |
| Microsoft.OperationalInsights/workspaces/query/*/readMicrosoft.OperationalInsights/workspaces/query/*/read | |
| Microsoft.OperationalInsights/workspaces/dataSources/readMicrosoft.OperationalInsights/workspaces/dataSources/read | 取得工作區下的資料來源。Get datasources under a workspace. |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 讀取活頁簿Read a workbook |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Azure Sentinel Responder",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"name": "3e150937-b8fe-4cfb-8069-0eaf05ecd056",
"permissions": [
{
"actions": [
"Microsoft.SecurityInsights/*/read",
"Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action",
"Microsoft.SecurityInsights/cases/*",
"Microsoft.SecurityInsights/incidents/*",
"Microsoft.OperationalInsights/workspaces/analytics/query/action",
"Microsoft.OperationalInsights/workspaces/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.OperationalInsights/workspaces/savedSearches/read",
"Microsoft.OperationsManagement/solutions/read",
"Microsoft.OperationalInsights/workspaces/query/read",
"Microsoft.OperationalInsights/workspaces/query/*/read",
"Microsoft.OperationalInsights/workspaces/dataSources/read",
"Microsoft.Insights/workbooks/read",
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Sentinel Responder",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Key Vault 參與者Key Vault Contributor
可讓您管理金鑰保存庫,但無法存取它們。Lets you manage key vaults, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.KeyVault/*Microsoft.KeyVault/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| Microsoft.KeyVault/locations/deletedVaults/purge/actionMicrosoft.KeyVault/locations/deletedVaults/purge/action | 清除虛刪除的 Key VaultPurge a soft deleted key vault |
| Microsoft.KeyVault/hsmPools/*Microsoft.KeyVault/hsmPools/* | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage key vaults, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395",
"name": "f25e0fa2-a7c8-4377-a976-54943a77a395",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.KeyVault/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [
"Microsoft.KeyVault/locations/deletedVaults/purge/action",
"Microsoft.KeyVault/hsmPools/*"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Key Vault Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性系統管理員Security Admin
資訊安全中心的檢視和更新權限。View and update permissions for Security Center. 與「安全性讀者」角色的權限相同,還可以更新安全性原則及關閉警示和建議。Same permissions as the Security Reader role and can also update the security policy and dismiss alerts and recommendations.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Authorization/policyAssignments/*Microsoft.Authorization/policyAssignments/* | 建立及管理原則指派Create and manage policy assignments |
| Microsoft.Authorization/policyDefinitions/*Microsoft.Authorization/policyDefinitions/* | 建立及管理原則定義Create and manage policy definitions |
| Microsoft.Authorization/policySetDefinitions/*Microsoft.Authorization/policySetDefinitions/* | 建立及管理原則集合Create and manage policy sets |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Security/*Microsoft.Security/* | 建立和管理安全性元件和原則Create and manage security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Security Admin Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd",
"name": "fb1c8493-542b-48eb-b624-b4c8fea62acd",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Authorization/policyAssignments/*",
"Microsoft.Authorization/policyDefinitions/*",
"Microsoft.Authorization/policySetDefinitions/*",
"Microsoft.Insights/alertRules/*",
"Microsoft.Management/managementGroups/read",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Admin",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性評量參與者Security Assessment Contributor
可讓您將評量推送至資訊安全中心Lets you push assessments to Security Center
| 動作Actions | |
| Microsoft.Security/assessments/writeMicrosoft.Security/assessments/write | 在您的訂用帳戶上建立或更新安全性評量Create or update security assessments on your subscription |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you push assessments to Security Center",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"name": "612c2aa1-cb24-443b-ac28-3ab7272de6f5",
"permissions": [
{
"actions": [
"Microsoft.Security/assessments/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Assessment Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性管理員 (舊版)Security Manager (Legacy)
此為舊版角色。This is a legacy role. 請改用「安全性系統管理員」。Please use Security Admin instead.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.ClassicCompute/*/readMicrosoft.ClassicCompute/*/read | 讀取傳統虛擬機器的設定資訊Read configuration information classic virtual machines |
| Microsoft.ClassicCompute/virtualMachines/*/writeMicrosoft.ClassicCompute/virtualMachines/*/write | 撰寫傳統虛擬機器的設定Write configuration for classic virtual machines |
| Microsoft.ClassicNetwork/*/readMicrosoft.ClassicNetwork/*/read | 讀取傳統網路的組態資訊Read configuration information about classic network |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Security/*Microsoft.Security/* | 建立和管理安全性元件和原則Create and manage security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "This is a legacy role. Please use Security Administrator instead",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"name": "e3d13bf0-dd5a-482e-ba6b-9b8433878d10",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.ClassicCompute/*/read",
"Microsoft.ClassicCompute/virtualMachines/*/write",
"Microsoft.ClassicNetwork/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Manager (Legacy)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
安全性讀取者Security Reader
資訊安全中心的檢視權限。View permissions for Security Center. 可以檢視建議、警示、安全性原則和安全性狀態,但無法變更。Can view recommendations, alerts, a security policy, and security states, but cannot make changes.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.operationalInsights/workspaces/*/readMicrosoft.operationalInsights/workspaces/*/read | 檢視記錄分析資料View log analytics data |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Security/*/readMicrosoft.Security/*/read | 讀取安全性元件和原則Read security components and policies |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Security Reader Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"name": "39bc4728-0917-49c7-9d2c-d95423bc2eb4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.operationalInsights/workspaces/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Security/*/read",
"Microsoft.Support/*",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Security Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
DevOpsDevOps
DevTest Labs 使用者DevTest Labs User
可讓您連線、啟動、重新啟及關閉您 Azure DevTest Labs 中的虛擬機器。Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Compute/availabilitySets/readMicrosoft.Compute/availabilitySets/read | 取得可用性設定組的屬性Get the properties of an availability set |
| Microsoft.Compute/virtualMachines/*/readMicrosoft.Compute/virtualMachines/*/read | 讀取虛擬機器的屬性 (VM 大小、執行階段狀態、VM 擴充功能等)Read the properties of a virtual machine (VM sizes, runtime status, VM extensions, etc.) |
| Microsoft.Compute/virtualMachines/deallocate/actionMicrosoft.Compute/virtualMachines/deallocate/action | 關閉虛擬機器的電源,並將計算資源釋出Powers off the virtual machine and releases the compute resources |
| Microsoft.Compute/virtualMachines/readMicrosoft.Compute/virtualMachines/read | 取得虛擬機器的屬性Get the properties of a virtual machine |
| Microsoft.Compute/virtualMachines/restart/actionMicrosoft.Compute/virtualMachines/restart/action | 重新啟動虛擬機器Restarts the virtual machine |
| Microsoft.Compute/virtualMachines/start/actionMicrosoft.Compute/virtualMachines/start/action | 啟動虛擬機器Starts the virtual machine |
| Microsoft.DevTestLab/*/readMicrosoft.DevTestLab/*/read | 讀取實驗室的屬性Read the properties of a lab |
| Microsoft.DevTestLab/labs/claimAnyVm/actionMicrosoft.DevTestLab/labs/claimAnyVm/action | 在實驗室中宣告隨機的可宣告虛擬機器。Claim a random claimable virtual machine in the lab. |
| Microsoft.DevTestLab/labs/createEnvironment/actionMicrosoft.DevTestLab/labs/createEnvironment/action | 在實驗室中建立虛擬機器。Create virtual machines in a lab. |
| Microsoft.DevTestLab/labs/ensureCurrentUserProfile/actionMicrosoft.DevTestLab/labs/ensureCurrentUserProfile/action | 請確認目前的使用者在實驗室中具備有效的設定檔。Ensure the current user has a valid profile in the lab. |
| Microsoft.DevTestLab/labs/formulas/deleteMicrosoft.DevTestLab/labs/formulas/delete | 刪除公式。Delete formulas. |
| Microsoft.DevTestLab/labs/formulas/readMicrosoft.DevTestLab/labs/formulas/read | 讀取公式。Read formulas. |
| Microsoft.DevTestLab/labs/formulas/writeMicrosoft.DevTestLab/labs/formulas/write | 新增或修改公式。Add or modify formulas. |
| Microsoft.DevTestLab/labs/policySets/evaluatePolicies/actionMicrosoft.DevTestLab/labs/policySets/evaluatePolicies/action | 評估實驗室原則。Evaluates lab policy. |
| Microsoft.DevTestLab/labs/virtualMachines/claim/actionMicrosoft.DevTestLab/labs/virtualMachines/claim/action | 取得現有虛擬機器的擁有權Take ownership of an existing virtual machine |
| Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/actionMicrosoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action | 列出適用的啟動/停止排程 (若有的話)。Lists the applicable start/stop schedules, if any. |
| Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/actionMicrosoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action | 取得代表虛擬機器 RDP 檔案內容的字串Gets a string that represents the contents of the RDP file for the virtual machine |
| Microsoft.Network/loadBalancers/backendAddressPools/join/actionMicrosoft.Network/loadBalancers/backendAddressPools/join/action | 加入負載平衡器後端位址集區。Joins a load balancer backend address pool. 不可警示。Not Alertable. |
| Microsoft.Network/loadBalancers/inboundNatRules/join/actionMicrosoft.Network/loadBalancers/inboundNatRules/join/action | 加入負載平衡器輸入 nat 規則。Joins a load balancer inbound nat rule. 不可警示。Not Alertable. |
| Microsoft.Network/networkInterfaces/*/readMicrosoft.Network/networkInterfaces/*/read | 讀取網路介面的屬性 (例如網路介面所屬的所有負載平衡器)Read the properties of a network interface (for example, all the load balancers that the network interface is a part of) |
| Microsoft.Network/networkInterfaces/join/actionMicrosoft.Network/networkInterfaces/join/action | 將虛擬機器加入網路介面。Joins a Virtual Machine to a network interface. 不可警示。Not Alertable. |
| Microsoft.Network/networkInterfaces/readMicrosoft.Network/networkInterfaces/read | 取得網路介面定義。Gets a network interface definition. |
| Microsoft.Network/networkInterfaces/writeMicrosoft.Network/networkInterfaces/write | 建立網路介面,或更新現有的網路介面。Creates a network interface or updates an existing network interface. |
| Microsoft.Network/publicIPAddresses/*/readMicrosoft.Network/publicIPAddresses/*/read | 讀取公用 IP 位址的屬性Read the properties of a public IP address |
| Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action | 加入公用 IP 位址。Joins a public ip address. 不可警示。Not Alertable. |
| Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read | 取得公用 IP 位址定義。Gets a public ip address definition. |
| Microsoft.Network/virtualNetworks/subnets/join/actionMicrosoft.Network/virtualNetworks/subnets/join/action | 加入虛擬網路。Joins a virtual network. 不可警示。Not Alertable. |
| Microsoft.Resources/deployments/operations/readMicrosoft.Resources/deployments/operations/read | 取得或列出部署作業。Gets or lists deployment operations. |
| Microsoft.Resources/deployments/readMicrosoft.Resources/deployments/read | 取得或列出部署。Gets or lists deployments. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/listKeys/action | 傳回指定儲存體帳戶的存取金鑰。Returns the access keys for the specified storage account. |
| NotActionsNotActions | |
| Microsoft.Compute/virtualMachines/vmSizes/readMicrosoft.Compute/virtualMachines/vmSizes/read | 列出虛擬機器所能更新成的大小Lists available sizes the virtual machine can be updated to |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you connect, start, restart, and shutdown your virtual machines in your Azure DevTest Labs.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64",
"name": "76283e04-6283-4c54-8f91-bcf1374a3c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Compute/availabilitySets/read",
"Microsoft.Compute/virtualMachines/*/read",
"Microsoft.Compute/virtualMachines/deallocate/action",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachines/restart/action",
"Microsoft.Compute/virtualMachines/start/action",
"Microsoft.DevTestLab/*/read",
"Microsoft.DevTestLab/labs/claimAnyVm/action",
"Microsoft.DevTestLab/labs/createEnvironment/action",
"Microsoft.DevTestLab/labs/ensureCurrentUserProfile/action",
"Microsoft.DevTestLab/labs/formulas/delete",
"Microsoft.DevTestLab/labs/formulas/read",
"Microsoft.DevTestLab/labs/formulas/write",
"Microsoft.DevTestLab/labs/policySets/evaluatePolicies/action",
"Microsoft.DevTestLab/labs/virtualMachines/claim/action",
"Microsoft.DevTestLab/labs/virtualmachines/listApplicableSchedules/action",
"Microsoft.DevTestLab/labs/virtualMachines/getRdpFileContents/action",
"Microsoft.Network/loadBalancers/backendAddressPools/join/action",
"Microsoft.Network/loadBalancers/inboundNatRules/join/action",
"Microsoft.Network/networkInterfaces/*/read",
"Microsoft.Network/networkInterfaces/join/action",
"Microsoft.Network/networkInterfaces/read",
"Microsoft.Network/networkInterfaces/write",
"Microsoft.Network/publicIPAddresses/*/read",
"Microsoft.Network/publicIPAddresses/join/action",
"Microsoft.Network/publicIPAddresses/read",
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Resources/deployments/operations/read",
"Microsoft.Resources/deployments/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/listKeys/action"
],
"notActions": [
"Microsoft.Compute/virtualMachines/vmSizes/read"
],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "DevTest Labs User",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
實驗室建立者Lab Creator
可讓您在「Azure 實驗室帳戶」下建立、管理、刪除您的受控實驗室。Lets you create, manage, delete your managed labs under your Azure Lab Accounts.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.LabServices/labAccounts/*/readMicrosoft.LabServices/labAccounts/*/read | |
| Microsoft.LabServices/labAccounts/createLab/actionMicrosoft.LabServices/labAccounts/createLab/action | 在實驗室帳戶中建立實驗室。Create a lab in a lab account. |
| Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/sizes/getRegionalAvailability/action | |
| Microsoft.LabServices/labAccounts/getRegionalAvailability/actionMicrosoft.LabServices/labAccounts/getRegionalAvailability/action | 取得在實驗室帳戶下設定的每個大小類別的區域可用性資訊Get regional availability information for each size category configured under a lab account |
| Microsoft.LabServices/labAccounts/getPricingAndAvailability/actionMicrosoft.LabServices/labAccounts/getPricingAndAvailability/action | 依大小、地理位置和作業系統的各種組合,取得實驗室帳戶的價格和可用性。Get the pricing and availability of combinations of sizes, geographies, and operating systems for the lab account. |
| Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/actionMicrosoft.LabServices/labAccounts/getRestrictionsAndUsage/action | 取得此訂用帳戶的核心限制及使用量Get core restrictions and usage for this subscription |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you create, manage, delete your managed labs under your Azure Lab Accounts.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"name": "b97fb8bc-a8b2-4522-a38b-dd33c7e65ead",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.LabServices/labAccounts/*/read",
"Microsoft.LabServices/labAccounts/createLab/action",
"Microsoft.LabServices/labAccounts/sizes/getRegionalAvailability/action",
"Microsoft.LabServices/labAccounts/getRegionalAvailability/action",
"Microsoft.LabServices/labAccounts/getPricingAndAvailability/action",
"Microsoft.LabServices/labAccounts/getRestrictionsAndUsage/action",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Lab Creator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視Monitor
Application Insights 元件參與者Application Insights Component Contributor
可以管理 Application Insights 元件Can manage Application Insights components
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統警示規則Create and manage classic alert rules |
| Microsoft.Insights/metricAlerts/*Microsoft.Insights/metricAlerts/* | 建立和管理新的警示規則Create and manage new alert rules |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | 建立和管理 Insights 元件Create and manage Insights components |
| Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* | 建立和管理 Insights web 測試Create and manage Insights web tests |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage Application Insights components",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e",
"name": "ae349356-3a1b-4a5e-921d-050484c6347e",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/metricAlerts/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/webtests/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Component Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Application Insights 快照集偵錯工具Application Insights Snapshot Debugger
給予使用者權限,以便檢視及下載使用 Application Insights 快照偵錯工具所收集的偵錯快照。Gives user permission to view and download debug snapshots collected with the Application Insights Snapshot Debugger. 請注意,擁有者或參與者角色未包含這些權限。Note that these permissions are not included in the Owner or Contributor roles. 將 Application Insights 快照偵錯者角色指派給使用者時,您必須直接將此角色授與使用者。When giving users the Application Insights Snapshot Debugger role, you must grant the role directly to the user. 此角色若新增至自訂角色,則無法辨識。The role is not recognized when it is added to a custom role.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/components/*/readMicrosoft.Insights/components/*/read | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Gives user permission to use Application Insights Snapshot Debugger features",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"name": "08954f03-6346-4c2e-81c0-ec3a5cfae23b",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Insights/components/*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Application Insights Snapshot Debugger",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視參與者Monitoring Contributor
可以讀取所有監視資料並編輯監視設定。Can read all monitoring data and edit monitoring settings. 請參閱開始使用 Azure 監視器的角色、權限和安全性。See also Get started with roles, permissions, and security with Azure Monitor.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.AlertsManagement/alerts/*Microsoft.AlertsManagement/alerts/* | |
| Microsoft.AlertsManagement/alertsSummary/*Microsoft.AlertsManagement/alertsSummary/* | |
| Microsoft.Insights/actiongroups/*Microsoft.Insights/actiongroups/* | |
| Microsoft.Insights/activityLogAlerts/*Microsoft.Insights/activityLogAlerts/* | |
| Microsoft.Insights/AlertRules/*Microsoft.Insights/AlertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Insights/components/*Microsoft.Insights/components/* | 建立和管理 Insights 元件Create and manage Insights components |
| Microsoft.Insights/DiagnosticSettings/*Microsoft.Insights/DiagnosticSettings/* | 建立、更新或讀取 Analysis Server 的診斷設定Creates, updates, or reads the diagnostic setting for Analysis Server |
| Microsoft.Insights/eventtypes/*Microsoft.Insights/eventtypes/* | 列出訂用帳戶中的活動記錄檔事件 (管理事件)。List Activity Log events (management events) in a subscription. 此權限適用於以程式設計方式存取和入口網站存取活動記錄檔。This permission is applicable to both programmatic and portal access to the Activity Log. |
| Microsoft.Insights/LogDefinitions/*Microsoft.Insights/LogDefinitions/* | 此為使用者需要透過入口網站存取活動記錄時所需的權限。This permission is necessary for users who need access to Activity Logs via the portal. 列出活動記錄檔中的記錄檔分類。List log categories in Activity Log. |
| Microsoft.Insights/metricalerts/*Microsoft.Insights/metricalerts/* | |
| Microsoft.Insights/MetricDefinitions/*Microsoft.Insights/MetricDefinitions/* | 讀取度量定義 (可用資源的度量類型清單)。Read metric definitions (list of available metric types for a resource). |
| Microsoft.Insights/Metrics/*Microsoft.Insights/Metrics/* | 讀取資源的度量。Read metrics for a resource. |
| Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action | 註冊 Microsoft Insights 提供者Register the Microsoft Insights provider |
| Microsoft.Insights/scheduledqueryrules/*Microsoft.Insights/scheduledqueryrules/* | |
| Microsoft.Insights/webtests/*Microsoft.Insights/webtests/* | 建立和管理 Insights web 測試Create and manage Insights web tests |
| Microsoft.Insights/workbooks/*Microsoft.Insights/workbooks/* | |
| Microsoft.Insights/privateLinkScopes/*Microsoft.Insights/privateLinkScopes/* | |
| Microsoft.Insights/privateLinkScopeOperationStatuses/*Microsoft.Insights/privateLinkScopeOperationStatuses/* | |
| Microsoft.OperationalInsights/workspaces/writeMicrosoft.OperationalInsights/workspaces/write | 建立新的工作區,或藉由提供來自現有工作區的客戶識別碼來連結至現有工作區。Creates a new workspace or links to an existing workspace by providing the customer id from the existing workspace. |
| Microsoft.OperationalInsights/workspaces/intelligencepacks/*Microsoft.OperationalInsights/workspaces/intelligencepacks/* | 讀取/寫入/刪除記錄分析解決方案套件。Read/write/delete log analytics solution packs. |
| Microsoft.OperationalInsights/workspaces/savedSearches/*Microsoft.OperationalInsights/workspaces/savedSearches/* | 讀取/寫入/刪除記錄分析已儲存的搜尋。Read/write/delete log analytics saved searches. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢Executes a search query |
| Microsoft.OperationalInsights/workspaces/sharedKeys/actionMicrosoft.OperationalInsights/workspaces/sharedKeys/action | 擷取工作區的共用金鑰。Retrieves the shared keys for the workspace. 這些金鑰可用來將 Microsoft Operational Insights 代理程式連線到工作區。These keys are used to connect Microsoft Operational Insights agents to the workspace. |
| Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*Microsoft.OperationalInsights/workspaces/storageinsightconfigs/* | 讀取/寫入/刪除記錄分析儲存體深入解析設定。Read/write/delete log analytics storage insight configurations. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.WorkloadMonitor/monitors/*Microsoft.WorkloadMonitor/monitors/* | |
| Microsoft.WorkloadMonitor/notificationSettings/*Microsoft.WorkloadMonitor/notificationSettings/* | |
| Microsoft.AlertsManagement/smartDetectorAlertRules/*Microsoft.AlertsManagement/smartDetectorAlertRules/* | |
| Microsoft.AlertsManagement/actionRules/*Microsoft.AlertsManagement/actionRules/* | |
| Microsoft.AlertsManagement/smartGroups/*Microsoft.AlertsManagement/smartGroups/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data and update monitoring settings.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"name": "749f88d5-cbae-40b8-bcfc-e573ddc772fa",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.AlertsManagement/alerts/*",
"Microsoft.AlertsManagement/alertsSummary/*",
"Microsoft.Insights/actiongroups/*",
"Microsoft.Insights/activityLogAlerts/*",
"Microsoft.Insights/AlertRules/*",
"Microsoft.Insights/components/*",
"Microsoft.Insights/DiagnosticSettings/*",
"Microsoft.Insights/eventtypes/*",
"Microsoft.Insights/LogDefinitions/*",
"Microsoft.Insights/metricalerts/*",
"Microsoft.Insights/MetricDefinitions/*",
"Microsoft.Insights/Metrics/*",
"Microsoft.Insights/Register/Action",
"Microsoft.Insights/scheduledqueryrules/*",
"Microsoft.Insights/webtests/*",
"Microsoft.Insights/workbooks/*",
"Microsoft.Insights/privateLinkScopes/*",
"Microsoft.Insights/privateLinkScopeOperationStatuses/*",
"Microsoft.OperationalInsights/workspaces/write",
"Microsoft.OperationalInsights/workspaces/intelligencepacks/*",
"Microsoft.OperationalInsights/workspaces/savedSearches/*",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.OperationalInsights/workspaces/sharedKeys/action",
"Microsoft.OperationalInsights/workspaces/storageinsightconfigs/*",
"Microsoft.Support/*",
"Microsoft.WorkloadMonitor/monitors/*",
"Microsoft.WorkloadMonitor/notificationSettings/*",
"Microsoft.AlertsManagement/smartDetectorAlertRules/*",
"Microsoft.AlertsManagement/actionRules/*",
"Microsoft.AlertsManagement/smartGroups/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視計量發行者Monitoring Metrics Publisher
針對 Azure 資源啟用發佈計量Enables publishing metrics against Azure resources
| 動作Actions | |
| Microsoft.Insights/Register/ActionMicrosoft.Insights/Register/Action | 註冊 Microsoft Insights 提供者Register the Microsoft Insights provider |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.Insights/Metrics/WriteMicrosoft.Insights/Metrics/Write | 寫入計量Write metrics |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Enables publishing metrics against Azure resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb",
"name": "3913510d-42f4-4e42-8a64-420c390055eb",
"permissions": [
{
"actions": [
"Microsoft.Insights/Register/Action",
"Microsoft.Support/*",
"Microsoft.Resources/subscriptions/resourceGroups/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Insights/Metrics/Write"
],
"notDataActions": []
}
],
"roleName": "Monitoring Metrics Publisher",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
監視讀取器Monitoring Reader
可以讀取所有監視資料 (計量、記錄等等)。Can read all monitoring data (metrics, logs, etc.). 請參閱開始使用 Azure 監視器的角色、權限和安全性。See also Get started with roles, permissions, and security with Azure Monitor.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.OperationalInsights/workspaces/search/actionMicrosoft.OperationalInsights/workspaces/search/action | 執行搜尋查詢Executes a search query |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can read all monitoring data.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"name": "43d0d8ad-25c7-4714-9337-8ba259a9fe05",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.OperationalInsights/workspaces/search/action",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Monitoring Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
活頁簿參與者Workbook Contributor
可以儲存共用活頁簿。Can save shared workbooks.
| 動作Actions | |
| Microsoft.Insights/workbooks/writeMicrosoft.Insights/workbooks/write | 建立或更新活頁簿Create or update a workbook |
| Microsoft.Insights/workbooks/deleteMicrosoft.Insights/workbooks/delete | 刪除活頁簿Delete a workbook |
| Microsoft.Insights/workbooks/readMicrosoft.Insights/workbooks/read | 讀取活頁簿Read a workbook |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can save shared workbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"name": "e8ddcd69-c73f-4f9f-9844-4100522f16ad",
"permissions": [
{
"actions": [
"Microsoft.Insights/workbooks/write",
"Microsoft.Insights/workbooks/delete",
"Microsoft.Insights/workbooks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
活頁簿讀者Workbook Reader
可以讀取活頁簿。Can read workbooks.
| 動作Actions | |
| microsoft.insights/workbooks/readmicrosoft.insights/workbooks/read | 讀取活頁簿Read a workbook |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can read workbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"name": "b279062a-9be3-42a0-92ae-8b3cf002ec4d",
"permissions": [
{
"actions": [
"microsoft.insights/workbooks/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Workbook Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理和治理Management + governance
自動化作業運算子Automation Job Operator
使用「自動化 Runbook」來建立及管理作業。Create and Manage Jobs using Automation Runbooks.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 讀取混合式 Runbook 背景工作角色資源Reads Hybrid Runbook Worker Resources |
| Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read | 取得 Azure 自動化作業Gets an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action | 繼續 Azure 自動化作業Resumes an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自動化作業Stops an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read | 取得 Azure 自動化作業串流Gets an Azure Automation job stream |
| Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action | 暫止 Azure 自動化作業Suspends an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write | 建立 Azure 自動化作業Creates an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read | 取得作業的輸出Gets the output of a job |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Create and Manage Jobs using Automation Runbooks.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f",
"name": "4fe576fe-1146-4730-92eb-48519fa6bf9f",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Job Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化運算子Automation Operator
「自動化運算子」能夠啟動、停止、暫止及繼續作業Automation Operators are able to start, stop, suspend, and resume jobs
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/readMicrosoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read | 讀取混合式 Runbook 背景工作角色資源Reads Hybrid Runbook Worker Resources |
| Microsoft.Automation/automationAccounts/jobs/readMicrosoft.Automation/automationAccounts/jobs/read | 取得 Azure 自動化作業Gets an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/resume/actionMicrosoft.Automation/automationAccounts/jobs/resume/action | 繼續 Azure 自動化作業Resumes an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/stop/actionMicrosoft.Automation/automationAccounts/jobs/stop/action | 停止 Azure 自動化作業Stops an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/streams/readMicrosoft.Automation/automationAccounts/jobs/streams/read | 取得 Azure 自動化作業串流Gets an Azure Automation job stream |
| Microsoft.Automation/automationAccounts/jobs/suspend/actionMicrosoft.Automation/automationAccounts/jobs/suspend/action | 暫止 Azure 自動化作業Suspends an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobs/writeMicrosoft.Automation/automationAccounts/jobs/write | 建立 Azure 自動化作業Creates an Azure Automation job |
| Microsoft.Automation/automationAccounts/jobSchedules/readMicrosoft.Automation/automationAccounts/jobSchedules/read | 取得 Azure 自動化作業排程Gets an Azure Automation job schedule |
| Microsoft.Automation/automationAccounts/jobSchedules/writeMicrosoft.Automation/automationAccounts/jobSchedules/write | 建立 Azure 自動化作業排程Creates an Azure Automation job schedule |
| Microsoft.Automation/automationAccounts/linkedWorkspace/readMicrosoft.Automation/automationAccounts/linkedWorkspace/read | 取得連結至自動化帳戶的工作區Gets the workspace linked to the automation account |
| Microsoft.Automation/automationAccounts/readMicrosoft.Automation/automationAccounts/read | 取得 Azure 自動化帳戶Gets an Azure Automation account |
| Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read | 取得 Azure 自動化 RunbookGets an Azure Automation runbook |
| Microsoft.Automation/automationAccounts/schedules/readMicrosoft.Automation/automationAccounts/schedules/read | 取得 Azure 自動化排程資產Gets an Azure Automation schedule asset |
| Microsoft.Automation/automationAccounts/schedules/writeMicrosoft.Automation/automationAccounts/schedules/write | 建立或更新 Azure 自動化排程資產Creates or updates an Azure Automation schedule asset |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Automation/automationAccounts/jobs/output/readMicrosoft.Automation/automationAccounts/jobs/output/read | 取得作業的輸出Gets the output of a job |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Automation Operators are able to start, stop, suspend, and resume jobs",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404",
"name": "d3881f73-407a-4167-8283-e981cbba0404",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/read",
"Microsoft.Automation/automationAccounts/jobs/read",
"Microsoft.Automation/automationAccounts/jobs/resume/action",
"Microsoft.Automation/automationAccounts/jobs/stop/action",
"Microsoft.Automation/automationAccounts/jobs/streams/read",
"Microsoft.Automation/automationAccounts/jobs/suspend/action",
"Microsoft.Automation/automationAccounts/jobs/write",
"Microsoft.Automation/automationAccounts/jobSchedules/read",
"Microsoft.Automation/automationAccounts/jobSchedules/write",
"Microsoft.Automation/automationAccounts/linkedWorkspace/read",
"Microsoft.Automation/automationAccounts/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Automation/automationAccounts/schedules/read",
"Microsoft.Automation/automationAccounts/schedules/write",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Automation/automationAccounts/jobs/output/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
自動化 Runbook 運算子Automation Runbook Operator
讀取 Runbook 屬性 - 以便能夠建立 Runbook 的作業。Read Runbook properties - to be able to create Jobs of the runbook.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Automation/automationAccounts/runbooks/readMicrosoft.Automation/automationAccounts/runbooks/read | 取得 Azure 自動化 RunbookGets an Azure Automation runbook |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Read Runbook properties - to be able to create Jobs of the runbook.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"name": "5fb5aef8-1081-4b8e-bb16-9d5d0385bab5",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Automation/automationAccounts/runbooks/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Automation Runbook Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 上線Azure Connected Machine Onboarding
可以讓 Azure Connected Machine 上線。Can onboard Azure Connected Machines.
| 動作Actions | |
| Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器Read any Azure Arc machines |
| Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write | 寫入 Azure Arc 機器Writes an Azure Arc machines |
| Microsoft.GuestConfiguration/guestConfigurationAssignments/readMicrosoft.GuestConfiguration/guestConfigurationAssignments/read | 取得來賓組態指派。Get guest configuration assignment. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can onboard Azure Connected Machines.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"name": "b64e21ea-ac4e-4cdf-9dc9-5b892992bee7",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.GuestConfiguration/guestConfigurationAssignments/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Onboarding",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Azure Connected Machine 資源管理員Azure Connected Machine Resource Administrator
可以讀取、寫入、刪除 Azure Connected Machine 及使之重新上線。Can read, write, delete and re-onboard Azure Connected Machines.
| 動作Actions | |
| Microsoft.HybridCompute/machines/readMicrosoft.HybridCompute/machines/read | 讀取任何 Azure Arc 機器Read any Azure Arc machines |
| Microsoft.HybridCompute/machines/writeMicrosoft.HybridCompute/machines/write | 寫入 Azure Arc 機器Writes an Azure Arc machines |
| Microsoft.HybridCompute/machines/deleteMicrosoft.HybridCompute/machines/delete | 刪除 Azure Arc 機器Deletes an Azure Arc machines |
| Microsoft.HybridCompute/machines/reconnect/actionMicrosoft.HybridCompute/machines/reconnect/action | 重新連接 Azure Arc 機器Reconnects an Azure Arc machines |
| Microsoft.HybridCompute/machines/extensions/writeMicrosoft.HybridCompute/machines/extensions/write | 安裝或更新 Azure Arc 擴充Installs or Updates an Azure Arc extensions |
| Microsoft.HybridCompute/*/readMicrosoft.HybridCompute/*/read | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can read, write, delete and re-onboard Azure Connected Machines.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302",
"name": "cd570a14-e51a-42ad-bac8-bafd67325302",
"permissions": [
{
"actions": [
"Microsoft.HybridCompute/machines/read",
"Microsoft.HybridCompute/machines/write",
"Microsoft.HybridCompute/machines/delete",
"Microsoft.HybridCompute/machines/reconnect/action",
"Microsoft.HybridCompute/machines/extensions/write",
"Microsoft.HybridCompute/*/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Azure Connected Machine Resource Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
帳單讀取器Billing Reader
允許對計費資料進行讀取存取Allows read access to billing data
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Billing/*/readMicrosoft.Billing/*/read | 讀取帳單資訊Read Billing information |
| Microsoft.Commerce/*/readMicrosoft.Commerce/*/read | |
| Microsoft.Consumption/*/readMicrosoft.Consumption/*/read | |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read | |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to billing data",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"name": "fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Billing/*/read",
"Microsoft.Commerce/*/read",
"Microsoft.Consumption/*/read",
"Microsoft.Management/managementGroups/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Billing Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖參與者Blueprint Contributor
可以管理藍圖定義,但不能加以指派。Can manage blueprint definitions, but not assign them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Blueprint/blueprints/*Microsoft.Blueprint/blueprints/* | 建立和管理藍圖定義或藍圖成品。Create and manage blueprint definitions or blueprint artifacts. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can manage blueprint definitions, but not assign them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4",
"name": "41077137-e803-4205-871c-5a86e6a753b4",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprints/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
藍圖操作員Blueprint Operator
可以指派現有已發佈的藍圖,但無法建立新的藍圖。Can assign existing published blueprints, but cannot create new blueprints. 請注意,只有在以使用者指派的受控識別來指派時才有效。Note that this only works if the assignment is done with a user-assigned managed identity.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Blueprint/blueprintAssignments/*Microsoft.Blueprint/blueprintAssignments/* | 建立和管理藍圖指派。Create and manage blueprint assignments. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can assign existing published blueprints, but cannot create new blueprints. NOTE: this only works if the assignment is done with a user-assigned managed identity.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090",
"name": "437d2ced-4a38-4302-8479-ed2bcb43d090",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Blueprint/blueprintAssignments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Blueprint Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理參與者Cost Management Contributor
可檢視成本和管理成本組態 (例如預算、匯出)Can view costs and manage cost configuration (e.g. budgets, exports)
| 動作Actions | |
| Microsoft.Consumption/*Microsoft.Consumption/* | |
| Microsoft.CostManagement/*Microsoft.CostManagement/* | |
| Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 取得訂用帳戶清單。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read | 取得組態Get configurations |
| Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read | 讀取建議Reads recommendations |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can view costs and manage cost configuration (e.g. budgets, exports)",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430",
"name": "434105ed-43f6-45c7-a02f-909b2ba83430",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*",
"Microsoft.CostManagement/*",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
成本管理讀者Cost Management Reader
可檢視成本資料和組態 (例如預算、匯出)Can view cost data and configuration (e.g. budgets, exports)
| 動作Actions | |
| Microsoft.Consumption/*/readMicrosoft.Consumption/*/read | |
| Microsoft.CostManagement/*/readMicrosoft.CostManagement/*/read | |
| Microsoft.Billing/billingPeriods/readMicrosoft.Billing/billingPeriods/read | |
| Microsoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/read | 取得訂用帳戶清單。Gets the list of subscriptions. |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| Microsoft.Advisor/configurations/readMicrosoft.Advisor/configurations/read | 取得組態Get configurations |
| Microsoft.Advisor/recommendations/readMicrosoft.Advisor/recommendations/read | 讀取建議Reads recommendations |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Can view cost data and configuration (e.g. budgets, exports)",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3",
"name": "72fafb9e-0641-4937-9268-a91bfd8191a3",
"permissions": [
{
"actions": [
"Microsoft.Consumption/*/read",
"Microsoft.CostManagement/*/read",
"Microsoft.Billing/billingPeriods/read",
"Microsoft.Resources/subscriptions/read",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"Microsoft.Advisor/configurations/read",
"Microsoft.Advisor/recommendations/read",
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Cost Management Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
階層設定管理員Hierarchy Settings Administrator
允許使用者編輯和刪除階層設定Allows users to edit and delete Hierarchy Settings
| 動作Actions | |
| Microsoft.Management/managementGroups/settings/writeMicrosoft.Management/managementGroups/settings/write | 建立或更新管理群組階層設定。Creates or updates management group hierarchy settings. |
| Microsoft.Management/managementGroups/settings/deleteMicrosoft.Management/managementGroups/settings/delete | 刪除管理群組階層設定。Deletes management group hierarchy settings. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows users to edit and delete Hierarchy Settings",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d",
"name": "350f8d15-c687-4448-8ae1-157740a3936d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/settings/write",
"Microsoft.Management/managementGroups/settings/delete"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Hierarchy Settings Administrator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式參與者角色Managed Application Contributor Role
允許建立受控應用程式資源。Allows for creating managed application resources.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Solutions/applications/*Microsoft.Solutions/applications/* | |
| Microsoft.Solutions/register/actionMicrosoft.Solutions/register/action | 向 Solutions 註冊。Register to Solutions. |
| Microsoft.Resources/subscriptions/resourceGroups/*Microsoft.Resources/subscriptions/resourceGroups/* | |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows for creating managed application resources.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e",
"name": "641177b8-a67a-45b9-a033-47bc880bb21e",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/*",
"Microsoft.Solutions/register/action",
"Microsoft.Resources/subscriptions/resourceGroups/*",
"Microsoft.Resources/deployments/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Contributor Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式操作員角色Managed Application Operator Role
可讓您讀取受控應用程式資源及對其執行動作Lets you read and perform actions on Managed Application resources
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Solutions/applications/readMicrosoft.Solutions/applications/read | 擷取應用程式清單。Retrieves a list of applications. |
| Microsoft.Solutions/*/actionMicrosoft.Solutions/*/action | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read and perform actions on Managed Application resources",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae",
"name": "c7393b34-138c-406f-901b-d8cf2b17e6ae",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Solutions/applications/read",
"Microsoft.Solutions/*/action"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Application Operator Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控應用程式讀者Managed Applications Reader
可讓您讀取受控應用程式中的資源及要求 JIT 存取權。Lets you read resources in a managed app and request JIT access.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Solutions/jitRequests/*Microsoft.Solutions/jitRequests/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you read resources in a managed app and request JIT access.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44",
"name": "b9331d33-8a36-4f8c-b097-4f54124fdb44",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Solutions/jitRequests/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Applications Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
受控服務註冊指派刪除角色Managed Services Registration assignment Delete Role
「受控服務註冊指派刪除角色」可讓管理租用戶使用者刪除指派給其租用戶的註冊指派。Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.
| 動作Actions | |
| Microsoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationAssignments/read | 取出受控服務註冊指派的清單。Retrieves a list of Managed Services registration assignments. |
| Microsoft.ManagedServices/registrationAssignments/deleteMicrosoft.ManagedServices/registrationAssignments/delete | 移除受控服務註冊指派。Removes Managed Services registration assignment. |
| Microsoft.ManagedServices/operationStatuses/readMicrosoft.ManagedServices/operationStatuses/read | 讀取資源的作業狀態。Reads the operation status for the resource. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Managed Services Registration Assignment Delete Role allows the managing tenant users to delete the registration assignment assigned to their tenant.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46",
"name": "91c1777a-f3dc-4fae-b103-61d183457e46",
"permissions": [
{
"actions": [
"Microsoft.ManagedServices/registrationAssignments/read",
"Microsoft.ManagedServices/registrationAssignments/delete",
"Microsoft.ManagedServices/operationStatuses/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Managed Services Registration assignment Delete Role",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組參與者Management Group Contributor
管理群組參與者角色Management Group Contributor Role
| 動作Actions | |
| Microsoft.Management/managementGroups/deleteMicrosoft.Management/managementGroups/delete | 刪除管理群組。Delete management group. |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| Microsoft.Management/managementGroups/subscriptions/deleteMicrosoft.Management/managementGroups/subscriptions/delete | 從管理群組中取消訂用帳戶的關聯。De-associates subscription from the management group. |
| Microsoft.Management/managementGroups/subscriptions/writeMicrosoft.Management/managementGroups/subscriptions/write | 將現有的訂用帳戶關聯至管理群組。Associates existing subscription with the management group. |
| Microsoft.Management/managementGroups/writeMicrosoft.Management/managementGroups/write | 建立或更新管理群組。Create or update a management group. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Contributor Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"name": "5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/delete",
"Microsoft.Management/managementGroups/read",
"Microsoft.Management/managementGroups/subscriptions/delete",
"Microsoft.Management/managementGroups/subscriptions/write",
"Microsoft.Management/managementGroups/write"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
管理群組讀者Management Group Reader
管理群組讀者角色Management Group Reader Role
| 動作Actions | |
| Microsoft.Management/managementGroups/readMicrosoft.Management/managementGroups/read | 列出已驗證之使用者的管理群組。List management groups for the authenticated user. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Management Group Reader Role",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d",
"name": "ac63b705-f282-497d-ac71-919bf39d939d",
"permissions": [
{
"actions": [
"Microsoft.Management/managementGroups/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Management Group Reader",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
New Relic APM 帳戶參與者New Relic APM Account Contributor
可讓您管理 New Relic Application Performance Management 帳戶及應用程式,但無法存取它們。Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NewRelic.APM/accounts/*NewRelic.APM/accounts/* | |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage New Relic Application Performance Management accounts and applications, but not access to them.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237",
"name": "5d28c62d-5b37-4476-8438-e587778df237",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Support/*",
"NewRelic.APM/accounts/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "New Relic APM Account Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
原則深入解析資料寫入者 (預覽)Policy Insights Data Writer (Preview)
允許讀取資源原則及寫入資源元件原則事件。Allows read access to resource policies and write access to resource component policy events.
| 動作Actions | |
| Microsoft.Authorization/policyassignments/readMicrosoft.Authorization/policyassignments/read | 取得關於原則指派的資訊。Get information about a policy assignment. |
| Microsoft.Authorization/policydefinitions/readMicrosoft.Authorization/policydefinitions/read | 取得關於原則定義的資訊。Get information about a policy definition. |
| Microsoft.Authorization/policysetdefinitions/readMicrosoft.Authorization/policysetdefinitions/read | 取得原則集合定義的相關資訊。Get information about a policy set definition. |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| Microsoft.PolicyInsights/checkDataPolicyCompliance/actionMicrosoft.PolicyInsights/checkDataPolicyCompliance/action | 根據資料原則檢查給定元件的合規性狀態。Check the compliance status of a given component against data policies. |
| Microsoft.PolicyInsights/policyEvents/logDataEvents/actionMicrosoft.PolicyInsights/policyEvents/logDataEvents/action | 記錄資源元件原則事件。Log the resource component policy events. |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Allows read access to resource policies and write access to resource component policy events.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84",
"name": "66bb4e9e-b016-4a94-8249-4c0511c2be84",
"permissions": [
{
"actions": [
"Microsoft.Authorization/policyassignments/read",
"Microsoft.Authorization/policydefinitions/read",
"Microsoft.Authorization/policysetdefinitions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.PolicyInsights/checkDataPolicyCompliance/action",
"Microsoft.PolicyInsights/policyEvents/logDataEvents/action"
],
"notDataActions": []
}
],
"roleName": "Policy Insights Data Writer (Preview)",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
資源原則參與者Resource Policy Contributor
有權建立/修改資源原則、建立支援票證及讀取資源/階層的使用者。Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.
| 動作Actions | |
| */read*/read | 讀取密碼以外的所有類型的資源。Read resources of all types, except secrets. |
| Microsoft.Authorization/policyassignments/*Microsoft.Authorization/policyassignments/* | 建立及管理原則指派Create and manage policy assignments |
| Microsoft.Authorization/policydefinitions/*Microsoft.Authorization/policydefinitions/* | 建立及管理原則定義Create and manage policy definitions |
| Microsoft.Authorization/policysetdefinitions/*Microsoft.Authorization/policysetdefinitions/* | 建立及管理原則集合Create and manage policy sets |
| Microsoft.PolicyInsights/*Microsoft.PolicyInsights/* | |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Users with rights to create/modify resource policy, create support ticket and read resources/hierarchy.",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608",
"name": "36243c78-bf99-498c-9df9-86d9f8d28608",
"permissions": [
{
"actions": [
"*/read",
"Microsoft.Authorization/policyassignments/*",
"Microsoft.Authorization/policydefinitions/*",
"Microsoft.Authorization/policysetdefinitions/*",
"Microsoft.PolicyInsights/*",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Resource Policy Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 參與者Site Recovery Contributor
可讓您管理 Site Recovery 服務,但無法建立保存庫和指派角色Lets you manage Site Recovery service except vault creation and role assignment
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業AllocateStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/certificates/writeMicrosoft.RecoveryServices/Vaults/certificates/write | 「更新資源憑證」作業會更新資源/保存庫的認證憑證。The Update Resource Certificate operation updates the resource/vault credential certificate. |
| Microsoft.RecoveryServices/Vaults/extendedInformation/*Microsoft.RecoveryServices/Vaults/extendedInformation/* | 建立和管理與保存庫相關的擴充資訊Create and manage extended info related to vault |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/*Microsoft.RecoveryServices/Vaults/registeredIdentities/* | 建立和管理註冊的身分識別Create and manage registered identities |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/*Microsoft.RecoveryServices/vaults/replicationAlertSettings/* | 建立或更新複寫警示設定Create or Update replication alert settings |
| Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件Read any Events |
| Microsoft.RecoveryServices/vaults/replicationFabrics/*Microsoft.RecoveryServices/vaults/replicationFabrics/* | 建立和管理複寫網狀架構Create and manage replication fabrics |
| Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業Create and manage replication jobs |
| Microsoft.RecoveryServices/vaults/replicationPolicies/*Microsoft.RecoveryServices/vaults/replicationPolicies/* | 建立和管理複寫原則Create and manage replication policies |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/* | 建立和管理復原計劃Create and manage recovery plans |
| Microsoft.RecoveryServices/Vaults/storageConfig/*Microsoft.RecoveryServices/Vaults/storageConfig/* | 建立和管理復原服務保存庫的儲存體設定Create and manage storage configuration of Recovery Services vault |
| Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read | 「保存庫權杖」作業可用來取得保存庫層級後端作業的保存庫權杖。The Vault Token operation can be used to get Vault Token for vault level backend operations. |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示Read alerts for the Recovery services vault |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.RecoveryServices/vaults/replicationOperationStatus/readMicrosoft.RecoveryServices/vaults/replicationOperationStatus/read | 讀取任何保存庫複寫作業狀態Read any Vault Replication Operation Status |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you manage Site Recovery service except vault creation and role assignment",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"name": "6670b86e-a3f7-4917-ac9b-5d6ab1be4567",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/certificates/write",
"Microsoft.RecoveryServices/Vaults/extendedInformation/*",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/*",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/*",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/*",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/*",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/*",
"Microsoft.RecoveryServices/Vaults/storageConfig/*",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.RecoveryServices/vaults/replicationOperationStatus/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Contributor",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 操作員Site Recovery Operator
可讓您容錯移轉及容錯回復,但無法執行其他 Site Recovery 管理作業Lets you failover and failback but not perform other Site Recovery management operations
| 動作Actions | |
| Microsoft.Authorization/*/readMicrosoft.Authorization/*/read | 讀取角色和角色指派Read roles and role assignments |
| Microsoft.Insights/alertRules/*Microsoft.Insights/alertRules/* | 建立和管理傳統計量警示Create and manage a classic metric alert |
| Microsoft.Network/virtualNetworks/readMicrosoft.Network/virtualNetworks/read | 取得虛擬網路定義Get the virtual network definition |
| Microsoft.RecoveryServices/locations/allocatedStamp/readMicrosoft.RecoveryServices/locations/allocatedStamp/read | GetAllocatedStamp 是服務所使用的內部作業GetAllocatedStamp is internal operation used by service |
| Microsoft.RecoveryServices/locations/allocateStamp/actionMicrosoft.RecoveryServices/locations/allocateStamp/action | AllocateStamp 是服務所使用的內部作業AllocateStamp is internal operation used by service |
| Microsoft.RecoveryServices/Vaults/extendedInformation/readMicrosoft.RecoveryServices/Vaults/extendedInformation/read | 「取得延伸資訊」作業會取得物件的延伸資訊,此延伸資訊代表 'vault' 類型的 Azure 資源The Get Extended Info operation gets an object's Extended Info representing the Azure resource of type ?vault? |
| Microsoft.RecoveryServices/Vaults/readMicrosoft.RecoveryServices/Vaults/read | 「取得保存庫」作業會取得物件,此物件代表 'vault' 類型的 Azure 資源The Get Vault operation gets an object representing the Azure resource of type 'vault' |
| Microsoft.RecoveryServices/Vaults/refreshContainers/readMicrosoft.RecoveryServices/Vaults/refreshContainers/read | |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read | 「取得作業結果」作業可用來取得以非同步方式提交之作業的作業狀態和結果The Get Operation Results operation can be used get the operation status and result for the asynchronously submitted operation |
| Microsoft.RecoveryServices/Vaults/registeredIdentities/readMicrosoft.RecoveryServices/Vaults/registeredIdentities/read | 「取得容器」作業可用來取得為資源註冊的容器。The Get Containers operation can be used get the containers registered for a resource. |
| Microsoft.RecoveryServices/vaults/replicationAlertSettings/readMicrosoft.RecoveryServices/vaults/replicationAlertSettings/read | 讀取任何警示設定Read any Alerts Settings |
| Microsoft.RecoveryServices/vaults/replicationEvents/readMicrosoft.RecoveryServices/vaults/replicationEvents/read | 讀取任何事件Read any Events |
| Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action | 檢查網狀架構的一致性Checks Consistency of the Fabric |
| Microsoft.RecoveryServices/vaults/replicationFabrics/readMicrosoft.RecoveryServices/vaults/replicationFabrics/read | 讀取任何網狀架構Read any Fabrics |
| Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action | 重新關聯閘道Reassociate Gateway |
| Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action | 更新網狀架構的憑證Renew Certificate for Fabric |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read | 讀取任何網路Read any Networks |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read | 讀取任何網路對應Read any Network Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read | 讀取任何保護容器Read any Protection Containers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read | 讀取任何可保護的項目Read any Protectable Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action | 套用復原點Apply Recovery Point |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action | 容錯移轉認可Failover Commit |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action | 計劃性容錯移轉Planned Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read | 讀取任何受保護的項目Read any Protected Items |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read | 讀取任何複寫復原點Read any Replication Recovery Points |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action | 修復複寫Repair replication |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action | 重新保護受保護的項目ReProtect Protected Item |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action | 切換保護容器Switch Protection Container |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action | Test FailoverTest Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action | 測試容錯移轉清理Test Failover Cleanup |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action | 容錯移轉Failover |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action | 更新行動服務Update Mobility Service |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read | 讀取任何保護容器對應Read any Protection Container Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read | 讀取任何復原服務提供者Read any Recovery Services Providers |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/actionMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action | 重新整理提供者Refresh Provider |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read | 讀取任何存放裝置分類Read any Storage Classifications |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read | 讀取任何存放裝置分類對應Read any Storage Classification Mappings |
| Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/readMicrosoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read | 讀取任何 vCenterRead any vCenters |
| Microsoft.RecoveryServices/vaults/replicationJobs/*Microsoft.RecoveryServices/vaults/replicationJobs/* | 建立和管理複寫作業Create and manage replication jobs |
| Microsoft.RecoveryServices/vaults/replicationPolicies/readMicrosoft.RecoveryServices/vaults/replicationPolicies/read | 讀取任何原則Read any Policies |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action | 容錯移轉認可復原方案Failover Commit Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action | 計劃性容錯移轉復原方案Planned Failover Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/readMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/read | 讀取任何復原方案Read any Recovery Plans |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action | 重新保護復原方案ReProtect Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action | 測試容錯移轉復原方案Test Failover Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action | 測試容錯移轉清理復原方案Test Failover Cleanup Recovery Plan |
| Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/actionMicrosoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action | 容錯移轉復原方案Failover Recovery Plan |
| Microsoft.RecoveryServices/Vaults/monitoringAlerts/*Microsoft.RecoveryServices/Vaults/monitoringAlerts/* | 讀取復原服務保存庫的警示Read alerts for the Recovery services vault |
| Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/readMicrosoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read | |
| Microsoft.RecoveryServices/Vaults/storageConfig/readMicrosoft.RecoveryServices/Vaults/storageConfig/read | |
| Microsoft.RecoveryServices/Vaults/tokenInfo/readMicrosoft.RecoveryServices/Vaults/tokenInfo/read | |
| Microsoft.RecoveryServices/Vaults/usages/readMicrosoft.RecoveryServices/Vaults/usages/read | 傳回復原服務保存庫的使用量詳細資料。Returns usage details for a Recovery Services Vault. |
| Microsoft.RecoveryServices/Vaults/vaultTokens/readMicrosoft.RecoveryServices/Vaults/vaultTokens/read | 「保存庫權杖」作業可用來取得保存庫層級後端作業的保存庫權杖。The Vault Token operation can be used to get Vault Token for vault level backend operations. |
| Microsoft.ResourceHealth/availabilityStatuses/readMicrosoft.ResourceHealth/availabilityStatuses/read | 取得指定範圍中所有資源的可用性狀態Gets the availability statuses for all resources in the specified scope |
| Microsoft.Resources/deployments/*Microsoft.Resources/deployments/* | 建立和管理部署Create and manage a deployment |
| Microsoft.Resources/subscriptions/resourceGroups/readMicrosoft.Resources/subscriptions/resourceGroups/read | 取得或列出資源群組。Gets or lists resource groups. |
| Microsoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/read | 傳回儲存體帳戶清單,或取得指定儲存體帳戶的屬性。Returns the list of storage accounts or gets the properties for the specified storage account. |
| Microsoft.Support/*Microsoft.Support/* | 建立和更新支援票證Create and update a support ticket |
| NotActionsNotActions | |
| 無none | |
| DataActionsDataActions | |
| 無none | |
| NotDataActionsNotDataActions | |
| 無none |
{
"assignableScopes": [
"/"
],
"description": "Lets you failover and failback but not perform other Site Recovery management operations",
"id": "/subscriptions/{subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca",
"name": "494ae006-db33-4328-bf46-533a6560a3ca",
"permissions": [
{
"actions": [
"Microsoft.Authorization/*/read",
"Microsoft.Insights/alertRules/*",
"Microsoft.Network/virtualNetworks/read",
"Microsoft.RecoveryServices/locations/allocatedStamp/read",
"Microsoft.RecoveryServices/locations/allocateStamp/action",
"Microsoft.RecoveryServices/Vaults/extendedInformation/read",
"Microsoft.RecoveryServices/Vaults/read",
"Microsoft.RecoveryServices/Vaults/refreshContainers/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/operationResults/read",
"Microsoft.RecoveryServices/Vaults/registeredIdentities/read",
"Microsoft.RecoveryServices/vaults/replicationAlertSettings/read",
"Microsoft.RecoveryServices/vaults/replicationEvents/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/checkConsistency/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/reassociateGateway/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/renewcertificate/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationNetworks/replicationNetworkMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectableItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/applyRecoveryPoint/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/recoveryPoints/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/repairReplication/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/switchprotection/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/unplannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectedItems/updateMobilityService/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationProtectionContainers/replicationProtectionContainerMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationRecoveryServicesProviders/refreshProvider/action",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationStorageClassifications/replicationStorageClassificationMappings/read",
"Microsoft.RecoveryServices/vaults/replicationFabrics/replicationvCenters/read",
"Microsoft.RecoveryServices/vaults/replicationJobs/*",
"Microsoft.RecoveryServices/vaults/replicationPolicies/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/failoverCommit/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/plannedFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/read",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/reProtect/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailover/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/testFailoverCleanup/action",
"Microsoft.RecoveryServices/vaults/replicationRecoveryPlans/unplannedFailover/action",
"Microsoft.RecoveryServices/Vaults/monitoringAlerts/*",
"Microsoft.RecoveryServices/Vaults/monitoringConfigurations/notificationConfiguration/read",
"Microsoft.RecoveryServices/Vaults/storageConfig/read",
"Microsoft.RecoveryServices/Vaults/tokenInfo/read",
"Microsoft.RecoveryServices/Vaults/usages/read",
"Microsoft.RecoveryServices/Vaults/vaultTokens/read",
"Microsoft.ResourceHealth/availabilityStatuses/read",
"Microsoft.Resources/deployments/*",
"Microsoft.Resources/subscriptions/resourceGroups/read",
"Microsoft.Storage/storageAccounts/read",
"Microsoft.Support/*"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"roleName": "Site Recovery Operator",
"roleType": "BuiltInRole",
"type": "Microsoft.Authorization/roleDefinitions"
}
Site Recovery 讀取者Site Recovery Reader
可讓您檢視 Site Recovery 狀態,但無法執行其他管理作業Lets you view Site Recovery status but not perform other management operations
| 動作 |